pureftpd-bf Scenario

« pureftpd-bf »
v0.2 by fulljackz
Attack scenarioremediation:trueservice:ftpspoofable:0MITRE:T1110confidence:3

Detect pureftpd bruteforce

Installation

cscli scenarios install fulljackz/pureftpd-bf

YAML Configuration

1# Pureftpd authent bruteforce
2type: leaky
3name: fulljackz/pureftpd-bf
4description: "Detect pureftpd bruteforce"
5filter: "evt.Meta.log_type == 'pftpd_failed-auth'"
6leakspeed: "10s"
7capacity: 5
8groupby: evt.Meta.source_ip
9blackhole: 1m
10reprocess: true
11labels:
12  service: ftp
13  confidence: 3
14  spoofable: 0
15  classification:
16    - attack.T1110
17  behavior: "ftp:bruteforce"
18  label: "PureFTPD Bruteforce"
19  remediation: true
20

Hub configuration

« pureftpd-bf »v0.2 by fulljackzAttack scenarioremediation:trueservice:ftpspoofable:0MITRE:T1110confidence:3

« pureftpd-bf »
v0.2 by fulljackz
Attack scenarioremediation:trueservice:ftpspoofable:0MITRE:T1110confidence:3