{ "collections": { "Dominic-Wagner/vaultwarden": { "path": "collections/Dominic-Wagner/vaultwarden.yml", "version": "0.1", "versions": { "0.1": { "digest": "41f537b7985ef168a1d31c7cb10a49672925313724d523fba8389714c4222742", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIFZhdWx0d2FyZGVuIHBhcnNlcgogLSBWYXVsdHdhcmRlbiBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCg==", "content": "cGFyc2VyczoKICAtIERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWxvZ3MKc2NlbmFyaW9zOgogIC0gRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tYmYKZGVzY3JpcHRpb246ICJWYXVsdHdhcmRlbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogRG9taW5pYy1XYWduZXIKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gdmF1bHR3YXJkZW4K", "description": "Vaultwarden support : parser and brute-force detection", "author": "Dominic-Wagner", "labels": null, "parsers": [ "Dominic-Wagner/vaultwarden-logs" ], "scenarios": [ "Dominic-Wagner/vaultwarden-bf" ] }, "LePresidente/authelia": { "path": "collections/LePresidente/authelia.yml", "version": "0.2", "versions": { "0.1": { "digest": "483d6a415e6649614ce28efbc2f87cf35664d989469e97cbd1f4d8b8ab7916ed", "deprecated": false }, "0.2": { "digest": "24800ff1ae7b37bf343bc7dfc9053c0130e75c832826782fa422b182b787e0d5", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQXV0aGVsaWFdKGh0dHBzOi8vd3d3LmF1dGhlbGlhLmNvbSkgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEF1dGhlbGlhIHBhcnNlcgogLSBBdXRoZWxpYSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpJZiB1c2luZyBMT0dfRklMRSBlbnZpcm9ubWVudCB2YXJpYWJsZToKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9BdXRoZWxpYS5sb2cKbGFiZWxzOgogIHR5cGU6IGF1dGhlbGlhCmBgYA==", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9hdXRoZWxpYS1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZgpkZXNjcmlwdGlvbjogIkF1dGhlbGlhIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gYXV0aGVsaWE=", "description": "Authelia Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/authelia-logs" ], "scenarios": [ "LePresidente/authelia-bf" ] }, "LePresidente/emby": { "path": "collections/LePresidente/emby.yml", "version": "0.1", "versions": { "0.1": { "digest": "53801da28b3557ad39bc8672d0db62d845cc401bbfcde36f6f4b7f0d8a749fe9", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbRW1ieV0oaHR0cHM6Ly9lbWJ5Lm1lZGlhKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gRW1ieSBwYXJzZXIKIC0gRW1ieSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpJZiB1c2luZyBMT0dfRklMRSBlbnZpcm9ubWVudCB2YXJpYWJsZToKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9lbWJ5c2VydmVyLnR4dApsYWJlbHM6CiAgdHlwZTogZW1ieQpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9lbWJ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL2VtYnktYmYKZGVzY3JpcHRpb246ICJFbWJ5IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gZW1ieQ==", "description": "Emby support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/emby-logs" ], "scenarios": [ "LePresidente/emby-bf" ] }, "LePresidente/gitea": { "path": "collections/LePresidente/gitea.yml", "version": "0.2", "versions": { "0.1": { "digest": "1282681d69e45e64050a497ac8f17bfb67ba55a0c494743e3f5b33c2f3cee97d", "deprecated": false }, "0.2": { "digest": "f5098f91736d1c3b835dfb741c271cad33a21ffb78e0554357950313ecdfe037", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbR2l0ZWFdKGh0dHBzOi8vZ2l0ZWEuaW8pIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEdpdGVhIHBhcnNlcgogLSBHaXRlYSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGVhLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0ZWEKYGBg", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9naXRlYS1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9naXRlYS1iZgpkZXNjcmlwdGlvbjogIkdpdGVhIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gZ2l0ZWE=", "description": "Gitea Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/gitea-logs" ], "scenarios": [ "LePresidente/gitea-bf" ] }, "LePresidente/jellyseerr": { "path": "collections/LePresidente/jellyseerr.yml", "version": "0.1", "versions": { "0.1": { "digest": "aca16e29cb6b48379195cc5a945d40ec50839728ad57bfeaca2002cb74c4e942", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSmVsbHlTZWVycl0oaHR0cHM6Ly9naXRodWIuY29tL0ZhbGxlbmJhZ2VsL2plbGx5c2VlcnIpIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEplbGx5U2VlcnIgcGFyc2VyCiAtIEplbGx5U2VlcnIgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIGplbGx5c2VlcnIKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogamVsbHlzZWVycgpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9qZWxseXNlZXJyLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItYmYKZGVzY3JpcHRpb246ICJqZWxseXNlZXJyIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gamVsbHlzZWVycg==", "description": "jellyseerr Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/jellyseerr-logs" ], "scenarios": [ "LePresidente/jellyseerr-bf" ] }, "LePresidente/ombi": { "path": "collections/LePresidente/ombi.yml", "version": "0.2", "versions": { "0.1": { "digest": "e9d9d297381904e0a1cc418bc8474969bca3f37acde631e7ed84529bd7e7f1f4", "deprecated": false }, "0.2": { "digest": "fa7cf1b7df176ab36a30f56f863949f204ffea11ba93ab2d31e63c88a716725c", "deprecated": false } }, "long_description": "RXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvb21iaS9sb2ctKi50eHQKbGFiZWxzOgogIHR5cGU6IG9tYmkKYGBg", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9vbWJpLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL29tYmktYmYKZGVzY3JpcHRpb246ICJPbWJpIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gb21iaQ==", "description": "Ombi Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/ombi-logs" ], "scenarios": [ "LePresidente/ombi-bf" ] }, "baudneo/gotify": { "path": "collections/baudneo/gotify.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9d3c0d0e2271d560f5aa45601cca9dd1d4f5722e7f1ca8198f21acc1231bca34", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIEdvdGlmeSBzZXJ2ZXIu", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGJhdWRuZW8vZ290aWZ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gYmF1ZG5lby9nb3RpZnktYmYKZGVzY3JpcHRpb246ICJHb3RpZnkgYnJ1dGVmb3JjZSBsb2dpbiBwcm90ZWN0aW9uIgphdXRob3I6IGJhdWRuZW8KdGFnczoKICAtIEdvdGlmeQogIC0gYnJ1dGVmb3JjZQo=", "description": "Gotify bruteforce login protection", "author": "baudneo", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "baudneo/gotify-logs" ], "scenarios": [ "baudneo/gotify-bf" ] }, "baudneo/zoneminder": { "path": "collections/baudneo/zoneminder.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2ea1b2b8b5b7f1f6fe3c23300c08f0e6df8afea45ad94cb4cf6af36cdf489174", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBicnV0ZWZvcmNlIGxvZ2lucyBvbiBab25lTWluZGVyLg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGJhdWRuZW8vem9uZW1pbmRlci1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKc2NlbmFyaW9zOgogIC0gYmF1ZG5lby96b25lbWluZGVyLWJmCmRlc2NyaXB0aW9uOiAiWm9uZU1pbmRlciBicnV0ZWZvcmNlIGxvZ2luIHByb3RlY3Rpb24iCmF1dGhvcjogYmF1ZG5lbwp0YWdzOgogIC0gWm9uZU1pbmRlcgogIC0gYnJ1dGVmb3JjZQo=", "description": "ZoneMinder bruteforce login protection", "author": "baudneo", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "baudneo/zoneminder-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "baudneo/zoneminder-bf" ] }, "crowdsecurity/apache2": { "path": "collections/crowdsecurity/apache2.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3601f38e187479724e830e0182f51468c980f661e6eedc6d2e586f622e3b48ea", "deprecated": false } }, "long_description": "IyMgQXBhY2hlMiBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIGFwYWNoZTIgOgogLSBhcGFjaGUyIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIGZvciBjcmF3bCwgc2NhbiBldGMuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXBhY2hlMi8qLmxvZwogIC0gL3Zhci9sb2cvKmh0dHBkKi5sb2cKICAtIC92YXIvbG9nL2h0dHBkLypsb2cKbGFiZWxzOgogIHR5cGU6IGFwYWNoZTIKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiYXBhY2hlMiBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zICIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYXBhY2hlMgogIC0gY3Jhd2wKICAtIHNjYW4KCg==", "description": "apache2 support : parser and generic http scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/apache2-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/apiscp": { "path": "collections/crowdsecurity/apiscp.