cscli scenarios install crowdsecurity/http-apiscp-bfDetects bruteforce on apisCP login page '/apps/login'.
leakspeed of 10s, capacity of 5
1type: leaky2name: crowdsecurity/http-apiscp-bf3description: "detect apisCP dashboard bruteforce"4debug: false5# success auth on apisCP returns 3036filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_path startsWith '/apps/login' && evt.Parsed.verb == 'POST' && evt.Meta.http_status == '200'"7groupby: evt.Meta.source_ip8capacity: 59leakspeed: 10s10blackhole: 5m11labels:12 service: apisCP13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 behavior: "http:bruteforce"18 label: "apisCP bruteforce"19 remediation: true20