CyberMind-FR
e62919eec7
- Rename crowdsec-firewall-bouncer to secubox-app-cs-firewall-bouncer - Rename secubox-auth-logger to secubox-app-auth-logger - Delete secubox-crowdsec-setup (merged into other packages) - Fix circular dependencies in luci-app-secubox-crowdsec - Fix dependency chain in secubox-app-crowdsec-bouncer - Add consolidated get_overview API to crowdsec-dashboard - Improve crowdsec-dashboard overview performance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
19 lines
509 B
YAML
19 lines
509 B
YAML
# CrowdSec Scenario for SecuBox LuCI Brute Force Detection
|
|
# Triggers when multiple authentication failures are detected from the same IP
|
|
# Works with secubox/openwrt-luci-auth parser
|
|
|
|
type: leaky
|
|
name: secubox/openwrt-luci-bf
|
|
description: "Detect LuCI/OpenWrt web interface brute force attempts"
|
|
filter: "evt.Meta.log_type == 'auth_failure'"
|
|
leakspeed: "10s"
|
|
capacity: 5
|
|
groupby: evt.Meta.source_ip
|
|
blackhole: 1m
|
|
reprocess: true
|
|
labels:
|
|
service: http
|
|
remediation: true
|
|
type: bruteforce
|
|
confidence: 3
|