gotify-bf Scenario

« gotify-bf »
v0.3 by baudneo
Attack scenarioremediation:trueservice:gotifyspoofable:0MITRE:T1110confidence:3

Detect bruteforce

Installation

cscli scenarios install baudneo/gotify-bf

Description

Bruteforce protection for Gotify server.

Leak speed of 10 seconds with a capacity of 4.

YAML Configuration

1type: leaky
2name: baudneo/gotify-bf
3description: "Detect bruteforce"
4filter: "evt.Meta.log_type  == 'gotify_failed_auth'"
5groupby: "evt.Meta.source_ip"
6capacity: 3
7leakspeed: "10s"
8blackhole: 1m
9labels:
10  service: gotify
11  behavior: "http:bruteforce"
12  classification:
13    - attack.T1110
14  spoofable: 0
15  confidence: 3
16  label: "Gotify Bruteforce"
17  remediation: true
18

Hub configuration

« gotify-bf »v0.3 by baudneoAttack scenarioremediation:trueservice:gotifyspoofable:0MITRE:T1110confidence:3

« gotify-bf »
v0.3 by baudneo
Attack scenarioremediation:trueservice:gotifyspoofable:0MITRE:T1110confidence:3