audiobookshelf-bf Configuration

« audiobookshelf-bf »
v0.1 by plague-doctor
Attack scenarioremediation:truetype:bruteforce service:audiobookshelfspoofable:0MITRE:T1110confidence:3

Detect Audiobookshelf bruteforce attacks

Installation

cscli scenarios install plague-doctor/audiobookshelf-bf

Description

Detect failed Audiobookshelf authentications:

3 failed authentication attempts within 1 minute leakspeed

YAML Configuration

1# Audiobookshelf bruteforce
2type: leaky
3name: plague-doctor/audiobookshelf-bf
4description: "Detect Audiobookshelf bruteforce attacks"
5filter: "evt.Meta.service == 'audiobookshelf' && evt.Meta.log_type == 'abs_failed_auth'"
6leakspeed: 1m
7capacity: 3
8groupby: evt.Meta.source_ip
9blackhole: 5m
10reprocess: true
11labels:
12    service: audiobookshelf
13    type: bruteforce
14    classification:
15        - attack.T1110
16    remediation: true
17    behavior: http:bruteforce
18    spoofable: 0
19    confidence: 3
20

Hub configuration

« audiobookshelf-bf »v0.1 by plague-doctorAttack scenarioremediation:truetype:bruteforce service:audiobookshelfspoofable:0MITRE:T1110confidence:3

« audiobookshelf-bf »
v0.1 by plague-doctor
Attack scenarioremediation:truetype:bruteforce service:audiobookshelfspoofable:0MITRE:T1110confidence:3