Fix error in ssd decoder when username is one or more blank spaces

[sergiospa]

Hi team,

This PR aims to fix an error of the sshd decoder. When srcuser is one or more blank spaces, it is not extracted from the log. srcip is not extracted as well.

The change I made has been tested under the following usernames:

• test.
• test2test.
• ' ' - one blank space.
• ' ' - 5 blank spaces (Github won't let me show them correctly)

The results have been good. All fields are extracted:

       log: 'Invalid user test from 11.0.0.27 port 55140'

**Phase 2: Completed decoding.
       decoder: 'sshd'
       srcuser: 'test'
       srcip: '11.0.0.27'
       srcport: '55140'

       log: 'Invalid user test2test from 11.0.0.27 port 55140'

**Phase 2: Completed decoding.
       decoder: 'sshd'
       srcuser: 'test2test'
       srcip: '11.0.0.27'
       srcport: '55140'

       log: 'Invalid user   from 11.0.0.27 port 55140'

**Phase 2: Completed decoding.
       decoder: 'sshd'
       srcuser: ' '
       srcip: '11.0.0.27'
       srcport: '55140'

       log: 'Invalid user      from 11.0.0.27 port 55140'

**Phase 2: Completed decoding.
       decoder: 'sshd'
       srcuser: '     '
       srcip: '11.0.0.27'
       srcport: '55140'

Regards,
Sergio.

[NitroCao]

This regex expression may also need to be modified

wazuh-ruleset/decoders/0310-ssh_decoders.xml

Line 96 in 533fc77

<regex offset="after_prematch">(\S+) from (\S+)</regex>