check this out. it will get you going
nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka ok question.
Opened up a SSH connection and successful login from windows to server.
It registers on dashboard correctly and logged as low level 3 by rules.
Nice.
Next I am going to purposefully trigger higher 8-10 alarms with multiple incorrect logins, reverse lookups, etc.
After that I’m not sure what to look at. Any ideas on next steps of basic logging? Custom rules maybe?
