Prerequisites

1. Ubuntu server with Splunk Universal forwarder - Oracle cloud VM
2. Windows 10 VM with Splunk Server - Azure Cloud VM
3. fail2ban installation on Ubuntu VM

Edit Ingress rules to allow ssh for any IP address - OCI VM

About 10-15 mins, ssh brute-force attack started

Install fail2ban in Ubuntu VM

Modify fail2ban config

#Parameters explained: enabled: Activates this rule. port: Monitored port(s). logpath: Path to logs for monitoring. maxretry: Number of failed attempts before banning. bantime: Duration of the ban (in seconds). findtime: Time window to check for failed attempts.

Fire up fail2ban service