pgsql-bf Scenario

« pgsql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:pgsqlspoofable:0MITRE:T1110confidence:3

Detect PgSQL bruteforce

Installation

cscli scenarios install crowdsecurity/pgsql-bf

Description

Detect several failed postgresql authentications.

leakspeed of 10s, capacity of 5

YAML Configuration

1# pgsql bruteforce
2type: leaky
3#debug: true
4name: crowdsecurity/pgsql-bf
5description: "Detect PgSQL bruteforce"
6filter: evt.Meta.log_type == 'pgsql_failed_auth'
7leakspeed: "10s"
8capacity: 5
9groupby: evt.Meta.source_ip
10blackhole: 5m
11labels:
12 service: pgsql
13 remediation: true
14 confidence: 3
15 spoofable: 0
16 classification:
17  - attack.T1110
18 behavior: "database:bruteforce"
19 label: "Postgres Bruteforce"
20

Hub configuration

« pgsql-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:pgsqlspoofable:0MITRE:T1110confidence:3

« pgsql-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:pgsqlspoofable:0MITRE:T1110confidence:3