How do i detect SSH Brute Force attack in AWS environment

home/Solution/Amazon Web Services/How do i detect SSH Brute Force attack in AWS environment

How do i detect SSH Brute Force attack in AWS environment

AWS provides AWS GuardDuty which can detect suspicious behavior activity like SSH brute force attack.It is highly recommended to enable AWS GuardDuty in your production environment.

All insights are delivered in the AWS GuardDuty console. In case of SSH Brute force attack, the finding type would be classified as UnauthorizedAccess:EC2/SSHBruteForce and details would include the ip address. For list of finding types, visit https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html

You can block the required ip address on your environment entry point (i.e WAF etc).

Was this helpful?

2 Yes 1 No

Integrating AWS EKS with Anthos
How do I deploy wordpress applications on AWS
How does AWS implements Cross Region Load Balancing
How does designing a VPC in Google Cloud differ from Amazon AWS
What tool should I use to audit and validate AWS environment against AWS best practices
How do I organize projects in AWS for separate billing

How do i detect SSH Brute Force attack in AWS environment

Related Articles

Leave A Comment Cancel reply