fix some scenarios description

crowdsecurity · Nov 13, 2024 · a49c8f3 · a49c8f3
1 parent 15fe1bb
commit a49c8f3
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml b/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/http-bf-wordpress_bf_xmlrpc
-description: "detect wordpress bruteforce on xmlrpc"
+description: "Detect WordPress bruteforce on XML-RPC endpoint"
 debug: false
 # XMLRPC always returns 200
 filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name == 'xmlrpc.php' && evt.Parsed.verb == 'POST'"

diff --git a/scenarios/crowdsecurity/impossible-travel.yaml b/scenarios/crowdsecurity/impossible-travel.yaml
@@ -1,7 +1,7 @@
 ## Generic bucket to handle impossible travel for authentication
 type: conditional
 name: crowdsecurity/impossible-travel
-description: "impossible travel"
+description: "Detect Impossible Travel"
 filter: "evt.Meta.log_type == 'auth_success' && evt.Meta.user not in ['', nil]"
 groupby: "evt.Meta.service + evt.Meta.user"
 # To make it generic we concatenate the service name and the user

diff --git a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/iptables-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans"
 filter: "evt.Meta.log_type == 'iptables_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port

diff --git a/scenarios/firewallservices/pf-scan-multi_ports.yaml b/scenarios/firewallservices/pf-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: firewallservices/pf-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans (pf)"
 filter: "evt.Meta.log_type == 'pf_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port