cscli scenarios install crowdsecurity/kasm-bruteforceDetect KASM login bruteforce 5 attempts with leakspeed of 10 seconds
1type: leaky2name: crowdsecurity/kasm-bruteforce3description: "Detect kasm login bruteforce"4filter: "evt.Meta.metric_name in ['account.login.failed_invalid_user', 'account.login.failed_invalid_password']"5leakspeed: "10s"6capacity: 37groupby: evt.Meta.source_ip8blackhole: 1m9reprocess: true10labels:11 remediation: true12 classification:13 - attack.T111014 behavior: "generic:bruteforce"15 label: "KASM Bruteforce"16 spoofable: 017 confidence: 318 service: kasm19