alert on repeated SSH failures: Name - SSH Brute Force Attempt Priority - High Query - message:”Failed password” AND facility:auth Condition - count() >= 5 in last 1 minute “https://graylog.yourcompany.com/api/system/content_packs”
-H “X-Requested-By: cli”
| python3 -m json.tool > graylog-content-pack.json

Related Reading

• How to Set Up ntopng for Network Analytics
• How to Set Up Falco for Container Runtime Security
• How to Use strace for Security Analysis

Built by theluckystrike. More at zovo.one