apache-guacamole_user_enum Scenario

« apache-guacamole_user_enum »
v0.2 by corvese
Attack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1589MITRE:T1110confidence:3

Detect Apache Guacamole user enum bruteforce

Installation

cscli scenarios install corvese/apache-guacamole_user_enum

Description

Defends against user enumeration attack

YAML Configuration

1type: leaky
2name: corvese/apache-guacamole_user_enum
3description: "Detect Apache Guacamole user enum bruteforce"
4filter: evt.Meta.log_type == 'apache-guacamole_failed_auth'
5groupby: evt.Meta.source_ip
6distinct: evt.Meta.target_user
7leakspeed: 10s
8capacity: 5
9blackhole: 1m
10labels:
11  service: apache-guacamole
12  confidence: 3
13  spoofable: 0
14  classification:
15    - attack.T1589
16    - attack.T1110
17  behavior: "http:bruteforce"
18  label: "Apache Guacamole User Enumeration"
19  remediation: true
20

Hub configuration

« apache-guacamole_user_enum »v0.2 by corveseAttack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1589MITRE:T1110confidence:3

« apache-guacamole_user_enum »
v0.2 by corvese
Attack scenarioremediation:trueservice:apache-guacamolespoofable:0MITRE:T1589MITRE:T1110confidence:3