couchdb-bf Scenario

« couchdb-bf »
v0.1 by aidalinfo
Attack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1110confidence:3

Detect slow Couchdb bruteforce/enum

Installation

cscli scenarios install aidalinfo/couchdb-bf

Description

Detect failed CouchDB authentication :

leakspeed of 60s, capacity of 10, Group by IP leakspeed of 10s, capacity of 5, Group by IP

YAML Configuration

1# couchdb slow bruteforce
2type: leaky
3name: aidalinfo/couchdb-slow-bf
4description: "Detect slow Couchdb bruteforce/enum"
5filter: evt.Meta.log_type == 'bf-enum-couchdb'
6leakspeed: "60s"
7capacity: 10
8groupby: evt.Meta.source_ip
9blackhole: 1m
10reprocess: true
11labels:
12  service: couchdb
13  remediation: true
14  confidence: 3
15  spoofable: 0
16  classification:
17    - attack.T1110
18  label: "Couchdb low Bruteforce"
19---
20# couchdb bruteforce
21type: leaky
22name: aidalinfo/couchdb-bf
23description: "Detect Couchdb bruteforce/enum"
24filter: evt.Meta.log_type == 'bf-enum-couchdb'
25leakspeed: "10s"
26capacity: 5
27groupby: evt.Meta.source_ip
28blackhole: 1m
29reprocess: true
30labels:
31  service: couchdb
32  confidence: 3
33  spoofable: 0
34  classification:
35    - attack.T1110
36  label: "Couchdb Bruteforce"
37  remediation: true

Hub configuration

« couchdb-bf »v0.1 by aidalinfoAttack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1110confidence:3

« couchdb-bf »
v0.1 by aidalinfo
Attack scenarioremediation:trueservice:couchdbspoofable:0MITRE:T1110confidence:3