A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks posed by the activity in the logs?
lordguck
Highly Voted 2 years, 3 months agoBright07
Most Recent 1 week ago1llustrious
2 weeks, 2 days agoblacksheep6r
1 month, 1 week agoAkashGaikwad
2 months, 3 weeks agomabus
4 months, 2 weeks agomargomi86
5 months, 3 weeks agobeazzlebub
1 year, 11 months agoBiteSize
5 months, 3 weeks agoBright07
9 months, 2 weeks agosmqzbq
2 years ago