sshbrute_internal_internal

Suggest Edits

Explanation

This event is triggered by Netography's Fusion Portal when it detects an SSH brute force attack, which is an attempt to guess a valid password against an SSH server. This event specifically looks for activity between hosts inside your network.

What to Look For

Brute force attacks launched inside your network may be an indication that your network is compromised. Investigate hosts that are the source of this sort of activity in order to make sure that it is authorized and expected, and the hosts have not been compromised. Ensure that strong passwords and/or multi-factor authentication are in use to prevent successful attacks. Check network logs for additional information and review endpoint security to ensure that sensitive information is secure.

Related MITRE ATT&CK Categories

Brute Force, Technique T1110 - Enterprise

Updated 13 days ago