How to detect SSH attempts by Chuck Norris

In a blog post by Knox Anderson, the process of detecting unauthorized SSH attempts using Sysdig is explored through a hands-on exercise designed to help users troubleshoot real-world issues. The scenario involves identifying the IP address and username of someone repeatedly attempting to SSH into a system, using Sysdig captures to analyze system calls at a specific time. The tutorial provides guidance on utilizing filters and chisels to inspect network activities, particularly focusing on port 22 where SSH connections occur, and emphasizes examining log file activities, such as those in the auth.log, to gather useful information. The exercise highlights the importance of understanding container behavior and network interactions, offering insights into troubleshooting and system monitoring beyond just identifying security breaches. The post encourages learning through practical examples and invites readers to explore more complex scenarios in future exercises.