HFL-004 Linux SSH Auth Log

Source Alias:

LL-001

원본 경로:

/var/log/auth.log

수집 방식:

hanguel-ir-agent host log polling

현재 탐지:

Failed password, authentication failure, Invalid user

주요 event.action:

ssh_authentication_failure

커버 Technique:

T1110, T1021.004, T1078

현재 상태

event.action : "ssh_authentication_failure"