jira_cve-2021-26086 Scenario

« jira_cve-2021-26086 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:jiraspoofable:0MITRE:T1595MITRE:T1190confidence:3

Detect Atlassian Jira CVE-2021-26086 exploitation attemps

Installation

cscli scenarios install crowdsecurity/jira_cve-2021-26086

YAML Configuration

1type: trigger
2format: 2.0
3#debug: true
4name: crowdsecurity/jira_cve-2021-26086
5description: "Detect Atlassian Jira CVE-2021-26086 exploitation attemps"
6filter: |
7  evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("jira_cve_2021-26086.txt"), {Upper(evt.Meta.http_path) contains Upper(#)})
8data:
9  - source_url: https://hub-data.crowdsec.net/web/jira_cve_2021-26086.txt
10    dest_file: jira_cve_2021-26086.txt
11    type: string
12groupby: "evt.Meta.source_ip"
13blackhole: 2m
14labels:
15  remediation: true
16  classification:
17    - attack.T1595.001
18    - attack.T1190
19    - cve.CVE-2021-26086
20  behavior: "http:exploit"
21  label: "Jira CVE-2021-26086 exploitation"
22  spoofable: 0
23  service: jira
24  confidence: 3
25

Hub configuration

« jira_cve-2021-26086 »v0.3 by crowdsecurityAttack scenarioremediation:trueservice:jiraCVE-2021-26086spoofable:0MITRE:T1595MITRE:T1190confidence:3

« jira_cve-2021-26086 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:jiraspoofable:0MITRE:T1595MITRE:T1190confidence:3