LetsDefend Monitoring Alert
Suspicious SSH Login
Sep, 04, 2021, 08:08 PM
Event ID: 104
Event Time: Sep, 04, 2021, 08:08 PM
Rule Name: SOC155 - Suspicious SSH Login
Alert Type: Unauthorized Access
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1041 - Exfiltration - Exfiltration Over C2 Channel,
Severity: High
Incident Responder