npmplus Collection by ZoeyVid

Installation

cscli collections install ZoeyVid/npmplus

Source code

A collection to defend nginx against common attacks:

NPMplus parser
base http scenarios (crawl, 404 scan, bf)

Example acquisition for this collection:

1filenames:
2  - /opt/npmplus/nginx/*.log
3labels:
4  type: npmplus
5---
6filenames:
7  - /opt/npmplus/nginx/*.log
8labels:
9  type: modsecurity
10---
11listen_addr: 0.0.0.0:7422
12appsec_config: crowdsecurity/appsec-default
13name: appsec
14source: appsec
15labels:
16  type: appsec
17# if you use openappsec you can enable this
18#---
19#source: file
20#filenames:
21# - /opt/openappsec/logs/cp-nano-http-transaction-handler.log*
22#labels:
23#  type: openappsec

notes:

Depending on your configuration, paths to log files might change
please read more here

Content

Hub collection

« npmplus »Collection
v0.5 by ZoeyVid

npmplus-logs

cri-logs

dateparse-enrich

appsec-virtual-patching

appsec-generic-rules

appsec-wordpress

base-http-scenarios

http-cve

wordpress

modsecurity

openappsec

nginx-req-limit-exceeded

Hub collection

« npmplus »Collectionv0.5 by ZoeyVid

npmplus-logs

cri-logs

dateparse-enrich

appsec-virtual-patching

appsec-generic-rules

appsec-wordpress

base-http-scenarios

http-cve

wordpress

modsecurity

openappsec

nginx-req-limit-exceeded

« npmplus »Collection
v0.5 by ZoeyVid