diff --git a/modules/services/loki/default.nix b/modules/services/loki/default.nix
index fa28897..c85be4c 100644
--- a/modules/services/loki/default.nix
+++ b/modules/services/loki/default.nix
@@ -141,7 +141,7 @@ in
     };
 
     my.services.loki.rules = {
-      HighLogRate = {
+      loki_highLogRate = {
         condition = ''sum by (host) (rate({unit="loki.service"}[1m])) > 60'';
         description = "Loki has a high logging rate";
       };
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
index 3aa1827..212c62e 100644
--- a/modules/services/ssh-server/default.nix
+++ b/modules/services/ssh-server/default.nix
@@ -25,5 +25,12 @@ in
     # by setting an hashed password in the `users.users.felix` block as `initialHashedPassword`.
     # additionally needed by deploy-rs
     security.sudo.wheelNeedsPassword = false;
+
+    my.services.loki.rules = {
+      sshd_closed = {
+        condition = ''count_over_time({unit="sshd.service"} |~ "Connection closed by authenticating user" [15m]) > 15'';
+        description = "More then 15 users have tried loggin in without success";
+      };
+    };
   };
 }