SSH Brute-Force Detector
Linux auth log detector for repeated SSH failed-login attacks — scores brute-force activity per source IP and emits actionable alerts.
Reads Linux SSH auth logs and detects brute-force patterns: high-volume failed logins, fast attack windows, and successful logins immediately after a string of failures. Markdown reports, JSON summaries, IP timelines, triage handoff for analysts.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Web Attack DetectionSecurity project· Demo ready
Web log detection lab — flags SQL injection, XSS, suspicious user agents, scanner activity, and risk-scored request summaries from nginx access logs.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Custom IDS ScriptSecurity project· Demo ready
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
- Port Scan LabSecurity project· Demo ready
Detection lab for identifying Nmap-style port scan and reconnaissance activity from firewall logs.
Want a heads-up when SSH Brute-Force Detector releases?