nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka ok question.

Opened up a SSH connection and successful login from windows to server.

It registers on dashboard correctly and logged as low level 3 by rules.

Nice.

Next I am going to purposefully trigger higher 8-10 alarms with multiple incorrect logins, reverse lookups, etc.

After that I’m not sure what to look at. Any ideas on next steps of basic logging? Custom rules maybe?