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0d5b10b1ab997a9826b657dfa145799904c7f340c38b0db0855f24900900408a", "deprecated": false } }, "long_description": "IyMgQXBpc0NQIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgQXBpc0NQIDoKIC0gQXBhY2hlIGxvZyBwYXJzZXIgZm9yIGFwaXNDUCBhbmQgaHR0cGQgYWNjZXNzX2xvZwogLSBTY2VuYXJpbyB0byBkZXRlY3QgYnJ1dGVmb3JjZSBvbiBBcGlzQ1AgYWRtaW4gcGFnZQogLSBDb2xsZWN0aW9ucyBmb3Igc3VwcG9ydGVkIHNlcnZpY2VzOgogICAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZTIKICAgIC0gY3Jvd2RzZWN1cml0eS9kb3ZlY290CiAgICAtIGNyb3dkc2VjdXJpdHkvaGFwcm94eQogICAgLSBjcm93ZHNlY3VyaXR5L215c3FsCiAgICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeAogICAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsCiAgICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC91c3IvbG9jYWwvYXBuc2NwL3N0b3JhZ2UvbG9ncy9hY2Nlc3NfbG9nCiAgLSAvdXNyL2xvY2FsL2FwbnNjcC9zdG9yYWdlL2xvZ3MvZXJyb3JfbG9nCmxhYmVsczoKICB0eXBlOiBhcGFjaGUyCi0tLQpmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9wZ3NxbC8qLmxvZwpsYWJlbHM6CiAgdHlwZTogcG9zdGdyZXMKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL21haWxsb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwotLS0KZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbXlzcWxkLmxvZwpsYWJlbHM6CiAgdHlwZTogbXlzcWwKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL3ZzZnRwZC5sb2cKbGFiZWxzOgogIHR5cGU6IHZzZnRwZApgYGAKCllvdSBjYW4gYWxzbyBtb25pdG9yIGFsbCB0aGUgY3JlYXRlZCBgTmV4dXNgIGJ5IHJlcGxhY2luZyBgL3Zhci9sb2cvYCBieSBgL2hvbWUvdmlydHVhbC88c2l0ZV9uYW1lPi92YXIvbG9nL2AuCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCgo=", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWFwaXNjcC1iZgpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMgogIC0gY3Jvd2RzZWN1cml0eS9kb3ZlY290CiAgLSBjcm93ZHNlY3VyaXR5L2hhcHJveHkKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeAogIC0gY3Jvd2RzZWN1cml0eS9wZ3NxbAogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQKZGVzY3JpcHRpb246ICJhcGlzQ1Agc3VwcG9ydCA6IGNvbGxlY3Rpb25zIGZvciBzZXJ2aWNlcyBzdXBwb3J0ZWQgYnkgYXBpc0NQICsgYXBpc0NQIGFkbWluIHBhZ2UgcGFyc2VyL3NjZW5hcmlvIGJydXRlZm9yY2UiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gYXBpc2NwCgo=", "description": "apisCP support : collections for services supported by apisCP + apisCP admin page parser/scenario bruteforce", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-apiscp-bf" ], "collections": [ "crowdsecurity/apache2", "crowdsecurity/dovecot", "crowdsecurity/haproxy", "crowdsecurity/mysql", "crowdsecurity/postfix", "crowdsecurity/pgsql", "crowdsecurity/vsftpd" ] }, "crowdsecurity/asterisk": { "path": "collections/crowdsecurity/asterisk.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4dcfaad1205510572bc715811b4f70a4ab12ad2a54a7ceac202ce9f2517502cd", "deprecated": false } }, "long_description": "IyMgQXN0ZXJpc2sgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBhc3RlcmlzayA6CiAtIGFzdGVyaXNrIGxvZyBwYXJzZXIKIC0gYXN0ZXJpc2sgdXNlciBlbnVtZXJhdGlvbiBzY2VuYXJpbwogLSBhc3RlcmlzayBicnV0ZWZvcmNlIHNjZW5hcmlvCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2FzdGVyaXNrLyoubG9nCmxhYmVsczoKICB0eXBlOiBhc3RlcmlzawpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24KCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXN0ZXJpc2stbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2FzdGVyaXNrX2JmCiAgLSBjcm93ZHNlY3VyaXR5L2FzdGVyaXNrX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogImFzdGVyaXNrIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlZm9yY2UvdXNlciBlbnVtZXJhdGlvbiBzY2VuYXJpb3MgIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGFzdGVyaXNrCiAgLSBicnV0ZWZvcmNlCgo=", "description": "asterisk support : parser and bruteforce/user enumeration scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/asterisk-logs" ], "scenarios": [ "crowdsecurity/asterisk_bf", "crowdsecurity/asterisk_user_enum" ] }, "crowdsecurity/base-http-scenarios": { "path": "collections/crowdsecurity/base-http-scenarios.yaml", "version": "0.6", "versions": { "0.1": { "digest": "7ee043a9d2e063cad751e6ce5d048f02518a76d39ec81aebed3bae736b0ced9e", "deprecated": false }, "0.2": { "digest": "affdb706e66ffd924086b24e94734589672fb531f80fe366ab06a8c3228962e2", "deprecated": false }, "0.3": { "digest": "543df5abb020afb51f3ab9d83cdc031e95572983e72f32a59b9f6f75cac990c3", "deprecated": false }, "0.4": { "digest": "15018789eeb01f907fad18a16a1bfd3dc4be972455b22b86c73fd95ef334a072", "deprecated": false }, "0.5": { "digest": "98c63493ca04367acd2d889d54141f9bcf22573301b161d6d268ca053159e94e", "deprecated": false }, "0.6": { "digest": "2d70781df8c630d36e5f4800bde77dd7e130481e9c658aa0b3aae7ae95e15271", "deprecated": false } }, "long_description": "Kipjb250YWlucyBubyBwYXJzZXIsIG1lYW50IHRvIGJlIGVtYmVkZGVkKioKCkEgY29sbGVjdGlvbiBvZiBkZWZlbnNpdmUgKGltcGxlbWVudGF0aW9uIGluZGVwZW5kZW50KSBzY2VuYXJpb3MgZm9yIGh0dHAgc2VydmljZXMgOgogLSBhZ2dyZXNzaXZlIGNyYXdsIGRldGVjdGlvbgogLSBzY2FubmluZy9wcm9iaW5nIGRldGVjdGlvbgogLSBiYWQgdXNlci1hZ2VudCBkZXRlY3Rpb24KIC0gcGF0aCB0cmF2ZXJzYWwgZGV0ZWN0aW9uCiAtIHNlbnNpdGl2ZSBkYXRhIGFjY2VzcyBhdHRlbXB0cyBkZXRlY3Rpb24KIC0gU1FMIGluamVjdGlvbiBkZXRlY3Rpb24KCjp3YXJuaW5nOiBUaGlzIGNvbGxlY3Rpb24gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCgoK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jcmF3bC1ub25fc3RhdGljcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudAogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXBhdGgtdHJhdmVyc2FsLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zcWxpLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC14c3MtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJhY2tkb29ycy1hdHRlbXB0cwogIC0gbHRzaWNoL2h0dHAtdzAwdHcwMHQKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1nZW5lcmljLWJmCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtb3Blbi1wcm94eQpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUKCmRlc2NyaXB0aW9uOiAiaHR0cCBjb21tb24gOiBzY2FubmVycyBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2FuCgo=", "description": "http common : scanners detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/http-logs" ], "scenarios": [ "crowdsecurity/http-crawl-non_statics", "crowdsecurity/http-probing", "crowdsecurity/http-bad-user-agent", "crowdsecurity/http-path-traversal-probing", "crowdsecurity/http-sensitive-files", "crowdsecurity/http-sqli-probing", "crowdsecurity/http-xss-probing", "crowdsecurity/http-backdoors-attempts", "ltsich/http-w00tw00t", "crowdsecurity/http-generic-bf", "crowdsecurity/http-open-proxy" ], "collections": [ "crowdsecurity/http-cve" ] }, "crowdsecurity/caddy": { "path": "collections/crowdsecurity/caddy.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3501cb76beba2ec7f0ed44cf10e249e4db279903813e8b659c1d731c3a66ab2f", "deprecated": false } }, "long_description": "IyMgQ2FkZHkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBjYWRkeSBhZ2FpbnN0IGNvbW1vbiBodHRwIGF0dGFja3MgOgogLSBjYWRkeSBwYXJzZXIKIC0gYmFzZS1odHRwLXNjZW5hcmlvcyBjb2xsZWN0aW9uIHRvIGRldGVjdCBodHRwIGJhZCBiZWhhdmlvcnMKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9jYWRkeS8qLmxvZwogIHR5cGU6IGNhZGR5CmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvY2FkZHktbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogImNhZGR5IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGNhZGR5CiAgLSBjcmF3bAogIC0gc2Nhbgo=", "description": "caddy support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/caddy-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/cpanel": { "path": "collections/crowdsecurity/cpanel.yaml", "version": "0.2", "versions": { "0.1": { "digest": "708cb00f74feff6b8bc5109ba0dea0ed646229adbbb2174288ea7bd185b31e53", "deprecated": false }, "0.2": { "digest": "f2496391e82604dcba85c91ba79ec8204661aca4fdb38f6c46773f203c99b9fe", "deprecated": false } }, "long_description": "IyMgQ3BhbmVsIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgY3BhbmVsLiBDb250YWluczoKICogY3BhbmVsIGxvZyBwYXJzZXIKICogY3BhbmVsIHNjZW5hcmlvIHRvIGRldGVjdCBicnV0ZWZvcmNlCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL2hvbWUvPHVzZXJuYW1lPi9sb2dzL2NwYW5lbC9sb2dpbl9sb2cKbGFiZWxzOgogIHR5cGU6IGNwYW5lbApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvY3BhbmVsLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9jcGFuZWwtYmYKICAtIGNyb3dkc2VjdXJpdHkvY3BhbmVsLWJmLWF0dGVtcHQKZGVzY3JpcHRpb246ICJjcGFuZWwgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGVmb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGNwYW5lbAogIC0gYnJ1dGVmb3JjZQo=", "description": "cpanel support : parser and bruteforce detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/cpanel-logs" ], "scenarios": [ "crowdsecurity/cpanel-bf", "crowdsecurity/cpanel-bf-attempt" ] }, "crowdsecurity/dovecot": { "path": "collections/crowdsecurity/dovecot.