mariadb-bf Scenario

« mariadb-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mariadbspoofable:0MITRE:T1110confidence:3

Detect mariadb bruteforce

Installation

cscli scenarios install crowdsecurity/mariadb-bf

Description

Detect several failed mariadb authentications.

leakspeed of 10s, capacity of 5

YAML Configuration

1# mariadb bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/mariadb-bf
5description: "Detect mariadb bruteforce"
6filter: evt.Meta.log_type == 'mariadb_failed_auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12  remediation: true
13  service: mariadb
14  classification:
15    - attack.T1110
16  behavior: "database:bruteforce"
17  label: "MariaDB Bruteforce"
18  spoofable: 0
19  confidence: 3
20

Hub configuration

« mariadb-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:mariadbspoofable:0MITRE:T1110confidence:3

« mariadb-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mariadbspoofable:0MITRE:T1110confidence:3