I’m looking for a focused intrusion-detection solution that spots SSH brute-force attacks on a Windows server. The end result should run locally, watch live OpenSSH logs, and raise an alert whenever it detects the tell-tale pattern of rapid, repeated login failures that point to a dictionary or credential-stuffing attempt. While I’m open to your preferred tooling—PowerShell, Python, Go, or another language—the finished piece must install cleanly on current Windows Server builds and operate with minimal overhead. False-positive reduction is important: the model should distinguish genuine attack behaviour from an administrator who simply mistyped a password a few times. Deliverables • Source code or script with clearly commented detection logic • Any auxiliary configuration or dependency list • Step-by-step README that covers installation, usage, and how to adjust thresholds or retrain the model I can supply a test VM and sample logs for verification once you’re ready to demonstrate accuracy.