couchdb-crawl Configuration

« couchdb-crawl »
v0.3 by aidalinfo
Attack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1595confidence:1

Detect aggressive crawl on CouchDB

Installation

cscli scenarios install aidalinfo/couchdb-crawl

YAML Configuration

1type: leaky
2name: aidalinfo/couchdb-crawl
3description: "Detect aggressive crawl on CouchDB"
4filter: evt.Meta.log_type == 'crawl-couchdb'
5distinct: evt.Meta.path_db
6leakspeed: 0.5s
7capacity: 40
8#debug: true
9#this limits the memory cache (and event_sequences in output) to five events
10cache_size: 5
11groupby: evt.Meta.source_ip
12blackhole: 1m
13labels:
14  service: couchdb
15  confidence: 1
16  spoofable: 0
17  classification:
18    - attack.T1595
19  behavior: "http:crawl"
20  label: "CouchDB Crawl"
21  remediation: true

Hub configuration

« couchdb-crawl »v0.3 by aidalinfoAttack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1595confidence:1

« couchdb-crawl »
v0.3 by aidalinfo
Attack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1595confidence:1