cscli scenarios install openappsec/openappsec-xss
1type: trigger2#debug: true3name: openappsec/openappsec-xss4description: "Detect openappsec 'prevent' securityActions on 'Cross Site Scripting' events (when waf blocks malicious request)"5filter: evt.Meta.log_type == 'openappsec_security_log' and Lower(evt.Meta.security_action) in ['prevent', 'detect'] and Lower(evt.Meta.incident_type) contains 'cross site scripting'6groupby: evt.Meta.source_ip7blackhole: 5m8labels:9 service: http10 classification:11 - attack.T118912 - attack.T159513 - attack.T119014 spoofable: 015 confidence: 216 behavior: "http:exploit"17 label: "Openappsec 'XSS' detection"18 remediation: true19