synology-dsm-bf Scenario

« synology-dsm-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:synology_dsmspoofable:0MITRE:T1110confidence:3

Detect Synology DSM web auth bruteforce

Installation

cscli scenarios install crowdsecurity/synology-dsm-bf

Description

leakspeed of 10s, capacity of 5

YAML Configuration

1# Synology DSM auth.log bruteforce
2type: leaky
3name: crowdsecurity/synology-dsm-bf
4description: "Detect Synology DSM web auth bruteforce"
5filter: "evt.Meta.log_type == 'synology-dsm_failed_auth'"
6leakspeed: "10s"
7capacity: 5
8groupby: evt.Meta.source_ip
9blackhole: 1m
10reprocess: true
11labels:
12 service: synology_dsm
13 remediation: true
14 confidence: 3
15 spoofable: 0
16 classification:
17  - attack.T1110
18 behavior: "http:bruteforce"
19 label: "Synology DSM Bruteforce"

Hub configuration

« synology-dsm-bf »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:synology_dsmspoofable:0MITRE:T1110confidence:3

« synology-dsm-bf »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:synology_dsmspoofable:0MITRE:T1110confidence:3