cscli scenarios install aidalinfo/couchdb-bf
Detect failed CouchDB authentication :
leakspeed of 60s, capacity of 10, Group by IP leakspeed of 10s, capacity of 5, Group by IP
1# couchdb slow bruteforce2type: leaky3name: aidalinfo/couchdb-slow-bf4description: "Detect slow Couchdb bruteforce/enum"5filter: evt.Meta.log_type == 'bf-enum-couchdb'6leakspeed: "60s"7capacity: 108groupby: evt.Meta.source_ip9blackhole: 1m10reprocess: true11labels:12 service: couchdb13 remediation: true14 confidence: 315 spoofable: 016 classification:17 - attack.T111018 label: "Couchdb low Bruteforce"19---20# couchdb bruteforce21type: leaky22name: aidalinfo/couchdb-bf23description: "Detect Couchdb bruteforce/enum"24filter: evt.Meta.log_type == 'bf-enum-couchdb'25leakspeed: "10s"26capacity: 527groupby: evt.Meta.source_ip28blackhole: 1m29reprocess: true30labels:31 service: couchdb32 confidence: 333 spoofable: 034 classification:35 - attack.T111036 label: "Couchdb Bruteforce"37 remediation: true