pfsense-gui-bf Scenario

« pfsense-gui-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:pfsensespoofable:0MITRE:T1110confidence:3

Detect bruteforce on pfsense web interface

Installation

cscli scenarios install crowdsecurity/pfsense-gui-bf

Description

Detects bruteforce attempts on the pfSense web portal :

more than 5 attempts
10 seconds between each

YAML Configuration

1# pfsense web auth bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/pfsense-gui-bf
5description: "Detect bruteforce on pfsense web interface"
6filter: evt.Meta.log_type == 'pfsense-gui-failed-auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12  remediation: true
13  confidence: 3
14  spoofable: 0
15  classification:
16    - attack.T1110
17  behavior: "http:bruteforce"
18  label: "pfSense GUI Bruteforce"
19  service: pfsense
20

Hub configuration

« pfsense-gui-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:pfsensespoofable:0MITRE:T1110confidence:3

« pfsense-gui-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:pfsensespoofable:0MITRE:T1110confidence:3