Hub configuration

More info

openvpn-bf Scenario

« OpenVPN Bruteforce »
v0.2 by pserranoa / openvpn-bf
Attack scenarioopenvpnNot spoofableHigh confidence

Detect openvpn bruteforce

Installation

cscli scenarios install pserranoa/openvpn-bf

Description

3 failed authentication attempts within 1 minute leakspeed.

YAML Configuration

1# openvpn bruteforce detection / auth_failed
2type: leaky
3name: pserranoa/openvpn-bf
4description: "Detect openvpn bruteforce"
5filter: "evt.Meta.service == 'openvpn' && evt.Meta.log_type == 'auth_failed'"
6leakspeed: "1m"
7blackhole: 5m
8capacity: 3
9groupby: evt.Meta.source_ip
10reprocess: true
11labels:
12 service: openvpn
13 remediation: true
14 confidence: 3
15 spoofable: 0
16 classification:
17   - attack.T1110
18 label: "OpenVPN Bruteforce"
19 behaviour: "generic:bruteforce"
20

Hub configuration

« OpenVPN Bruteforce »v0.2 by pserranoa / openvpn-bfAttack scenarioopenvpnNot spoofableHigh confidenceMITRE:T1110

« OpenVPN Bruteforce »
v0.2 by pserranoa / openvpn-bf
Attack scenarioopenvpnNot spoofableHigh confidence