create SSH rule
#7374
-
|
Can you create an ssh rule that detects ssh traffic that is not version2. |
Beta Was this translation helpful? Give feedback.
Answered by
dougburks
Mar 2, 2022
Replies: 1 comment
-
|
Zeek already logs ssh connections including the version and Hunt includes an SSH query for that: Another option might be to write a Suricata rule: |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
dougburks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Zeek already logs ssh connections including the version and Hunt includes an SSH query for that:
Another option might be to write a Suricata rule:
https://suricata.readthedocs.io/en/suricata-6.0.0/rules/ssh-keywords.html