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7990a4b855273b5ceaa379d2979d796e070c96a398caeefbfa1933cc36f690be", "deprecated": false } }, "long_description": "IyMgRG92ZWNvdCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIGRvdmVjb3QKICogZG92ZWNvdCBsb2cgcGFyc2VycwogKiBkb3ZlY290IHNjZW5hcmlvIGJydXRlZm9yY2Ugc3BhbSBhdHRlbXB0CgpUaGlzIGNvbGxlY3Rpb24gbW9zdGx5IGFpbXMgYXQgZ2V0dGluZyBzaW1pbGFyIHNwYW0gcHJvdGVjdGlvbiBhcwp0aGUgbm9ybWFsIGZhaWwyYmFuIGRvdmVjb3QgY29uZmlndXJhdGlvbi4KCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9MdFNpY2gKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9tYWlsLmxvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKCm5vdGVzIDoKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZG92ZWNvdCBzdXBwb3J0IDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3BhbQogIC0gYnJ1dGVmb3JjZQo=", "description": "dovecot support : parser and spammer detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/dovecot-logs" ], "scenarios": [ "crowdsecurity/dovecot-spam" ] }, "crowdsecurity/endlessh": { "path": "collections/crowdsecurity/endlessh.yaml", "version": "0.1", "versions": { "0.1": { "digest": "43b070a6e5c49f66dc970d4a8cc8fb37cef90c5da5aa6276c012e343ba06f0e5", "deprecated": false } }, "long_description": "IyMgRW5kbGVzc2ggY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBbRW5kbGVzc2hdKGh0dHBzOi8vZ2l0aHViLmNvbS9za2VldG8vZW5kbGVzc2gpCiAqIGxvZyBwYXJzZXIKICogYnJ1dGUtZm9yY2Ugc2NlbmFyaW8KCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9iYW14MjMKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2VuZGxlc3NoLmxvZwpsYWJlbHM6CiAgdHlwZTogZW5kbGVzc2gKYGBgCgpZb3UgbmVlZCB0byBjb25maWd1cmUgRW5kbGVzc2ggdG8gd3JpdGUgbG9ncyB0byB0aGlzIHBhdGguCkkuZS4gYnkgaGF2aW5nIHRoaXMgbGluZSBpbiBgL3Vzci9saWIvc3lzdGVtZC9zeXN0ZW0vZW5kbGVzc2guc2VydmljZWA6CgpgYGAKU3RhbmRhcmRPdXRwdXQ9ZmlsZTovdmFyL2xvZy9lbmRsZXNzaC5sb2cKYGBgCg==", "content": "I3RoZSBsaXN0IG9mIHBhcnNlcnMgaXQgY29udGFpbnMKcGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtYmYKZGVzY3JpcHRpb246ICJlbmRsZXNzaCBzdXBwb3J0IDogbG9ncyBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3NoCiAgLSBlbmRsZXNzaAogIC0gYnJ1dGVmb3JjZQo=", "description": "endlessh support : logs parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/endlessh-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "crowdsecurity/endlessh-bf" ] }, "crowdsecurity/exchange": { "path": "collections/crowdsecurity/exchange.yaml", "version": "0.3", "versions": { "0.1": { "digest": "95cf2f72de900427c545793800c465716508b4e2953bdc0024b8d757fbbed8df", "deprecated": false }, "0.2": { "digest": "cc3b0e749e8fd9470d6274bc9cace5d7fa1fa2d09eac6c36a4c998600c449dae", "deprecated": false }, "0.3": { "digest": "33da539eede53d578b7f415591d69b9ffabdfdf59b33de2a5f9224e5b345785c", "deprecated": false } }, "long_description": "IyMgRXhjaGFuZ2UgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBNaWNyb3NvZnQgRXhjaGFuZ2U6CiAtIERldGVjdCBicnV0ZWZvcmNlIG9uIGFuIE9XQSBpbnN0YW5jZQogLSBEZXRlY3QgYnJ1dGVmb3JjZSBvbiB0aGUgU01UUCBzZXJ2aWNlIG9mIEV4Y2hhbmdlCgpOb3RlOgogLSBUaGlzIGNvbGxlY3Rpb24gd2lsbCByZWFkIHRoZSBleGNoYW5nZSB0cmFuc3BvcnQgbG9ncywgd2hpY2ggYXJlIG5vdCB3cml0dGVuIHRvIGRpc2sgaW4gcmVhbCB0aW1lLiBJbiBvcmRlciB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZSBpbiBsb3cgdHJhZmZpYyBlbnZpcm9ubWVudCwgc2V0IHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgcGFyYW1ldGVyIHRvIGB0cnVlYC4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XFRyYW5zcG9ydFJvbGVzXExvZ3NcRnJvbnRFbmRcUHJvdG9jb2xMb2dcU210cFJlY2VpdmVcKi5MT0cKbGFiZWxzOgogIHR5cGU6IGV4Y2hhbmdlLXNtdHAKLS0tCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XExvZ2dpbmdcSW1hcDRcKi5MT0cKbGFiZWxzOgogIHR5cGU6IGV4Y2hhbmdlLWltYXAKLS0tCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XExvZ2dpbmdcUG9wM1wqLkxPRwpsYWJlbHM6CiAgdHlwZTogZXhjaGFuZ2UtcG9wCi0tLQojT1dBIGZhaWxlZCBhdHRlbXB0cyBhcmUgbG9nZ2VkIGluIHRoZSBzYW1lIHdheSBhcyBSRFAgZmFpbGVkIGF1dGggCnNvdXJjZTogd2luZXZlbnRsb2cKZXZlbnRfY2hhbm5lbDogU2VjdXJpdHkKZXZlbnRfaWRzOgogLSA0NjI1CmV2ZW50X2xldmVsOiBpbmZvcm1hdGlvbgpsYWJlbHM6CiB0eXBlOiBldmVudGxvZwpgYGA=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZXhjaGFuZ2Utc210cC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWltYXAtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9leGNoYW5nZS1wb3AtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MKICAtIGNyb3dkc2VjdXJpdHkvaWlzCmRlc2NyaXB0aW9uOiAiRXhjaGFuZ2Ugc3VwcG9ydCA6IEJydXRlZm9yY2UgZGV0ZWN0aW9uIGZvciBPV0EsU01UUCxJTUFQIGFuZCBQT1AiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2luZG93cwogIC0gaWlzCiAgLSBleGNoYW5nZQogIC0gYnJ1dGVmb3JjZQoK", "description": "Exchange support : Bruteforce detection for OWA,SMTP,IMAP and POP", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/exchange-smtp-logs", "crowdsecurity/exchange-imap-logs", "crowdsecurity/exchange-pop-logs" ], "scenarios": [ "crowdsecurity/exchange-bf", "crowdsecurity/windows-bf" ], "collections": [ "crowdsecurity/windows", "crowdsecurity/iis" ] }, "crowdsecurity/fastly": { "path": "collections/crowdsecurity/fastly.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6bac9453d3b274fc310b558fe41672ff09ac910463e3bea982b4f14cb3a7bf61", "deprecated": false } }, "long_description": "IyMgRmFzdGx5IGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgZmFzdGx5IGFnYWluc3QgY29tbW9uIGh0dHAgYXR0YWNrcyA6CiAtIGZhc3RseSBkZWZhdWx0IGxvZyBmb3JtYXQgcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYgZXRjLikKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9mYXN0bHkvKi5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwogIGV4dGVybmFsX2Zvcm1hdDogZmFzdGx5CmBgYAoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZmFzdGx5LWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKZGVzY3JpcHRpb246ICJmYXN0bHkgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmYXN0bHkKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2Fu", "description": "fastly support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/fastly-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/freebsd": { "path": "collections/crowdsecurity/freebsd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f2969de2e7c76a12e9c9f6a7797a62f184df6a2c188db2ac6b1e0914e342b59f", "deprecated": false } }, "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGZyZWVic2QqKgoKY29udGFpbnMgc3VwcG9ydCBmb3Igc3lzbG9nLCBkbyBub3QgcmVtb3ZlLgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGZyZWVic2Qgc3VwcG9ydCA6IHN5c2xvZytnZW9pcCtzc2giCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gZnJlZWJzZCAKCg==", "description": "core freebsd support : syslog+geoip+ssh", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "collections": [ "crowdsecurity/sshd" ] }, "crowdsecurity/haproxy": { "path": "collections/crowdsecurity/haproxy.yaml", "version": "0.1", "versions": { "0.1": { "digest": "41d5394188f55956e017cb3f851e93411dbf078b0176a0968dd7760b1ad5b2e5", "deprecated": false } }, "long_description": "IyMgSGFwcm94eSBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIGhhcHJveHkgaHR0cCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gaGFwcm94eSBodHRwIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmIGV0Yy4pCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2hhcHJveHkvKi5sb2cKbGFiZWxzOgogIHR5cGU6IGhhcHJveHkKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaGFwcm94eS1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiaGFwcm94eSBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBoYXByb3h5CiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "haproxy support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/haproxy-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/home-assistant": { "path": "collections/crowdsecurity/home-assistant.