fortinet-vpn-bruteforce Scenario

« fortinet-vpn-bruteforce »
v0.1 by crowdsecurity
Attack scenarioremediation:trueservice:fortinetspoofable:0MITRE:T1110confidence:3

Detect fortinet VPN bruteforce

Installation

cscli scenarios install crowdsecurity/fortinet-vpn-bruteforce

Description

Detect Fortinet VPN bruteforce

leakspeed of 10s, capacity of 5

YAML Configuration

1type: leaky
2name: crowdsecurity/fortinet-vpn-bruteforce
3description: "Detect fortinet VPN bruteforce"
4debug: false
5filter: "evt.Meta.service == 'fortinet' && evt.Meta.sub_type == 'vpn' && evt.Meta.action == 'ssl-login-fail' && evt.Meta.tunnel_type == 'ssl-web'"
6groupby: evt.Meta.source_ip
7capacity: 5
8leakspeed: 2m
9blackhole: 5m
10labels:
11  confidence: 3
12  spoofable: 0
13  classification:
14    - attack.T1110
15  behavior: "http:bruteforce"
16  label: "Fortinet VPN Bruteforce"
17  service: fortinet
18  remediation: true
19

Hub configuration

« fortinet-vpn-bruteforce »v0.1 by crowdsecurityAttack scenarioremediation:trueservice:fortinetspoofable:0MITRE:T1110confidence:3

« fortinet-vpn-bruteforce »
v0.1 by crowdsecurity
Attack scenarioremediation:trueservice:fortinetspoofable:0MITRE:T1110confidence:3