Building a Mini SOC Lab: SSH Authentication Triage Using Journald and Python

Jan 26 · 4 min read · One of the main tasks I expect to handle as a SOC analyst is reviewing authentication logs -looking for failed login attempts, picking up on patterns like brute-force or username spraying, and figuring out whether something is just a user mistyping t...