cscli scenarios install crowdsecurity/pgsql-user-enum
Detects attempts to enumerate postgresql users
leakspeed of 10s, capacity of 5
1type: leaky2name: crowdsecurity/pgsql-user-enum3description: "Detect postgresql user enumeration"4filter: evt.Meta.log_type == 'pgsql_failed_auth'5groupby: evt.Meta.source_ip6distinct: evt.Meta.user7leakspeed: 10s8capacity: 59blackhole: 1m10labels:11 service: pgsql12 remediation: true13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 - attack.T158918 behavior: "database:bruteforce"19 label: "Postgres Bruteforce"