cpanel-bf Scenario

« cpanel-bf »
v0.4 by crowdsecurity
Attack scenarioremediation:trueservice:cpanelspoofable:0MITRE:T1110confidence:3

Detect bruteforce on cpanel login

Installation

cscli scenarios install crowdsecurity/cpanel-bf

Description

Detects bruteforce attempts in cpanel login.

YAML Configuration

1type: leaky
2name: crowdsecurity/cpanel-bf
3capacity: 5
4leakspeed: 10s
5description: "Detect bruteforce on cpanel login"
6filter: "evt.Meta.log_type == 'auth_bf_log'"
7groupby: evt.Meta.source_ip
8blackhole: 5m
9labels:
10  confidence: 3
11  spoofable: 0
12  classification:
13   - attack.T1110
14  behavior: "http:bruteforce"
15  label: "cPanel Bruteforce"
16  service: cpanel
17  remediation: true
18
19

Hub configuration

« cpanel-bf »v0.4 by crowdsecurityAttack scenarioremediation:trueservice:cpanelspoofable:0MITRE:T1110confidence:3

« cpanel-bf »
v0.4 by crowdsecurity
Attack scenarioremediation:trueservice:cpanelspoofable:0MITRE:T1110confidence:3