http-magento-ccs-by-as Scenario

« http-magento-ccs-by-as »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:magentospoofable:3MITRE:T1110confidence:1

Detect distributed credit card stuffing from same AS

Installation

cscli scenarios install crowdsecurity/http-magento-ccs-by-as

Description

Detects distributed credit card stuffing by AS on Magento website.

More than 10 payments failed in the same AS in less than 30secondes will trigger this scenario.

YAML Configuration

1type: leaky
2name: crowdsecurity/http-magento-ccs-by-as
3debug: false
4description: "Detect distributed credit card stuffing from same AS"
5filter: "evt.Meta.log_type == 'PAYMENT_FAILED' and evt.Meta.ASNNumber != '' "
6groupby: evt.Meta.ASNNumber
7distinct: evt.Meta.source_ip
8capacity: 10
9leakspeed: 30s
10blackhole: 5m
11labels:
12  remediation: true
13  classification:
14    - attack.T1110.004
15  confidence: 1
16  spoofable: 3
17  service: magento
18  behavior: "ecommerce:fraud"
19  label: "Magento Credit Card Stuffing By AS"
20

Hub configuration

« http-magento-ccs-by-as »v0.3 by crowdsecurityAttack scenarioremediation:trueservice:magentospoofable:3MITRE:T1110confidence:1

« http-magento-ccs-by-as »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:magentospoofable:3MITRE:T1110confidence:1