CyberMind-FR
c2ea22bcab
- repair_lapi() now removes stale online_api_credentials.yaml and retries - New repair_capi() function for dedicated CAPI repair - console_enroll() handles CAPI credential cleanup before retry - Added repairCapi API method in frontend - Bump luci-app-crowdsec-dashboard to 0.7.0-r20 - Add openwrt-luci-bf.yaml scenario for LuCI brute force detection - Add secubox-auth-acquis.yaml acquisition config Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
19 lines
509 B
YAML
19 lines
509 B
YAML
# CrowdSec Scenario for SecuBox LuCI Brute Force Detection
|
|
# Triggers when multiple authentication failures are detected from the same IP
|
|
# Works with secubox/openwrt-luci-auth parser
|
|
|
|
type: leaky
|
|
name: secubox/openwrt-luci-bf
|
|
description: "Detect LuCI/OpenWrt web interface brute force attempts"
|
|
filter: "evt.Meta.log_type == 'auth_failure'"
|
|
leakspeed: "10s"
|
|
capacity: 5
|
|
groupby: evt.Meta.source_ip
|
|
blackhole: 1m
|
|
reprocess: true
|
|
labels:
|
|
service: http
|
|
remediation: true
|
|
type: bruteforce
|
|
confidence: 3
|