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4af5665511aa35371d1abf2007505863c4e166a1637a51a47c5f7db49f2bdf76", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaG9tZS1hc3Npc3RhbnQtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2hvbWUtYXNzaXN0YW50LWJmCmRlc2NyaXB0aW9uOiAiSG9tZSBhc3Npc3RhbnQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGhvbWUtYXNzaXN0YW50CiAgLSBicnV0ZWZvcmNlCg==", "description": "Home assistant support : logs and brute-force scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/home-assistant-logs" ], "scenarios": [ "crowdsecurity/home-assistant-bf" ] }, "crowdsecurity/http-cve": { "path": "collections/crowdsecurity/http-cve.yaml", "version": "1.6", "versions": { "0.1": { "digest": "30748e051a470c1bc91506ae63e8784cd054564f90ccc23eb655823fc30e3019", "deprecated": false }, "0.2": { "digest": "bc244c864674e59cd36ec4781bb85b5f94f77562a28a65e6bb64da789cf97379", "deprecated": false }, "0.3": { "digest": "8a33f5787f19100add139f53ae98978a2c265badaf99b09365a47d686baeb5b2", "deprecated": false }, "0.4": { "digest": "f5a38fc37ff6a5aa80a1411fe75ba27d9691ebf3da96b6d169d2fecc052fb528", "deprecated": false }, "0.5": { "digest": "f9be2b19b2c12d4b0d4fc10de95b3138c4ae19ccaa04975d1e6a242e1fc2abf4", "deprecated": false }, "0.6": { "digest": "d385131b7c0763a6fe71d6544599e69d79e6ff97c92b2b253470b9b1632bb71a", "deprecated": false }, "0.7": { "digest": "33d997a205be7dad55f5fadb1b56da3cd7a22b6333037af83132a948a6cc063f", "deprecated": false }, "0.8": { "digest": "9a6f6b6afb19f4ecafa4cb195d96c3380d9f2b5621424a1ee296ae34dc29f814", "deprecated": false }, "0.9": { "digest": "ff8e1e8b942d229cbe6de261b864fef4052b3c83018fe389b5441bd62c824d38", "deprecated": false }, "1.0": { "digest": "c10453ceeb22dcdf11fa386fe072c9aa6ede4a76e7cc9940caa429d8ec8814d5", "deprecated": false }, "1.1": { "digest": "d211c127d1295986dd11c1502295e538943baafcb04bab094b792f85531376f9", "deprecated": false }, "1.2": { "digest": "e1a9c0a6a058d043717ce66c649f632161d9ea788a77c9ce92ad50ab231c920c", "deprecated": false }, "1.3": { "digest": "537a00505f86acb335d66130e9e3d1cc867d99a26fe7d3a66904eb3ec57c3f43", "deprecated": false }, "1.4": { "digest": "e07c151e8686c9cf5ba5f5cb1513c8edeb1e4d6ee6a3672a835a0441c3cfcff7", "deprecated": false }, "1.5": { "digest": "97e3a10706edfa4ccb637673705d133e24ec8601f7199c7fd5884bd673778506", "deprecated": false }, "1.6": { "digest": "f38f6f62c92971e1537992406128a5438962f8bea6b9fdd9d8eacd5fd5cb6485", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIG9mIGh0dHAgc3BlY2lmaWMgQ1ZFcyA6CgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtHTFBJIENWRS0yMDIyLTM1OTE0XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi0zNTkxNCkKIC0gW0ZvcnRpbmV0IENWRS0yMDIyLTQwNjg0XShodHRwczovL3d3dy5ob3Jpem9uMy5haS9mb3J0aW9zLWZvcnRpcHJveHktYW5kLWZvcnRpc3dpdGNobWFuYWdlci1hdXRoZW50aWNhdGlvbi1ieXBhc3MtdGVjaG5pY2FsLWRlZXAtZGl2ZS1jdmUtMjAyMi00MDY4NC8pCiAtIFtDb25mbHVlbmNlIENWRS0yMDIyLTI2MTM0XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTI2MTM0KQogLSBbVGV4dDRTaGVsbCBDVkUtMjAyMi00Mjg4OV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi00Mjg4OSkKCgo6d2FybmluZzogVGhpcyBjb2xsZWN0aW9uIGlzIF9ub3RfIGEgV0FGIGFuZCB0aGlzIGNvbGxlY3Rpb24gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCkFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgo=", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2ViCiAgLSBleHBsb2l0CiAgLSBjdmUKICAtIGh0dHAK", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-cve-2021-41773", "crowdsecurity/http-cve-2021-42013", "crowdsecurity/grafana-cve-2021-43798", "crowdsecurity/vmware-vcenter-vmsa-2021-0027", "crowdsecurity/fortinet-cve-2018-13379", "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", "crowdsecurity/f5-big-ip-cve-2020-5902", "crowdsecurity/thinkphp-cve-2018-20062", "crowdsecurity/apache_log4j2_cve-2021-44228", "crowdsecurity/jira_cve-2021-26086", "crowdsecurity/spring4shell_cve-2022-22965", "crowdsecurity/vmware-cve-2022-22954", "crowdsecurity/CVE-2022-37042", "crowdsecurity/CVE-2022-41082", "crowdsecurity/CVE-2022-35914", "crowdsecurity/CVE-2022-40684", "crowdsecurity/CVE-2022-26134", "crowdsecurity/CVE-2022-42889" ] }, "crowdsecurity/iis": { "path": "collections/crowdsecurity/iis.yaml", "version": "0.1", "versions": { "0.1": { "digest": "045c579c8cbb0e1e15f76c22b6465d6113df4117e48ae018043c2c1c01cd4b42", "deprecated": false } }, "long_description": "IyMgSUlTIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgSUlTIDoKIC0gSVNTIHBhcnNlciAob25seSBXM0MgZm9ybWF0IGlzIHN1cHBvcnRlZCwgd2l0aCB0aGUgZGVmYXVsdCBmb3JtYXQpCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgZm9yIGNyYXdsLCBzY2FuIGV0Yy4KCk5vdGU6CiAtIElJUyB3aWxsIGJ1ZmZlciB0aGUgbG9ncyBpbiBtZW1vcnkgYmVmb3JlIHdyaXRpbmcgdGhlbSB0byB0aGUgbG9nIGZpbGUgKG9yIHRoZSBldmVudCBsb2cpLiBUaGUgZmx1c2ggaXMgZG9uZSBldmVyeSBtaW51dGUgb3IgZXZlcnkgNjRrQiBieSBkZWZhdWx0LCB0aGlzIGNhbiBsZWFkIHRvIHNvbWUgZmFsc2UgcG9zaXRpdmVzIG9uIGxvdyB0cmFmZmljIHdlYnNpdGVzLCBhcyBjcm93ZHNlYyB3aWxsIGJlIGEgc3VyZ2Ugb2YgbG9ncyBldmVyeSBtaW51dGUuIFRoaXMgY2FuIGJlIG1pdGlnYXRlZCBieSBzZXR0aW5nIHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgc2V0dGluZ3MgdG8gdHJ1ZSBpbiB0aGUgcmVsZXZhbnQgc2VjdGlvbiBvZiB5b3VyIGFjcXVpc2l0aW9uIGNvbmZpZy4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gaWYgeW91IGxvZyB0byBhIGZpbGU6CgpgYGB5YW1sCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxpbmV0cHViXGxvZ3NcTG9nRmlsZXNcKlwqLmxvZwpsYWJlbHM6CiAgdHlwZTogaWlzCmBgYAoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIGlmIHlvdSBsb2cgdG8gd2luZG93cyBldmVudHM6CmBgYHlhbWwKc291cmNlOiB3aW5ldmVudGxvZwpldmVudF9jaGFubmVsOiBNaWNyb3NvZnQtSUlTLUxvZ2dpbmcvTG9ncwpldmVudF9pZHM6CiAtIDYyMDAKZXZlbnRfbGV2ZWw6IGluZm9ybWF0aW9uCmxhYmVsczoKIHR5cGU6IGlpcwpgYGAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaWlzLWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKZGVzY3JpcHRpb246ICJJSVMgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyAiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2luZG93cwogIC0gaWlzCiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "IIS support : parser and generic http scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/iis-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/iptables": { "path": "collections/crowdsecurity/iptables.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ba5c8e97c06b19e4c075e0285e6b60c1da3b86381c88c4bfea4b374378ced10a", "deprecated": false } }, "long_description": "IyMgSXB0YWJsZXMvTmZ0YWJsZXMgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBwb3J0c2NhbiBkZXRlY3Rpb24gdmlhIGlwdGFibGVzL25mdGFibGVzIDoKIC0gaXB0YWJsZXMvbmZ0YWJsZXMgcGFyc2VyIChsaWtlIGluIGAtaiBMT0dgKQogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cva2Vybi5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCm5vdGVzIDoKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLXNjYW4tbXVsdGlfcG9ydHMKZGVzY3JpcHRpb246ICJpcHRhYmxlcyBzdXBwb3J0IDogbG9ncyBhbmQgcG9ydC1zY2FucyBkZXRlY3Rpb24gc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwb3J0c2NhbgogIC0gaXB0YWJsZXMKCg==", "description": "iptables support : logs and port-scans detection scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/iptables-logs" ], "scenarios": [ "crowdsecurity/iptables-scan-multi_ports" ] }, "crowdsecurity/linux": { "path": "collections/crowdsecurity/linux.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8d16483218a979b84549fb020b0342feea3d1f4951294b6994d33a9b7214842f", "deprecated": false }, "0.2": { "digest": "baaa37b12b4d734fab81ae01ff81c58ceb7a99304f21e6bb6ff86b871ed6d5eb", "deprecated": false } }, "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=", "description": "core linux support : syslog+geoip+ssh", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "collections": [ "crowdsecurity/sshd" ] }, "crowdsecurity/linux-lpe": { "path": "collections/crowdsecurity/linux-lpe.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a68ef0b517c988b50b3cdc0d84702b2f70e621d29378b9782b2e037bf6663458", "deprecated": false } }, "long_description": "IyMgTG9jYWwgUHJpdmlsZWdlIEVzY2FsYXRpb24gRGV0ZWN0aW9uCgpUaGlzIGNvbGxlY3Rpb24gYWltcyBhdCBkZXRlY3RpbmcgKHdoZW4gcG9zc2libGUpIGxvY2FsIHByaXZpbGVnZSBlc2NhbGF0aW9uIGF0dGFja3MuCgogLSBDVkUtMjAyMS00MDM0IDogRGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBwa2V4ZWMgdnVsbmVyYWJpbGl0eQoKOndhcm5pbmc6IFBsZWFzZSBub3RlIHRob3NlIHNjZW5hcmlvcyBhcmUgZGV0ZWN0aW9uIG9ubHksIGFuZCBhcmUgdmVyeSBsaWtlbHkgdG8gYmUgYnlwYXNzZWQgYnkgc21hcnQgYXR0YWNrZXJzLCBkbyBub3QgcmVseSBzb2xlbHkgb24gdGhlbSA6d2FybmluZzoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9hdXRoLmxvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKbm90ZXMgOgogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGtleGVjLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9DVkUtMjAyMS00MDM0CmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9saW51eApkZXNjcmlwdGlvbjogIkxpbnV4IExvY2FsIFByaXZpbGVnZSBFc2NhbGF0aW9uIGNvbGxlY3Rpb24gOiBkZXRlY3QgdHJpdmlhbCBMUEVzIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwcml2c2VjCiAgLSBscGUKCgo=", "description": "Linux Local Privilege Escalation collection : detect trivial LPEs", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/pkexec-logs" ], "scenarios": [ "crowdsecurity/CVE-2021-4034" ], "collections": [ "crowdsecurity/linux" ] }, "crowdsecurity/litespeed": { "path": "collections/crowdsecurity/litespeed.