gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
aeb4825b25
secubox-openwrt/package/secubox/mac-guardian/files/etc/crowdsec/scenarios/secubox-mac-spoof.yaml
CyberMind-FR aeb4825b25 feat(mac-guardian): Add WiFi MAC security monitor 
Pure-shell WiFi MAC address security monitor detecting randomized MACs,
OUI anomalies, MAC floods, and spoofing. Integrates with CrowdSec via
JSON log parsing and provides real-time hostapd hotplug detection.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 15:26:18 +01:00

10 lines
246 B
YAML
Raw Blame History

type: trigger
name: secubox/mac-spoof
description: "Detect MAC address spoofing on WiFi"
filter: "evt.Parsed.event_type == 'spoof_detected'"
groupby: "evt.Meta.source_mac"
remediation: false
labels:
service: mac-guardian
type: wifi_mac_spoof
Reference in New Issue View Git Blame Copy Permalink