Back to All Scenarios
PASSEDsecurity / unauthorized_access
Unauthorized SSH Key Added to Root Account
An unauthorized SSH public key was added to /root/.ssh/authorized_keys. The key does not match any known employee keys. Possibly from a compromised service account.
Pattern
UNKNOWN
Expected: UNAUTHORIZED_ACCESS
Severity
MEDIUM
Confidence
68%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | UNAUTHORIZED_ACCESS | UNKNOWN | |
| Severity Assessment | CRITICAL | MEDIUM | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Ubuntu 22.04. New SSH key fingerprint SHA256:xK9... in /root/.ssh/authorized_keys. Key not in organization key registry. Added 15 minutes ago. No corresponding sudo log entry.
Injected Error Messages (1)
unauthorized SSH key detected — unknown public key added to /root/.ssh/authorized_keys 15 minutes ago, fingerprint SHA256:xK9mQ3p not in org registry, no corresponding audit trail
Neural Engine Root Cause Analysis
Unrecognized error pattern — this may be a new type of failure not yet cataloged.
Remediation Plan
Trigger autonomous healing to diagnose and fix. Manual investigation may be needed if healing cannot resolve.
Improvements Applied
- Pattern unrecognized — consider adding keywords for UNAUTHORIZED_ACCESS
- Severity: MEDIUM (expected CRITICAL)
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnoo5z0013lig7spx4ce9k