cscli scenarios install crowdsecurity/smb-bftracks failed samba authentications.
1# smb bruteforce2type: leaky3name: crowdsecurity/smb-bf4description: "Detect smb bruteforce"5filter: evt.Meta.log_type == 'smb_failed_auth'6leakspeed: "10s"7capacity: 58groupby: evt.Meta.source_ip9blackhole: 5m10labels:11 service: smb12 remediation: true13 confidence: 314 spoofable: 015 classification:16 - attack.T111017 behavior: "smb:bruteforce"18 label: "SMB Bruteforce"