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c3bfb3dea73e8880ca0598b4ede129f0468361cadabd7ce214f92598348da97e", "deprecated": false } }, "long_description": "IyMgTGl0ZXNwZWVkIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgbGl0ZXNwZWVkIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBsaXRlc3BlZWQgcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCiAtIEJydXRlZm9yY2UgYWdhaW5zdCBsaXRlc3BlZWQgYWRtaW4gVUkKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdXNyL2xvY2FsL2xzd3MvWU9VUlZIT1NUL2xvZ3MvKi5sb2cKICAtIC91c3IvbG9jYWwvbHN3cy9hZG1pbi9sb2dzLyoubG9nCiAgLSAvdXNyL2xvY2FsL2xzd3MvbG9ncy8qLmxvZwpsYWJlbHM6CiAgdHlwZTogbGl0ZXNwZWVkCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbGl0ZXNwZWVkLWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtYWRtaW4tYmYKZGVzY3JpcHRpb246ICJsaXRlc3BlZWQgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaXRlc3BlZWQKICAtIGNyYXdsCiAgLSBzY2FuCgo=", "description": "litespeed support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/litespeed-logs" ], "scenarios": [ "crowdsecurity/litespeed-admin-bf" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/magento": { "path": "collections/crowdsecurity/magento.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9ed2119aafbc789322dcde0e88a1df2912764b98c5e978edb001b67e610f31ad", "deprecated": false } }, "long_description": "IyMgTWFnZW50byBjb2xsZWN0aW9uCgpUaGlzIE1hZ2VudG8gY29sbGVjdGlvbiBzdXBwb3J0cyA6CiAtIFBhcnNlciBmb3IgdGhlIFtDcm93ZFNlYyBNYWdlbnRvIEV4dGVuc2lvbl0oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2JvdW5jZXJzL2NzLW1hZ2VudG8tYm91bmNlcikKIC0gV2ViIGF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIENyZWRpdCBjYXJkIHN0dWZmaW5nIGRldGVjdGlvbiBmcm9tIGEgc2luZ2xlIElQCiAtIERpc3RyaWJ1dGVkIENyZWRpdCBjYXJkIHN0dWZmaW5nIGZyb20gc2FtZSBjb3VudHJ5CgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvd3d3L2h0bWwvbWFnZW50bzIvdmFyL2xvZy9jcm93ZHNlYy1ldmVudHMubG9nCmxhYmVsczoKICB0eXBlOiBtYWdlbnRvLWV4dGVuc2lvbgpgYGAKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgoKCltIZXJlIGlzIHRoZSBkb2N1bWVudGF0aW9uXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1tYWdlbnRvLWJvdW5jZXIvYmxvYi9tYWluL2RvYy9VU0VSX0dVSURFLm1kI2V2ZW50cykgdG8gZW5hYmxlIGBFdmVudCBMb2dnaW5nYCBpbiB5b3VyIE1hZ2VudG8gQm91bmNlci4=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvbWFnZW50by1leHRlbnNpb24tbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2dlb2lwLWVucmljaApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtbWFnZW50by1iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWNvdW50cnkKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1tYWdlbnRvLWNjcy1ieS1hcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzCmRlc2NyaXB0aW9uOiAiTWFnZW50byBjb2xsZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIG1hZ2VudG8KICAtIGh0dHAKCg==", "description": "Magento collection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/magento-extension-logs", "crowdsecurity/dateparse-enrich", "crowdsecurity/geoip-enrich" ], "scenarios": [ "crowdsecurity/http-magento-bf", "crowdsecurity/http-magento-ccs-by-country", "crowdsecurity/http-magento-ccs-by-as", "crowdsecurity/http-magento-ccs" ] }, "crowdsecurity/mariadb": { "path": "collections/crowdsecurity/mariadb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "88ec0daef18bbbce68c6ae2c0593cf152973221efb630a745f7cbb34feb80ff8", "deprecated": false } }, "long_description": "IyMgTWFyaWFEQiBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIG1hcmlhZGIgc2VydmljZSA6CiAtIG1hcmlhZGIgbG9ncyBwYXJzZXIKIC0gYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKbGFiZWxzOgogIHR5cGU6IG15c3FsCmBgYAoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1iZgpkZXNjcmlwdGlvbjogIm1hcmlhZGIgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbWFyaWFkYgogIC0gYnJ1dGVmb3JjZQo=", "description": "mariadb support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mariadb-logs" ], "scenarios": [ "crowdsecurity/mariadb-bf" ] }, "crowdsecurity/modsecurity": { "path": "collections/crowdsecurity/modsecurity.yaml", "version": "0.1", "versions": { "0.1": { "digest": "530454a9dbdb3800f62de4b8ba7d6ed2160b4e533d577c52393f5f286df2b615", "deprecated": false } }, "long_description": "IyMgTW9kc2VjdXJpdHkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBtb2RzZWN1cml0eSAodGVzdGVkIG9ubHkgd2l0aCBBcGFjaGUpOgogLSBtb2RzZWN1cml0eSBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5YAogLSBtb2RzZWN1cml0eSBzY2VuYXJpbzogYGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXBhY2hlMi8qLmxvZwogIC0gL3Zhci9sb2cvbmdpbngvKi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vZHNlY3VyaXR5CmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIm1vZHNlY3VyaXR5IHN1cHBvcnQgOiBtb2RzZWN1cml0eSBwYXJzZXIgYW5kIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3ZWIKICAtIHdhZg==", "description": "modsecurity support : modsecurity parser and scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/modsecurity" ], "scenarios": [ "crowdsecurity/modsecurity" ] }, "crowdsecurity/mssql": { "path": "collections/crowdsecurity/mssql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "109bf56d5781fca733b958588338370d2196a2c3e490eccb94c56df6341a3ba8", "deprecated": false } }, "long_description": "IyMgTVNTUUwgQ29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBNU1NRTCA6CiAtIG1zc3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAKICMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApzb3VyY2U6IHdpbmV2ZW50bG9nCmV2ZW50X2NoYW5uZWw6IEFwcGxpY2F0aW9uCmV2ZW50X2lkczoKIC0gMTg0NTYKZXZlbnRfbGV2ZWw6IGluZm9ybWF0aW9uCmxhYmVsczoKIHR5cGU6IGV2ZW50bG9nCmBgYAoKbm90ZXM6CiAtICBZb3UgbmVlZCB0byBlbmFibGUgZmFpbGVkIGxvZ2luIGxvZ3MgKHdoaWNoIHNob3VsZCBiZSBvbiBieSBkZWZhdWx0KQ==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L21zc3FsLWJmCmRlc2NyaXB0aW9uOiAibXNzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBtc3NxbAogIC0gYnJ1dGVmb3JjZQo=", "description": "mssql support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mssql-logs" ], "scenarios": [ "crowdsecurity/mssql-bf" ] }, "crowdsecurity/mysql": { "path": "collections/crowdsecurity/mysql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "77e63a6deedaedc15457691e8631633c15663e796f9e896331d64aa3614fdafc", "deprecated": false } }, "long_description": "IyMgTXlTUUwgQ29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBteXNxbCBzZXJ2aWNlcyA6CiAtIG15c3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAKICMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKbGFiZWxzOgogIHR5cGU6IG15c3FsCmBgYAoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAibXlzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbXlzcWwKICAtIGJydXRlZm9yY2UK", "description": "mysql support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mysql-logs" ], "scenarios": [ "crowdsecurity/mysql-bf" ] }, "crowdsecurity/naxsi": { "path": "collections/crowdsecurity/naxsi.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cd093e3b26795e8ae86898a585ef77509dc988c4841ea49ba61795a7c849b06e", "deprecated": false } }, "long_description": "IyMgTmF4c2kgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRldGVjdCB2aXJ0dWFsIHBhdGNoIHZpb2xhdGlvbnMgOgogLSBuYXhzaSBsb2dzIHBhcnNlcgogLSB2cGF0Y2ggaGlnaCBpZCAoPjk5OTkpIHRyaWdnZXIgcnVsZQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueApgYGAKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9uYXhzaS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmF4c2ktZXhwbG9pdC12cGF0Y2gKZGVzY3JpcHRpb246ICJuYXhzaSBzdXBwb3J0IDogcGFyc2VyIGFuZCB2cGF0Y2ggc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuYXhzaQogIC0gZXhwbG9pdAoK", "description": "naxsi support : parser and vpatch scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-logs", "crowdsecurity/naxsi-logs" ], "scenarios": [ "crowdsecurity/naxsi-exploit-vpatch" ] }, "crowdsecurity/nextcloud": { "path": "collections/crowdsecurity/nextcloud.yaml", "version": "0.2", "versions": { "0.1": { "digest": "970735016eb78b0d0c722d7ed426b0edc1efd603547bf8cd5d68c57484e7a855", "deprecated": false }, "0.2": { "digest": "a60b9e37b9f440f290632cdc20832b5a53ce9b59b3ce1d926b4ef40b49776c34", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTmV4dGNsb3VkXShodHRwczovL25leHRjbG91ZC5jb20pIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBOZXh0Y2xvdWQgcGFyc2VyCiAtIE5leHRjbG91ZCBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgo+IENvbnRyaWJ1dGVkIGJ5IEjDpXZhcmQgTW9lbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCgogRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci93d3cvbmV4dGNsb3VkL2RhdGEvbmV4dGNsb3VkLmxvZwpsYWJlbHM6CiAgdHlwZTogTmV4dGNsb3VkCmBgYAoKYGBgeWFtbAotLS0Kc291cmNlOiBqb3VybmFsY3RsCmpvdXJuYWxjdGxfZmlsdGVyOgogIC0gIlNZU0xPR19JREVOVElGSUVSPU5leHRjbG91ZCIKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKLSBVc2UgdGhlIGZpbGVuYW1lIHZlcnNpb24gaWYgeW91IGhhdmUgdGhlIGRlZmF1bHQgW3NldHRpbmddKGh0dHBzOi8vZG9jcy5uZXh0Y2xvdWQuY29tL3NlcnZlci9zdGFibGUvYWRtaW5fbWFudWFsL2NvbmZpZ3VyYXRpb25fc2VydmVyL2NvbmZpZ19zYW1wbGVfcGhwX3BhcmFtZXRlcnMuaHRtbD9oaWdobGlnaHQ9bG9nbGV2ZWwjbG9nZ2luZykgb2YgbG9nZ2luZyB0byBmaWxlCi0gVXNlIHRoZSBqb3VybmFsY3RsIHZlcnNpb24gaWYgeW91IGFyZSBzZW5kaW5nIGxvZ3MgdG8gc3lzbG9nIG9yIHN5c3RlbWQgYW5kIHJlYWQgdGhlIGxvZ3MgZnJvbSBqb3VybmFsZAo=", "content": "LS0tCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmV4dGNsb3VkLWJmCmRlc2NyaXB0aW9uOiAiTmV4dGNsb3VkIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGVmb3JjZQogIC0gbmV4dGNsb3VkCg==", "description": "Nextcloud