+++ /dev/null
-**Phase 1: Completed pre-decoding.
- full event: 'May 26 19:40:25 enigma sudo: dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/bin/ls'
- hostname: 'enigma'
- program_name: 'sudo'
- log: 'dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/bin/ls'
-
-**Phase 2: Completed decoding.
- decoder: 'sudo'
-
-**Phase 3: Completed filtering (rules).
- Rule id: '5404'
- Level: '10'
- Description: 'Three failed attempts to run sudo'
-**Alert to be generated.
-
-