telnet-bf Configuration

« telnet-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:telnetspoofable:0MITRE:T1110confidence:3

detect telnet bruteforce

Installation

cscli scenarios install crowdsecurity/telnet-bf

Description

leakspeed of 10s, capacity of 5

YAML Configuration

1type: leaky
2name: crowdsecurity/telnet-bf
3description: "detect telnet bruteforce"
4filter: evt.Meta.log_type == 'telnet_new_session'
5groupby: evt.Meta.source_ip
6capacity: 5
7leakspeed: "10s"
8blackhole: 5m
9labels:
10  service: telnet
11  confidence: 3
12  spoofable: 0
13  classification:
14    - attack.T1110
15  behavior: "telnet:bruteforce"
16  label: "Telnet Bruteforce"
17  remediation: true
18

Hub configuration

« telnet-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:telnetspoofable:0MITRE:T1110confidence:3

« telnet-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:telnetspoofable:0MITRE:T1110confidence:3