apache-guacamole_bf Scenario

« apache-guacamole_bf »
v0.2 by corvese
Attack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1110confidence:3

Detect Apache Guacamole user bruteforce

Installation

cscli scenarios install corvese/apache-guacamole_bf

Description

Defends against a single user's account being bruteforced

YAML Configuration

1type: leaky
2name: corvese/apache-guacamole_bf
3description: "Detect Apache Guacamole user bruteforce"
4filter: evt.Meta.log_type == 'apache-guacamole_failed_auth'
5groupby: evt.Meta.source_ip
6leakspeed: 10s
7capacity: 5
8blackhole: 1m
9labels:
10  service: apache-guacamole
11  confidence: 3
12  spoofable: 0
13  classification:
14    - attack.T1110
15  behavior: "http:bruteforce"
16  label: "Apache Guacamole Bruteforce"
17  remediation: true
18

Hub configuration

« apache-guacamole_bf »v0.2 by corveseAttack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1110confidence:3

« apache-guacamole_bf »
v0.2 by corvese
Attack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1110confidence:3