Hub configuration

More info

mailscanner-blacklisted Scenario

« mailscanner-blacklisted »
v0.1 by cbrandlehner
Attack scenarioremediation:truetype:spam service:smtpspoofable:0confidence:2

Detects MailScanner logs where a message is marked as spam due to blacklisting

Installation

cscli scenarios install cbrandlehner/mailscanner-blacklisted

YAML Configuration

1name: cbrandlehner/mailscanner-blacklisted
2description: Detects MailScanner logs where a message is marked as spam due to blacklisting
3type: trigger
4filter: "evt.Meta.log_type == 'mailscanner_blacklist' && evt.Parsed.spam_reason == 'blacklisted'"
5groupby: evt.Parsed.source_ip
6blackhole: 5m
7labels:
8  type: spam
9  remediation: true
10  behavior: "smtp:spam"
11  spoofable: 0
12  confidence: 2
13  label: "MailScanner detected an SMTP message from a blacklisted sender"
14  service: smtp
15
16

Hub configuration

« mailscanner-blacklisted »v0.1 by cbrandlehnerAttack scenarioremediation:truetype:spam service:smtpspoofable:0confidence:2

« mailscanner-blacklisted »
v0.1 by cbrandlehner
Attack scenarioremediation:truetype:spam service:smtpspoofable:0confidence:2