home-assistant-bf Scenario

« home-assistant-bf »
v0.4 by crowdsecurity
Attack scenarioremediation:trueservice:home-assistantspoofable:0MITRE:T1110confidence:3

Detect Home Assistant bruteforce

Installation

cscli scenarios install crowdsecurity/home-assistant-bf

Description

Detect several failed Home assistant authentications.

leakspeed of 10s, capacity of 5

YAML Configuration

1# home-assistant bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/home-assistant-bf
5description: "Detect Home Assistant bruteforce"
6filter: evt.Meta.log_type == 'home-assistant_failed_auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12  confidence: 3
13  spoofable: 0
14  classification:
15    - attack.T1110
16  behavior: "iot:bruteforce"
17  label: "Home Assistant Bruteforce"
18  service: home-assistant
19  remediation: true
20

Hub configuration

« home-assistant-bf »v0.4 by crowdsecurityAttack scenarioremediation:trueservice:home-assistantspoofable:0MITRE:T1110confidence:3

« home-assistant-bf »
v0.4 by crowdsecurity
Attack scenarioremediation:trueservice:home-assistantspoofable:0MITRE:T1110confidence:3