mysql-bf Configuration

« mysql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mysqlspoofable:0MITRE:T1110confidence:3

Detect mysql bruteforce

Installation

cscli scenarios install crowdsecurity/mysql-bf

Description

Detect several failed mysql authentications.

leakspeed of 10s, capacity of 5

YAML Configuration

1# mysql bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/mysql-bf
5description: "Detect mysql bruteforce"
6filter: evt.Meta.log_type == 'mysql_failed_auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12  remediation: true
13  confidence: 3
14  spoofable: 0
15  classification:
16    - attack.T1110
17  behavior: "database:bruteforce"
18  label: "MySQL Bruteforce"
19  service: mysql
20

Hub configuration

« mysql-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:mysqlspoofable:0MITRE:T1110confidence:3

« mysql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mysqlspoofable:0MITRE:T1110confidence:3