asterisk_bf Configuration

« asterisk_bf »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:asteriskspoofable:0MITRE:T1110confidence:3

Detect Asterisk user bruteforce

Installation

cscli scenarios install crowdsecurity/asterisk_bf

YAML Configuration

1type: leaky
2name: crowdsecurity/asterisk_bf
3description: "Detect Asterisk user bruteforce"
4filter: evt.Meta.log_type == 'asterisk_failed_auth'
5groupby: evt.Meta.source_ip
6leakspeed: 10s
7capacity: 5
8blackhole: 1m
9labels:
10  service: asterisk
11  confidence: 3
12  spoofable: 0
13  classification:
14    - attack.T1110
15  behavior: "sip:bruteforce"
16  label: "Asterisk Bruteforce"
17  remediation: true
18

Hub configuration

« asterisk_bf »v0.3 by crowdsecurityAttack scenarioremediation:trueservice:asteriskspoofable:0MITRE:T1110confidence:3

« asterisk_bf »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:asteriskspoofable:0MITRE:T1110confidence:3