cscli scenarios install crowdsecurity/odoo-bf_user-enum
Detect failed odoo authentications and user enum:
1# Odoo web auth bruteforce2type: leaky3#debug: true4name: crowdsecurity/odoo-bf5description: "Detect bruteforce on odoo web interface"6filter: evt.Meta.log_type == 'odoo_failed_auth'7leakspeed: "10s"8capacity: 59groupby: evt.Meta.source_ip10blackhole: 5m11labels:12 remediation: true13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 behavior: "http:bruteforce"18 label: "Odoo Bruteforce"19 service: odoo20---21# Odoo web auth user_enum22type: leaky23name: crowdsecurity/odoo_user-enum24description: "Detect odoo user enum"25filter: evt.Meta.log_type == 'odoo_failed_auth'26groupby: evt.Meta.source_ip27distinct: evt.Meta.user28leakspeed: 10s29capacity: 530blackhole: 1m31labels:32 remediation: true33 confidence: 334 spoofable: 035 classification:36 - attack.T111037 behavior: "http:bruteforce"38 label: "Odoo Bruteforce"39 service: odoo40