cscli scenarios install crowdsecurity/http-wordpress_user-enumDetects probing to enumerate wordpress authors : /?author=XX
leakspeed of 10s, capacity of 5
1type: leaky2name: crowdsecurity/http-wordpress_user-enum3description: "Detect WordPress probing: authors enumeration"4debug: false5filter: "evt.Meta.log_type == 'http_access-log' && Upper(evt.Parsed.http_args) contains 'AUTHOR='"6groupby: evt.Meta.source_ip7distinct: evt.Parsed.http_args8capacity: 59leakspeed: "10s"10blackhole: 5m11labels:12 remediation: true13 classification:14 - attack.T158915 - attack.T111016 - attack.T159517 behavior: "http:scan"18 label: "WordPress User Enumeration"19 spoofable: 020 service: wordpress21 confidence: 322