cscli scenarios install crowdsecurity/proftpd-bf_user-enum1type: leaky2name: crowdsecurity/proftpd-bf_user-enum3description: "Detect proftpd user enum bruteforce"4filter: evt.Meta.log_type == 'ftp_failed_auth'5groupby: evt.Meta.source_ip6distinct: evt.Meta.target_user7leakspeed: 10s8capacity: 59blackhole: 1m10labels:11 service: proftpd12 remediation: true13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 - attack.T119018 behavior: "ftp:bruteforce"19 label: "Proftpd Bruteforce"20