cscli scenarios install crowdsecurity/appsec-native1type: leaky2format: 3.03name: crowdsecurity/appsec-native4description: "Identify attacks flagged by CrowdSec AppSec via native rules"5filter: "evt.Meta.log_type == 'appsec-block' && evt.Meta.rule_name startsWith 'native_rule'"6leakspeed: "30s"7capacity: 38groupby: evt.Meta.source_ip9blackhole: 1m10labels:11 service: http12 confidence: 113 spoofable: 014 classification:15 - attack.T111016 label: "Blocked by CrowdSec AppSec"17 behavior: "http:exploit"18 remediation: true19