21 lines
385 B
YAML
21 lines
385 B
YAML
|
import: audit.incl
|
||
|
|
||
|
filter:
|
||
|
- term:
|
||
|
system.auth.ssh.event: Accepted
|
||
|
- term:
|
||
|
ident: sshd
|
||
|
realert:
|
||
|
minutes: 0
|
||
|
type: any
|
||
|
|
||
|
alert_subject: "ElastAlert: SSH Login"
|
||
|
alert_text_type: alert_text_only
|
||
|
alert_text: "SSH Login into {0} {1}/{2} as {3} from {4}"
|
||
|
alert_text_args:
|
||
|
- source.hostname
|
||
|
- source.region
|
||
|
- source.conglomerate
|
||
|
- system.auth.user
|
||
|
- system.auth.ip
|