Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
2 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
There were multiple attempts to authenticate via SSH to a host in your network. This may indicate a brute force attack.
Attacker's Goals
Attackers attempt to log in to a remote host.
Investigative actions
Audit the failed authentication attempts in the SSH server to identify the abused user. If the abused user can authenticate to the SSH server, it may indicate that the attacker managed to compromise the user credentials.
Variations
SSH brute force network detected from external sourceRare SSH brute force attempt