https://github.com/osquery/osquery logo
#general
Title
# general
d

demonbhao

09/03/2020, 6:36 AM
Hello Excuse me, osquery can detect SSH violent login Which tables should I use for testing?
s

seph

09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
a

alessandrogario

09/03/2020, 2:10 PM
brute force detection maybe?
d

demonbhao

09/04/2020, 1:30 AM
Yeah, brute force detection I learned that osQuery can generate an alarm when I do brute force detection?
s

seph

09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix
d

demonbhao

09/07/2020, 2:35 AM
Ok, I'll look into it again thank
2 Views