Hub configuration

More info

bitwarden-bf Scenario

« bitwarden-bf »
v0.3 by MariuszKociubinski
Attack scenarioremediation:trueservice:bitwardenspoofable:0MITRE:T1110confidence:3

Detect bitwarden bruteforce

Installation

cscli scenarios install MariuszKociubinski/bitwarden-bf

Description

Detect failed bitwarden authentications:

leakspeed of 20s, capacity of 5

YAML Configuration

1# bitwarden BF scan
2name: MariuszKociubinski/bitwarden-bf
3description: "Detect bitwarden bruteforce"
4filter: "evt.Meta.log_type == 'bitwarden_failed_auth'"
5#debug: false
6type: leaky
7groupby: evt.Meta.source_ip
8leakspeed: 20s
9capacity: 5
10blackhole: 1m
11labels:
12  service: bitwarden
13  behavior: "http:bruteforce"
14  spoofable: 0
15  confidence: 3
16  classification:
17    - attack.T1110
18  label: "Bitwarden Bruteforce"
19  remediation: true
20

Hub configuration

« bitwarden-bf »v0.3 by MariuszKociubinskiAttack scenarioremediation:trueservice:bitwardenspoofable:0MITRE:T1110confidence:3

« bitwarden-bf »
v0.3 by MariuszKociubinski
Attack scenarioremediation:trueservice:bitwardenspoofable:0MITRE:T1110confidence:3