mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-01 17:07:50 +02:00
Josh Brower
18 lines
343 B
YAML
18 lines
343 B
YAML
title: SO IDH - SSH Accessed
|
|
status: experimental
|
|
description: Detects when the SSH service on a SO IDH node has been probed.
|
|
author: Security Onion Solutions
|
|
logsource:
|
|
product: idh
|
|
detection:
|
|
selection:
|
|
event.code:
|
|
- 4000
|
|
- 4001
|
|
- 4002
|
|
condition: selection
|
|
falsepositives:
|
|
- None
|
|
fields:
|
|
- source.ip
|
|
level: critical |