A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks posed by the activity in the logs?
lordguck
Highly Voted 2 years, 7 months agomargomi86
Highly Voted 9 months, 3 weeks agobeazzlebub
2 years, 3 months ago2184bef
Most Recent 3 weeks, 4 days agolionleo
1 month agoBright07
4 months ago1llustrious
4 months, 1 week agoblacksheep6r
5 months agoAkashGaikwad
6 months, 3 weeks agomabus
8 months, 1 week agoBiteSize
9 months, 3 weeks agoBright07
1 year, 1 month agosmqzbq
2 years, 4 months ago