support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nextcloud-logs" ], "scenarios": [ "crowdsecurity/nextcloud-bf" ] }, "crowdsecurity/nginx": { "path": "collections/crowdsecurity/nginx.yaml", "version": "0.2", "versions": { "0.1": { "digest": "5ef06c9a84fbea5b01d901a6a23d5de8de811da5036e5ec4f6a8d00fb096805b", "deprecated": false }, "0.2": { "digest": "334f7e5626a83c576af2dec1360b760991d09b6f418590a174748a4ca00bd1e4", "deprecated": false } }, "long_description": "IyMgTmdpbnggY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBuZ2lueCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gbmdpbnggcGFyc2VyIChzdXBwb3J0IGFsc28gaW5ncmVzcyBuZ2lueCBjb250cm9sbGVyIGRlZmF1bHQgW2xvZ19mb3JtYXRdKGh0dHBzOi8va3ViZXJuZXRlcy5naXRodWIuaW8vaW5ncmVzcy1uZ2lueC91c2VyLWd1aWRlL25naW54LWNvbmZpZ3VyYXRpb24vbG9nLWZvcm1hdC8pKQogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L25naW54LXJlcS1saW1pdC1leGNlZWRlZApkZXNjcmlwdGlvbjogIm5naW54IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "nginx support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-logs" ], "scenarios": [ "crowdsecurity/nginx-req-limit-exceeded" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/nginx-proxy-manager": { "path": "collections/crowdsecurity/nginx-proxy-manager.yaml", "version": "0.1", "versions": { "0.1": { "digest": "fcde72227c4fc913f5472fff55e041aef913a0a4a0143f0ad8ef29bdc2e4e7f9", "deprecated": false } }, "long_description": "IyMgTmdpbnggUHJveHkgTWFuYWdlciBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIG5naW54IGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBbTmdpbnggUHJveHkgTWFuYWdlcl0oaHR0cHM6Ly9naXRodWIuY29tL05naW54UHJveHlNYW5hZ2VyL25naW54LXByb3h5LW1hbmFnZXIpIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIH4vZGF0YS9sb2dzLyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueC1wcm94eS1tYW5hZ2VyCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGNvbmZpZ3VyYXRpb24sIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtcHJveHktbWFuYWdlci1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiTmdpbnggUHJveHkgTWFuYWdlciBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBuZ2lueAogIC0gbmdpbngtcHJveHkKICAtIGNyYXdsCiAgLSBzY2Fu", "description": "Nginx Proxy Manager support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-proxy-manager-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/odoo": { "path": "collections/crowdsecurity/odoo.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7b9b2323ffda7ffd8a48aea52b8424bc12a58d0047bb9bebb2cf030c5fa088c9", "deprecated": false } }, "long_description": "IyMgT2RvbyBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIE9kb28gYWdhaW5zdCBjb21tb24gYXR0YWNrczoKIC0gT2RvbyBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcyBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKIC0gZGV0ZWN0IHVzZXIgZW51bWVyYXRpb24KCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvb2Rvby8qLmxvZwpsYWJlbHM6CiAgdHlwZTogb2RvbwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvb2Rvby1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvb2Rvby1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJPZG9vIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlL3VzZXIgZW51bWVyYXRpb24gZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGVycAogIC0gb2RvbwogIC0gYnJ1dGVmb3JjZQo=", "description": "Odoo support : parser and brute-force/user enumeration detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/odoo-logs" ], "scenarios": [ "crowdsecurity/odoo-bf_user-enum" ] }, "crowdsecurity/opnsense": { "path": "collections/crowdsecurity/opnsense.yaml", "version": "0.3", "versions": { "0.1": { "digest": "2e389ca4cda774d45d19657579cee7bd735b62147875f333b8cd072ed4b91a04", "deprecated": false }, "0.2": { "digest": "bfac0c94acc89565c80ed1be59b655d8ba718b0b0097bf9da378ee4f24a4d02d", "deprecated": false }, "0.3": { "digest": "754157043e75342b8d6f4e0ae195657027473055072f7d22720d557a2f2e1c0d", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2UgY29sbGVjdGlvbgoKVGhpcyBPUE5TZW5zZSBjb2xsZWN0aW9uIHN1cHBvcnRzIDoKIC0gc3NoIHBhcnNlcnMgJiBicnV0ZWZvcmNlIGRldGVjdGlvbgogLSB3ZWIgYXV0aGVudGljYXRpb24gYnJ1dGVmb3JjZSBkZXRlY3Rpb24K", "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVic2QKICAtIGNyb3dkc2VjdXJpdHkvb3Buc2Vuc2UtZ3VpCmRlc2NyaXB0aW9uOiAiY29yZSBvcG5zZW5zZSBzdXBwb3J0IgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGZyZWVic2QK", "description": "core opnsense support", "author": "crowdsecurity", "labels": null, "collections": [ "crowdsecurity/freebsd", "crowdsecurity/opnsense-gui" ] }, "crowdsecurity/opnsense-gui": { "path": "collections/crowdsecurity/opnsense-gui.yaml", "version": "0.1", "versions": { "0.1": { "digest": "91be3b0655e3de8a1c82787dadf1521c1ad1489e5798b5b9e2cdf3df0fc7cd1d", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIGF1dGhlbnRpY2F0aW9uIGNvbGxlY3Rpb24KClN1cHBvcnQgdG8gZGV0ZWN0IGJydXRlZm9yY2Ugb24gdGhlIE9QTlNlbnNlIHdlYiBwb3J0YWwK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvb3Buc2Vuc2UtZ3VpLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9vcG5zZW5zZS1ndWktYmYKZGVzY3JpcHRpb246ICJPUE5TZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBvcG5zZW5zZQogIC0gYnJ1dGVmb3JjZQogIC0gc2NhbgoKCg==", "description": "OPNSense web authentication support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/opnsense-gui-logs" ], "scenarios": [ "crowdsecurity/opnsense-gui-bf" ] }, "crowdsecurity/pgsql": { "path": "collections/crowdsecurity/pgsql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "78408615dfdfa97075b37dc7533b3d682b57293053aae5522ee3cd7b5825be02", "deprecated": false } }, "long_description": "IyMgUG9zdGdyZVNRTCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvc3RncmVzcWwgc2VydmljZXMgOgogLSBwZ3NxbCBsb2dzIHBhcnNlcgogLSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL3Bvc3RncmVzcWwvKi5sb2cKbGFiZWxzOgogIHR5cGU6IHBvc3RncmVzCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGdzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsLWJmCmRlc2NyaXB0aW9uOiAicG9zdGdyZXMgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gcGdzcWwKICAtIHBvc3RncmVzCiAgLSBicnV0ZWZvcmNlCg==", "description": "postgres support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/pgsql-logs" ], "scenarios": [ "crowdsecurity/pgsql-bf" ] }, "crowdsecurity/postfix": { "path": "collections/crowdsecurity/postfix.yaml", "version": "0.2", "versions": { "0.1": { "digest": "81767bab91a7a071d8d32f3227f2391744eef5ba6a4cf916a96ec8183d050ae0", "deprecated": false }, "0.2": { "digest": "b4cceea527807a9fe70f673ef34e0d7d4372267d665fbbe164f0d6a1a3531a2e", "deprecated": false } }, "long_description": "IyMgUG9zdGZpeCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvc3RmaXgKICogcG9zdGZpeCBsb2cgcGFyc2VycwogKiBwb3N0c2NyZWVuIGxvZyBwYXJzZXIKICogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdAogKiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0CgpUaGlzIGNvbGxlY3Rpb24gbW9zdGx5IGFpbXMgYXQgZ2V0dGluZyBhIHNpbWlsYXIgc3BhbSBwcm90ZWN0aW9uIGFzCnRoZSBub3JtYWwgZmFpbDJiYW4gcG9zdGZpeCBjb25maWd1cmF0aW9uIGFsdGhvdWdoIHBvc3RjcmVlbiBsb2cKbWFuYWdlbWVudCBpc24ndCBpbmNsdWRlZCBieSBkZWZhdWx0IGJ5IGZhaWwyYmFuLgoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9tYWlsLmxvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbQpkZXNjcmlwdGlvbjogInBvc3RmaXggc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK", "description": "postfix support : parser and spammer detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/postfix-logs", "crowdsecurity/postscreen-logs" ], "scenarios": [ "crowdsecurity/postfix-spam" ] }, "crowdsecurity/proftpd": { "path": "collections/crowdsecurity/proftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6f98f64784109c356578bf50c7b296c5936bddfd5a206f25d39f92f504ea04ad", "deprecated": false } }, "long_description": "IyMgUHJvRlRQRCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIHByb2Z0cGQgYWdhaW5zdCBjb21tb24gYXR0YWNrczoKIC0gcHJvZnRwZCBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKIC0gZGV0ZWN0IHVzZXIgZW51bWVyYXRpb24KCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvcHJvZnRwZC8qLmxvZwpsYWJlbHM6CiAgdHlwZTogcHJvZnRwZApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcHJvZnRwZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvcHJvZnRwZC1iZgogIC0gY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogInByb2Z0cGQgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UvdXNlciBlbnVtZXJhdGlvbiBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHByb2Z0cGQKICAtIGJydXRlZm9yY2UKCg==", "description": "proftpd support : parser and brute-force/user enumeration detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/proftpd-logs" ], "scenarios": [ "crowdsecurity/proftpd-bf", "crowdsecurity/proftpd-bf_user-enum" ] }, "crowdsecurity/smb": { "path": "collections/crowdsecurity/smb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9b87e4588319834b833778cc10602d906194d96b3fd6f8fdd8d1db7adf1a4abe", "deprecated": false } }, "long_description": "IyMgU01CIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgc21iIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIHNtYiBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc2FtYmEvbG9nLioKbGFiZWxzOgogIHR5cGU6IHNtYgpgYGAKCgpub3RlcyA6CiAtICBZb3UgbWF5IHRhcmdldCBhIG1vcmUgc3BlY2lmaWMgbG9nLCB1c3VhbHkgbG9nLjxET01BSU4+CiAtICBCZSBzdXJlIHRvIGhhdmUgdGhlIGFwcHJvcHJpYXRlIGxvZyBsZXZlbCBpbiB5b3VyIHNtYi5jb25mCiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9zbWItYmYKZGVzY3JpcHRpb246ICJzbWIgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2Ugc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNtYgogIC0gYnJ1dGVmb3JjZQoK", "description": "smb support : parser and brute-force scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/smb-logs" ], "scenarios": [ "crowdsecurity/smb-bf" ] }, "crowdsecurity/sshd": { "path": "collections/crowdsecurity/sshd.yaml", "version": "0.2", "versions": { "0.1": { "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3", "deprecated": false }, "0.2": { "digest": "72f6329808fafbb42da52cc6476a6e794d0a1ae5b3847e0060cf23593dd40352", "deprecated": false } }, "long_description": "IyMgU1NIRCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIHNzaGQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIHNzaCBwYXJzZXIKIC0gc3NoIGJydXRlZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KIC0gc3NoICdzbG93JyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24KCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK", "description": "sshd support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/sshd-logs" ], "scenarios": [ "crowdsecurity/ssh-bf", "crowdsecurity/ssh-slow-bf" ] }, "crowdsecurity/suricata": { "path": "collections/crowdsecurity/suricata.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6f5d4ed7c676be6082af86c8ff771a063808a5970cb56edb9c8161c9b8390466", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciB0aGUgW1N1cmljYXRhXShodHRwczovL3N1cmljYXRhLmlvLykgSURTL0lQUy4KVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIDoKIC0gUGFyc2VycyBmb3IgU3VyaWNhdGEgbG9ncyAoYm90aCBgZmFzdC5sb2dgIGFuZCBgZXZlLmpzb25gIGZvcm1hdHMpCiAtIFNjZW5hcmlvcyBmb3IgU3VyaWNhdGEgYWxlcnRzIDoKICAgLSB0cmlnZ2VyIGJhbiBvbiAqTWFqb3IqIChzZXZlcml0eToxKSBydWxlcwogICAtIHRyaWdnZXIgYmFuIG9uID4yICoqZGlzdGluY3QqKiBydWxlcyBvZiBzZXZlcml0eSAyCgoKTm90ZTogVGVzdGVkIHdpdGggU3VyaWNhdGEgNgoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZTogL3Zhci9sb2cvc3VyaWNhdGEvZXZlLmpzb24KbGFiZWxzOgogIHR5cGU6IHN1cmljYXRhLWV2ZWxvZ3MKYGBgCgoqKm9yKioKCmBgYHlhbWwKZmlsZW5hbWU6IC92YXIvbG9nL3N1cmljYXRhL2Zhc3QubG9nCmxhYmVsczoKICB0eXBlOiBzdXJpY2F0YS1mYXN0bG9ncwpgYGAKCm5vdGVzIDoKIC0gVXNpbmcgYm90aCBhY3F1aXNpdGlvbnMgc2ltdWx0YW5lb3VzbHkgd2lsbCBsZWFkIHRvIGRvdWJsZSBkZWNpc2lvbnMgb3IgdW5wcmVkaWN0YWJsZSBiZWhhdmlvci4gYGV2ZS5qc29uYCBzaG91bGQgYmUgcHJlZmVycmVkLgogLSBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWFsZXJ0cwpkZXNjcmlwdGlvbjogInN1cmljYXRhIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGF1dG9tYXRpYyByZW1lZGlhdGlvbiBvbiBoaWdoL21ham9yIGFsZXJ0cyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3VyaWNhdGEKICAtIElEUwoK", "description": "suricata support : parser and automatic remediation on high/major alerts", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/suricata-logs" ], "scenarios": [ "crowdsecurity/suricata-alerts" ] }, "crowdsecurity/synology-dsm": { "path": "collections/crowdsecurity/synology-dsm.yaml", "version": "0.2", "versions": { "0.1": { "digest": "cdd3722569d65100a93620001b867e7932407410b7de78b56f88c7a721f61ac6", "deprecated": false }, "0.2": { "digest": "6a2b5e562f0b6a4b9f1c03a05c73985e5326b7fa6d910f74a698fe182a951004", "deprecated": false } }, "long_description": "IyMgU3lub2xvZ3kgRFNNIGNvbGxlY3Rpb24KClRoaXMgU3lub2xvZ3kgRFNNIGNvbGxlY3Rpb24gc3VwcG9ydHMgOgogLSB3ZWIgYXV0aGVudGljYXRpb24gYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCg==", "content": "IyBTeW5vbG9neSBEU00gcGFyc2VycwpwYXJzZXJzOgogIC0gY3Jvd2RzZWN1cml0eS9zeW5vbG9neS1kc20tbG9ncwojIFN5bm9sb2d5IERTTSBjb2xsZWN0aW9ucwojY29sbGVjdGlvbnM6CiMgIC0gCiMgdGhlIGxpc3Qgb2YgcG9zdG92ZXJmbG93cyBpdCBjb250YWlucwojIHBvc3RvdmVyZmxvd3M6CiMgICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiMgdGhlIGxpc3Qgb2Ygc2NlbmFyaW9zIGl0IGNvbnRhaW5zCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3lub2xvZ3ktZHNtLWJmCmRlc2NyaXB0aW9uOiAiU3lub2xvZ3kgRFNNIHdlYiBhdXRoZW50aWNhdGlvbiBzdXBwb3J0IgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBzeW5vbG9neQogIC0gYnJ1dGVmb3JjZQogIC0gc2Nhbgo=", "description": "Synology DSM web authentication support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/synology-dsm-logs" ], "scenarios": [ "crowdsecurity/synology-dsm-bf" ] }, "crowdsecurity/thehive": { "path": "collections/crowdsecurity/thehive.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3d6910c9ee4fd1c7395018de8ecd98a9128c858eb8799e631b754055711b1c29", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1iZgpkZXNjcmlwdGlvbjogIlRoZWhpdmUgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHNvYwogIC0gc2VjdXJpdHkKICAtIHRoZWhpdmUKICAtIGJydXRlZm9yY2UK", "description": "Thehive support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/thehive-logs" ], "scenarios": [ "crowdsecurity/thehive-bf" ] }, "crowdsecurity/traefik": { "path": "collections/crowdsecurity/traefik.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b7b9feedcd49009ce80e4ab12c2642e68054222a7e7bb8611f2f45d5d3600ef2", "deprecated": false } }, "long_description": "IyMgVHJhZWZpayBjb2xsZWN0aW9uCgo+IENvLWF1dGhvcmVkIHdpdGggKGh0dHBzOi8vZ2l0aHViLmNvbS9nbWVsb2RpZSkKCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgdHJhZWZpayBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSB0cmFlZmlrIHBhcnNlciAoc3VwcG9ydHMgQ0xGIGFuZCBKU09OKQogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy90cmFlZmlrLyoubG9nCmxhYmVsczoKICB0eXBlOiB0cmFlZmlrCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "IyBjby1hdXRob3JlZCB3aXRoIGdtZWxvZGllIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L3RyYWVmaWstbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogInRyYWVmaWsgc3VwcG9ydDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHRyYWVmaWsKICAtIGh0dHAKICAtIGJydXRlZm9yY2UKCg==", "description": "traefik support: parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/traefik-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/unifi": { "path": "collections/crowdsecurity/unifi.yaml", "version": "0.1", "versions": { "0.1": { "digest": "55ad6aac392ac93a0d866522c1fd88ba30c7c4ad99e334a9c46b741f948f27e6", "deprecated": false } }, "long_description": "IyMgVW5pZmkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBVbmlmaSBnZWFyIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgotIFVuaWZpIHN5c2xvZyBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L3VuaWZpLWxvZ3NgCi0gRHJvcGJlYXIgcGFyc2VyOiBgY3Jvd2RzZWN1cml0eS9kcm9wYmVhci1sb2dzYAotIFNTSCBicnV0ZWZvcmNlIHNjZW5hcmlvIDogYGNyb3dkc2VjdXJpdHkvc3NoLWJmYAotIElwdGFibGVzIHBhcnNlcjogYGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9nc2AKLSBQb3J0IHNjYW4gZGV0ZWN0aW9uOiBgY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzYAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCnNvdXJjZTogc3lzbG9nCmxpc3Rlbl9hZGRyOiAwLjAuMC4wCmxpc3Rlbl9wb3J0OiA0MjQyCmxhYmVsczoKIHR5cGU6IHVuaWZpCmBgYAoKCm5vdGVzIDoKIC0gIFdoaWxlIHRoZSB1bmlmaSBnZWFyIHVzZXMgc3lzbG9nIHRvIHNlbmQgdGhlIGxvZ3MsIHRoZSBmb3JtYXQgaXMgbm9uLWNvbXBsaWFudCB3aXRoIHRoZSBSRkMsIHNvIHlvdSBuZWVkIHRvIHNldCB0aGUgdHlwZSB0byBgdW5pZmlgCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdW5pZmktbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kcm9wYmVhci1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9pcHRhYmxlcwpkZXNjcmlwdGlvbjogIlVuaWZpIHN1cHBvcnQ6IHN5c2xvZyBwYXJzZXIgKyBwb3J0IHNjYW4gKyBTU0ggQkYgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHVuaWZpCiAgLSBzc2gKICAtIGJydXRlZm9yY2UKICAtIGRyb3BiZWFyCiAgLSBwb3J0c2Nhbgo=", "description": "Unifi