Detecting SSH bruteforce attacks using triggers in QoE [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce [2025/10/30 13:13] – created elena.krasnobryzhen:dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce [2025/12/10 16:03] (current) elena.krasnobryzh
    Line 17: Line 17:
      
     The trigger for detecting SSH bruteforce attacks (name — "ssh bruteforce") is a system trigger and is available in "QoE analytics" → "Triggers and notifications" (disabled by default). The trigger for detecting SSH bruteforce attacks (name — "ssh bruteforce") is a system trigger and is available in "QoE analytics" → "Triggers and notifications" (disabled by default).
    - 
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce.png?nolink&600 |}} 
      
     === General trigger information === === General trigger information ===
      
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_common.png?nolink&600 |}}+{{ :en:dpi:qoe_analytics:cases:network_health:dpiui2_triggers_bruteforce_common.png?nolink&600 |}}
      
       * Trigger name: "ssh bruteforce";   * Trigger name: "ssh bruteforce";
    Line 34: Line 32:
     === Queries === === Queries ===
      
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_queries.png?nolink&600 |}}+{{ :en:dpi:qoe_analytics:cases:network_health:dpiui2_triggers_bruteforce_queries.png?nolink&600 |}}
      
     For this trigger a non-editable query is preset with the following parameters: For this trigger a non-editable query is preset with the following parameters:
    Line 45: Line 43:
     === Conditions === === Conditions ===
      
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_conditions.png?600 |}}+{{ :en:dpi:qoe_analytics:cases:network_health:dpiui2_triggers_bruteforce_conditions.png?600 |}}
      
       * Add two "+" fields   * Add two "+" fields
    Line 58: Line 56:
     === Error handling === === Error handling ===
      
    -{{ :dpi:qoe:use_cases:ddos_error.png?nolink&600 |}}+{{ :dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce:ddos_error.png?nolink&600 |}}
      
       * In "If no errors" — no data   * In "If no errors" — no data
    Line 68: Line 66:
     == E-mail action == == E-mail action ==
      
    -{{ :dpi:qoe:use_cases:ddos_email.png?nolink&600 |}}+{{ :dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce:ddos_email.png?nolink&600 |}}
      
       * Click the "</>" icon to auto-fill the form   * Click the "</>" icon to auto-fill the form
    Line 76: Line 74:
      
     == Notification == == Notification ==
    -{{ :dpi:qoe:use_cases:ddos_notification.png?nolink&600 |}}+{{ :dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce:ddos_notification.png?nolink&600 |}}
      
       * Click "</>" to auto-fill the form   * Click "</>" to auto-fill the form
       * Select notification type — "Warning"   * Select notification type — "Warning"
       * This will create a notification in the SSG system   * This will create a notification in the SSG system
    - 
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_alerting.png?nolink&600 |}} 
      
     You can get a link to the report via the notifications menu You can get a link to the report via the notifications menu
    - 
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_notofication.png?nolink&400 |}} 
      
     Select the notification Select the notification
     Choose — "Details" Choose — "Details"
    - 
    -{{ :dpi:qoe:use_cases:dpiui2_triggers_bruteforce_notofication_details.png?nolink&400 |}} 
      
     Follow the report link — the report will open in a new browser window. Follow the report link — the report will open in a new browser window.
    Line 97: Line 89:
     == HTTP action == == HTTP action ==
      
    -{{ :dpi:qoe:use_cases:ddos_http.png?nolink&600 |}}+{{ :dpi:qoe_analytics:cases:network_health:triggers_ssh_bruteforce:ddos_http.png?nolink&600 |}}
      
     Click "</>" to auto-fill the form. Click "</>" to auto-fill the form.