Hello
Excuse me, osquery can detect SSH violent lo...
# generald
demonbhao
09/03/2020, 6:36 AMHello
Excuse me, osquery can detect SSH violent login
Which tables should I use for testing?
s
seph
09/03/2020, 2:09 PM
I'm not sure what this means. Can you clarify? Are you looking for all logins? Failed logins?
a
alessandrogario
09/03/2020, 2:10 PM
brute force detection maybe?
d
demonbhao
09/04/2020, 1:30 AMYeah, brute force detection
I learned that osQuery can generate an alarm when I do brute force detection?
s
seph
09/04/2020, 5:38 PM
What kind of alarms have you seen from osquery? I’m not sure I’m familiar with that features.
seph
09/04/2020, 5:39 PM
I’m not sure I’ve seen osquery used for this. Though it could be used to report on something that is. On unix machines, fail2ban is a common tool for this. Not totally sure how to add osquery to that mix
d
demonbhao
09/07/2020, 2:35 AMOk, I'll look into it again
thank
4 Views