In this exercise , alert was triggered with rule SOC147 — SSH Scan activity . This alert triggered when machine tries to scan network.

We can see scan was conducted with PentestMachine , hostname give a bit away that this planned test. But in order to be sure , we check host.

--

--