Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
15 Minutes |
Deduplication Period |
3 Hours |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user attempted to authenticate via SSH an excessive number of times in a short period. This may indicate a brute force attack.
Attacker's Goals
Attackers attempt to log in to a remote host.
Investigative actions
Verify any successful authentication by the user account referenced by the alert, as these can indicate the attacker managed to guess the credentials.
Variations
Successful SSH Brute ForcePossible SSH Brute Force