cscli scenarios install crowdsecurity/opnsense-gui-bfDetects bruteforce attempts on the OPNSense web portal :
1# opnsense web auth bruteforce2type: leaky3#debug: true4name: crowdsecurity/opnsense-gui-bf5description: "Detect bruteforce on opnsense web interface"6filter: evt.Meta.log_type == 'opnsense-gui-failed-auth'7leakspeed: "10s"8capacity: 59groupby: evt.Meta.source_ip10blackhole: 5m11labels:12 remediation: true13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 behavior: "http:bruteforce"18 label: "OPNsense GUI Bruteforce"19 service: opnsense20