cscli scenarios install crowdsecurity/palo-alto-threatThis scenario trigger an alert for IP reported by Palo Alto Threat Log if the severity of the threat is higher or equal to medium.
1type: trigger2debug: false3name: crowdsecurity/palo-alto-threat4filter: evt.Meta.log_type == "palo_alto" && evt.Meta.severity in ["medium", "high", "critical"]5description: Detect palo alto threat with a severity higher or equal to medium6blackhole: 2m7labels:8 remediation: true9groupby: "evt.Meta.source_ip"10