cscli scenarios install crowdsecurity/mssql-bf
1# mysql bruteforce2type: leaky3#debug: true4name: crowdsecurity/mssql-bf5description: "Detect mssql bruteforce"6filter: evt.Meta.log_type == 'mssql_failed_auth'7leakspeed: "10s"8capacity: 59groupby: evt.Meta.source_ip10blackhole: 5m11labels:12 remediation: true13 classification:14 - attack.T111015 behavior: "database:bruteforce"16 label: "MSSQL Bruteforce"17 spoofable: 018 confidence: 319 service: mssql20