grafana-bf Configuration

« grafana-bf »
v0.3 by LePresidente
Attack scenarioremediation:trueservice:grafanaspoofable:0MITRE:T1110confidence:3

Detect grafana bruteforce

Installation

cscli scenarios install LePresidente/grafana-bf

Description

Detect failed Grafana authentications:

leakspeed of 1m, capacity of 5 on same target ip

YAML Configuration

1# grafana BF scan
2name: LePresidente/grafana-bf
3description: "Detect grafana bruteforce"
4filter: "evt.Meta.service == 'grafana' && evt.Meta.log_type == 'auth_failed'"
5#debug: true
6type: leaky
7groupby: evt.Meta.source_ip
8leakspeed: "20s"
9capacity: 5
10blackhole: 1m
11labels:
12  service: grafana
13  behavior: "http:bruteforce"
14  classification:
15    - attack.T1110
16  spoofable: 0
17  confidence: 3
18  label: "Grafana Bruteforce"
19  remediation: true
20

Hub configuration

« grafana-bf »v0.3 by LePresidenteAttack scenarioremediation:trueservice:grafanaspoofable:0MITRE:T1110confidence:3

« grafana-bf »
v0.3 by LePresidente
Attack scenarioremediation:trueservice:grafanaspoofable:0MITRE:T1110confidence:3