policy/protocols/ssh/geo-data.zeek

SSH

Geodata based detections for SSH analysis.

Namespace:SSH
Imports:base/frameworks/notice, base/protocols/ssh

Summary

Runtime Options

SSH::watched_countries: set &redef The set of countries for which you’d like to generate notices upon successful login.

Redefinitions

Notice::Type: enum  
SSH::Info: record  

Detailed Interface

Runtime Options

SSH::watched_countries
Type:

set [string]

Attributes:

&redef

Default:
{
   "RO"
}

The set of countries for which you’d like to generate notices upon successful login.