mssql-bf Scenario

« mssql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mssqlspoofable:0MITRE:T1110confidence:3

Detect mssql bruteforce

Installation

cscli scenarios install crowdsecurity/mssql-bf

YAML Configuration

1# mysql bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/mssql-bf
5description: "Detect mssql bruteforce"
6filter: evt.Meta.log_type == 'mssql_failed_auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12  remediation: true
13  classification:
14    - attack.T1110
15  behavior: "database:bruteforce"
16  label: "MSSQL Bruteforce"
17  spoofable: 0
18  confidence: 3
19  service: mssql
20

Hub configuration

« mssql-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:mssqlspoofable:0MITRE:T1110confidence:3

« mssql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:mssqlspoofable:0MITRE:T1110confidence:3