1. Overview
  2. Navigating the dashboard
  3. Security assessment

Security assessment

The Security Assessment tab provides an analysis of your SSH security status across all monitored servers. This guide explains how to interpret and act on the information provided.

Overview Statistics

The top section displays key metrics from the past 30 days:

Total Logs The number of SSH events recorded across all servers. This provides context for the other statistics and helps establish what constitutes normal activity for your systems.

Unique Servers Number of distinct servers being monitored. Use this to verify all your servers are reporting correctly.

Failed Attempts Total number of unsuccessful login attempts. A high number may indicate brute force attempts or misconfigured applications.

Unique Attackers Count of distinct IP addresses that have made failed login attempts. This helps identify whether you're facing targeted or distributed attacks.

Risk Level Assessment

The system categorizes your overall security status into three levels:

HIGH_RISK: More than 20% of events are classified as high-risk

  • Immediate attention recommended
  • May indicate active attack attempts
  • Review critical recommendations first

MEDIUM_RISK: Between 5% and 20% of events are high-risk

  • Review recommended
  • Monitor for escalation
  • Address recommendations systematically

LOW_RISK: Less than 5% of events are high-risk

  • Continue monitoring
  • Implement general recommendations
  • Maintain security practices

Security Recommendations

Critical Recommendations

These require immediate attention and typically include:

  • Root login attempts detected
  • Brute force attack patterns
  • Known malicious IP activity
  • Unusual login time patterns
  • Authentication method concerns

Each critical recommendation includes:

  • Title describing the issue
  • Detailed explanation of the risk
  • Specific evidence from your logs
  • Recommended actions to take

General Recommendations

These are best practices and improvements:

  • SSH configuration suggestions
  • Timeout settings
  • Cipher strength recommendations
  • Update reminders
  • Monitoring improvements

Using the Assessment

Regular Review Process

  1. Check your overall risk level
  2. Review any critical recommendations
  3. Note changes from previous assessments
  4. Plan security improvements
  5. Document actions taken

Response Actions

When reviewing recommendations:

  • Use provided block commands for malicious IPs
  • Apply configuration changes carefully
  • Test changes on non-critical systems first
  • Document all modifications
  • Monitor effects of changes

Best Practices

  • Review security assessment weekly
  • Address critical recommendations within 24 hours
  • Keep track of implemented changes
  • Monitor for recurring issues
  • Update security policies based on findings

Technical Details

The assessment analyzes:

  • Login patterns and frequencies
  • Authentication methods used
  • Geographic access patterns
  • Known malicious IP activity
  • Configuration vulnerabilities
  • User behavior patterns
Was this article helpful?