Skip to content

Commit

Permalink
enhance: Add missing labels to openvpn bruteforce scenario
Browse files Browse the repository at this point in the history
  • Loading branch information
@LaurenceJJones
LaurenceJJones committed Dec 18, 2024
1 parent 4da98bc commit c1c6b31
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
16 changes: 13 additions & 3 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17778,21 +17778,31 @@
},
"pserranoa/openvpn-bf": {
"path": "scenarios/pserranoa/openvpn-bf.yml",
"version": "0.1",
"version": "0.2",
"versions": {
"0.1": {
"digest": "22a4026f3fd636871afb2c2e7498cfe81be354f77aa9e2a175f299e6a2998952",
"deprecated": false
},
"0.2": {
"digest": "52ace71c20c05736950b5f90c4cc4b763d221c52b9b418b954d3fc03604ce9a4",
"deprecated": false
}
},
"long_description": "IyBEZXNjcmlwdGlvbgoKLSAzIGZhaWxlZCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0cyB3aXRoaW4gMSBtaW51dGUgbGVha3NwZWVkLg==",
"content": "IyBvcGVudnBuIGJydXRlZm9yY2UgZGV0ZWN0aW9uIC8gYXV0aF9mYWlsZWQKdHlwZTogbGVha3kKbmFtZTogcHNlcnJhbm9hL29wZW52cG4tYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbnZwbiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdvcGVudnBuJyAmJiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXV0aF9mYWlsZWQnIgpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpjYXBhY2l0eTogMwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IG9wZW52cG4KIHR5cGU6IGF1dGhfZmFpbGVkCiByZW1lZGlhdGlvbjogdHJ1ZQ==",
"content": "IyBvcGVudnBuIGJydXRlZm9yY2UgZGV0ZWN0aW9uIC8gYXV0aF9mYWlsZWQKdHlwZTogbGVha3kKbmFtZTogcHNlcnJhbm9hL29wZW52cG4tYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbnZwbiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdvcGVudnBuJyAmJiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXV0aF9mYWlsZWQnIgpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpjYXBhY2l0eTogMwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IG9wZW52cG4KIHJlbWVkaWF0aW9uOiB0cnVlCiBjb25maWRlbmNlOiAzCiBzcG9vZmFibGU6IDAKIGNsYXNzaWZpY2F0aW9uOgogICAtIGF0dGFjay5UMTExMAogbGFiZWw6ICJPcGVuVlBOIEJydXRlZm9yY2UiCiBiZWhhdmlvdXI6ICJnZW5lcmljOmJydXRlZm9yY2UiCg==",
"description": "Detect openvpn bruteforce",
"author": "pserranoa",
"labels": {
"behaviour": "generic:bruteforce",
"classification": [
"attack.T1110"
],
"confidence": 3,
"label": "OpenVPN Bruteforce",
"remediation": true,
"service": "openvpn",
"type": "auth_failed"
"spoofable": 0
}
},
"schiz0phr3ne/prowlarr-bf": {
Expand Down
9 changes: 7 additions & 2 deletions scenarios/pserranoa/openvpn-bf.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,10 @@ groupby: evt.Meta.source_ip
reprocess: true
labels:
service: openvpn
type: auth_failed
remediation: true
remediation: true
confidence: 3
spoofable: 0
classification:
- attack.T1110
label: "OpenVPN Bruteforce"
behaviour: "generic:bruteforce"

0 comments on commit c1c6b31

Please sign in to comment.