Hello
Excuse me, osquery can detect SSH violent login
Which tables should I use for testing?
s
seph
09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
a
alessandrogario
09/03/2020, 2:10 PM
brute force detection maybe?
d
demonbhao
09/04/2020, 1:30 AM
Yeah, brute force detection
I learned that osQuery can generate an alarm when I do brute force detection?
s
seph
09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
seph
09/04/2020, 5:39 PM
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix