teamspeak3-bf Configuration

« teamspeak3-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:truetype:bruteforce service:teamspeak3spoofable:0MITRE:T1110confidence:2

detect teamspeak3 server bruteforce

Installation

cscli scenarios install crowdsecurity/teamspeak3-bf

Description

leakspeed of 10s, capacity of 2

YAML Configuration

1type: leaky
2name: crowdsecurity/teamspeak3-bf
3description: "detect teamspeak3 server bruteforce"
4filter: evt.Meta.log_type == 'ts3_fail_auth'
5groupby: evt.Meta.source_ip
6capacity: 2
7leakspeed: "10s"
8blackhole: 5m
9labels:
10  service: teamspeak3
11  type: bruteforce
12  classification:
13    - attack.T1110
14  behavior: "generic:bruteforce"
15  spoofable: 0
16  confidence: 2
17  label: "TeamSpeak3 Bruteforce"
18  remediation: true
19

Hub configuration

« teamspeak3-bf »v0.2 by crowdsecurityAttack scenarioremediation:truetype:bruteforce service:teamspeak3spoofable:0MITRE:T1110confidence:2

« teamspeak3-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:truetype:bruteforce service:teamspeak3spoofable:0MITRE:T1110confidence:2