Mateusz Suski
27 lines
764 B
Plaintext
27 lines
764 B
Plaintext
CRITICAL: Found 73 failed SSH login attempt(s) for requested window
|
|
|
|
Top source IPs:
|
|
52 203.0.113.44
|
|
12 198.51.100.20
|
|
9 192.0.2.10
|
|
|
|
Top attempted users:
|
|
31 admin
|
|
24 oracle
|
|
18 root
|
|
|
|
Sample recent lines:
|
|
May 11 10:01:02 host sshd[2201]: Failed password for invalid user admin from 203.0.113.44 port 51240 ssh2
|
|
May 11 10:01:06 host sshd[2205]: Invalid user oracle from 198.51.100.20
|
|
|
|
Evidence:
|
|
Thresholds: warning=20 critical=50 since="1 hour ago"
|
|
Log source: journalctl
|
|
|
|
Recommended next steps:
|
|
- Verify source IPs against expected scanners, admins, or automation
|
|
- Check firewall, fail2ban, or security tooling state
|
|
- Confirm whether the attempts are expected for this host
|
|
- Review successful logins too, not only failures
|
|
- Attach this output to incident ticket
|