tcpudp-flood-traefik Scenario

« tcpudp-flood-traefik »
v0.1 by aidalinfo
Attack scenarioremediation:truespoofable:0MITRE:T1498confidence:2

Detect TCP/UDP flood

Installation

cscli scenarios install aidalinfo/tcpudp-flood-traefik

Description

leakspeed of 10 seconds, capacity of 1000 on same ip address

YAML Configuration

1type: leaky
2name: aidalinfo/tcpudp-flood-traefik
3description: "Detect TCP/UDP flood"
4filter: "evt.Meta.log_type == 'traefik_tcpudp'"
5groupby: "evt.Meta.source_ip"
6capacity: 1000
7cache_size: 10
8leakspeed: "10s"
9blackhole: 5m
10labels:
11  remediation: true
12  classification:
13    - attack.T1498
14  spoofable: 0
15  confidence: 2
16  label: "UDP or TCP Flood Traefik"
17

Hub configuration

« tcpudp-flood-traefik »v0.1 by aidalinfoAttack scenarioremediation:truespoofable:0MITRE:T1498confidence:2

« tcpudp-flood-traefik »
v0.1 by aidalinfo
Attack scenarioremediation:truespoofable:0MITRE:T1498confidence:2