Permalink
Browse files

Catch keyboard-interactive

Catch log entries like: Failed keyboard-interactive/pam for root
  • Loading branch information...
jeffbryner committed Dec 29, 2018
1 parent d959fdd commit 489dd73297578958222c643bfb642540466b8353
Showing with 1 addition and 1 deletion.
  1. +1 −1 alerts/bruteforce_ssh.py
@@ -18,7 +18,7 @@ def main(self):
search_query.add_must([
PhraseMatch('summary', 'failed'),
TermMatch('details.program', 'sshd'),
TermsMatch('summary', ['login', 'invalid', 'ldap_count_entries', 'publickey'])
TermsMatch('summary', ['login', 'invalid', 'ldap_count_entries', 'publickey', 'keyboard'])
])

for ip_address in self.config.skiphosts.split():

0 comments on commit 489dd73

Please sign in to comment.