mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-18 14:11:36 +01:00
19 lines
397 B
YAML
19 lines
397 B
YAML
title: SO IDH - SSH Login Attempt
|
|
id: b7a09f0a-88ca-4fe0-bc8a-92106133e231
|
|
status: experimental
|
|
description: Detects when the SSH service on a SO IDH node has had a login attempt.
|
|
author: Security Onion Solutions
|
|
logsource:
|
|
product: idh
|
|
detection:
|
|
selection:
|
|
event.code:
|
|
- 4000
|
|
- 4001
|
|
- 4002
|
|
condition: selection
|
|
falsepositives:
|
|
- None
|
|
fields:
|
|
- source.ip
|
|
level: critical |