support: syslog parser + port scan + SSH BF detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/unifi-logs", "crowdsecurity/dropbear-logs" ], "scenarios": [ "crowdsecurity/ssh-bf" ], "collections": [ "crowdsecurity/iptables" ] }, "crowdsecurity/vsftpd": { "path": "collections/crowdsecurity/vsftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7cb60c9ce9772d4dc7227cc415a55114b8f4e3c07e27c17a666e56e11cb04b32", "deprecated": false } }, "long_description": "IyMgVnNGVFBEIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgVlNGVFBEIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgotIFZTRlRQRCBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L3ZzZnRwZC1sb2dzYAotIGJydXRlZm9yY2Ugc2NlbmFyaW8gOiBgY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmZgCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvdnNmdHBkLyoubG9nCmxhYmVsczoKICB0eXBlOiB2c2Z0cGQKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmYKZGVzY3JpcHRpb246ICJWU0ZUUEQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gZnRwCiAgLSBicnV0ZWZvcmNlCg==", "description": "VSFTPD support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/vsftpd-logs" ], "scenarios": [ "crowdsecurity/vsftpd-bf" ] }, "crowdsecurity/whitelist-good-actors": { "path": "collections/crowdsecurity/whitelist-good-actors.yaml", "version": "0.1", "versions": { "0.1": { "digest": "70f9b1723423de3918bfa3f33fa9c266da71c897b6173ff21e2fb73f9a24245e", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIHdoaXRlbGlzdCBhbGwgZ29vZCBhY3RvcnMgOgogLSByZG5zIHRvIHVzZSBpdCBpbiB3aGl0ZWxpc3RzIHRoYXQgbmVlZCByZG5zCiAtIHJkbnMgb2YgYWxsIGdvb2Qgc2VhcmNoIGVuZ2luZSBjcmF3bGVycyAoZ29vZ2xlYm90LCBiaW5nIGV0Yy4uLikKIC0gdHJ1c3RlZCBwYXJ0bmVycyBsaWtlIGNsb3VkZmxhcmU=", "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiAgLSBjcm93ZHNlY3VyaXR5L2Nkbi13aGl0ZWxpc3QKICAtIGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkdvb2QgYWN0b3JzIHdoaXRlbGlzdHMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3RzCiAgLSBwYXJ0bmVycwo=", "description": "Good actors whitelists", "author": "crowdsecurity", "labels": null, "postoverflows": [ "crowdsecurity/seo-bots-whitelist", "crowdsecurity/cdn-whitelist", "crowdsecurity/rdns" ] }, "crowdsecurity/windows": { "path": "collections/crowdsecurity/windows.yaml", "version": "0.1", "versions": { "0.1": { "digest": "dca4187a260a723cfc7d47246cccfadab4249adca84f9e8b0cff7727f4503ae9", "deprecated": false } }, "long_description": "IyMgV2luZG93cyBjb2xsZWN0aW9uCgpUaGlzIGNvbGxlY3Rpb24gaW5zdGFsbHMgYSBwYXJzZXIgZm9yIHdpbmRvd3MgZXZlbnQgbG9ncyArIGZsYXQgZmlsZSwgYW5kIGEgcGFyc2VyL3NjZW5hcmlvIGZvciBhdXRoIGJydXRlZm9yY2UK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYXV0aAogIC0gY3Jvd2RzZWN1cml0eS9nZW9pcC1lbnJpY2gKICAtIGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKZGVzY3JpcHRpb246ICJjb3JlIHdpbmRvd3Mgc3VwcG9ydCA6IHdpbmRvd3MgZXZlbnQgbG9nICsgYmYgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHdpbmRvd3MKCg==", "description": "core windows support : windows event log + bf detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-logs", "crowdsecurity/windows-auth", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "crowdsecurity/windows-bf" ] }, "crowdsecurity/windows-cve": { "path": "collections/crowdsecurity/windows-cve.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "deprecated": false }, "0.2": { "digest": "64a28a68af069438de9f54c6f31ffebf289d9bfe246bc42c06ef4228f65fa808", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIG9mIHdpbmRvd3Mgc3BlY2lmaWMgQ1ZFcyA6CgogLSBbTVNEVCBDVkUtMjAyMi0zMDE5MF0oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItMzAxOTApCgoKOndhcm5pbmc6IFRoaXMgY29sbGVjdGlvbiByZXF1aXJlcyBhIHdvcmtpbmcgW3N5c21vbl0oaHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvc3lzaW50ZXJuYWxzL2Rvd25sb2Fkcy9zeXNtb24pIGluc3RhbGxhdGlvbi4gVGhpcyBpcyBzdGlsbCBhIHByb29mLW9mLWNvbmNlcHQsIGFuZCB3aWxsIGdhaW4gbW9yZSBzY2VuYXJpb3Mgb3ZlciB0aW1lLgoKRXhhbXBsZSBhY3F1aXNpdGlvbiBjb25maWc6CmBgYApzb3VyY2U6IHdpbmV2ZW50bG9nCnByZXR0eV9uYW1lOiBzeXNtb24KZXZlbnRfY2hhbm5lbDogIk1pY3Jvc29mdC1XaW5kb3dzLVN5c21vbi9PcGVyYXRpb25hbCIKbGFiZWxzOgogdHlwZTogc3lzbW9uCmBgYA==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3N5c21vbi1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1DVkUtMjAyMi0zMDE5MC1tc2R0CmRlc2NyaXB0aW9uOiAid2luZG93cyBDVkU6IHRyeSB0byBkZXRlY3QgbG9jYWwgQ1ZFIGV4cGxvaXRhdGlvbiBvbiB3aW5kb3dzLiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBsb2NhbAogIC0gZXhwbG9pdAoK", "description": "windows CVE: try to detect local CVE exploitation on windows.", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-logs", "crowdsecurity/sysmon-logs" ], "scenarios": [ "crowdsecurity/windows-CVE-2022-30190-msdt" ] }, "crowdsecurity/windows-firewall": { "path": "collections/crowdsecurity/windows-firewall.yaml", "version": "0.1", "versions": { "0.1": { "digest": "597b15292d86f2aa7df95cc09fb9dc2f7d29aa541727f9704faa1095068889b2", "deprecated": false } }, "long_description": "IyMgV2luZG93cyBmaXJld2FsbCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvcnRzY2FuIGRldGVjdGlvbiB2aWEgd2luZG93cyBmaXJld2FsbCBsb2dzIDoKIC0gV2luZG93cyBmaXJld2FsbCBsb2dzIHBhcnNlcgogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gQzpcXFdpbmRvd3NcXFN5c3RlbTMyXFxMb2dGaWxlc1xcRmlyZXdhbGxcXHBmaXJld2FsbC5sb2cKbGFiZWxzOgogIHR5cGU6IHdpbmRvd3MtZmlyZXdhbGwKYGBgCgpub3RlcyA6CiAtIFRoaXMgY29sbGVjdGlvbiB1c2VzIHRoZSBgY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzYCBzY2VuYXJpbyBiZWNhdXNlIHdlIGFyZSBiYWQgYXQgbmFtaW5nIDopIAogLSBCZWNhdXNlIFdpbmRvd3MgZW5hYmxlcyBzdGVhbHRoIG1vZGUgYnkgZGVmYXVsdCwgb25seSBzY2FuIHRhcmdldGVkIHRvIHBvcnQgdGhhdCBoYXZlIGEgbGlzdGVuZXJzIHdpbGwgYmUgbG9nZ2VkLCBzbyB3ZSB3aWxsIHByb2JhYmx5IG1pc3Mgc29tZSBhdHRhY2tzICh3ZSBkbyBOT1QgcmVjb21tYW5kIGRpc2FibGluZyBzdGVhbHRoIG1vZGUpIAo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1maXJld2FsbC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtc2Nhbi1tdWx0aV9wb3J0cwpkZXNjcmlwdGlvbjogIndpbmRvd3MgZmlyZXdhbGwgc3VwcG9ydCA6IGxvZ3MgYW5kIHBvcnQtc2NhbnMgZGV0ZWN0aW9uIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBwb3J0c2NhbgoK", "description": "windows firewall support : logs and port-scans detection scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-firewall-logs" ], "scenarios": [ "crowdsecurity/iptables-scan-multi_ports" ] }, "crowdsecurity/wordpress": { "path": "collections/crowdsecurity/wordpress.yaml", "version": "0.4", "versions": { "0.1": { "digest": "14f428b1d171a092d703478a891db27aaf83a3f6ba99199a3be4a64d193d718d", "deprecated": false }, "0.2": { "digest": "502dde075615e4b98edc705b43d3c3d52de6c0d4e62340b91ab5e8676c916668", "deprecated": false }, "0.3": { "digest": "c342ae222954a731b60b7c72548fe876de791b3722088ae57cee09d2b2fd7028", "deprecated": false }, "0.4": { "digest": "f45c1bb9daec2f8a81e125f75033a3a0198f4eb36c342985f831c77a3057f1bd", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB3b3JkcHJlc3MgYWdhaW5zdCBjb21tb25zIHNjYW5uZXIgYmVoYXZpb3JzIDoKIC0gd3AtbG9naW4ucGhwIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIHdwLWNvbmZpZy5waHAgcHJvYmluZwogLSBhdXRob3IgZW51bWVyYXRpb24KCg==", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc193cGNvbmZpZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc191c2VyLWVudW0KZGVzY3JpcHRpb246ICJ3b3JkcHJlc3M6IEJydXRlZm9yY2UgcHJvdGVjdGlvbiBhbmQgY29uZmlnIHByb2JpbmciCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHdvcmRwcmVzcwogIC0gYnJ1dGVmb3JjZQoK", "description": "wordpress: Bruteforce protection and config probing", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-bf-wordpress_bf", "crowdsecurity/http-wordpress_wpconfig", "crowdsecurity/http-wordpress_user-enum" ] }, "firewallservices/lemonldap-ng": { "path": "collections/firewallservices/lemonldap-ng.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c7ee2139e599aa59a56e0db3b1946470426b0c766978d6dbc2cc8a76e8e22e4b", "deprecated": false } }, "content": "c2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy9sZW1vbmxkYXAtbmctYmYKcGFyc2VyczoKICAtIGZpcmV3YWxsc2VydmljZXMvbGVtb25sZGFwLW5nCmRlc2NyaXB0aW9uOiAiTGVtb25sZGFwOjpORyBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZWZ1cmNlIGRldGVjdGlvbiIKYXV0aG9yOiBmaXJld2FsbHNlcnZpY2VzCnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGVmb3JjZQo=", "description": "Lemonldap::NG support : parser and brutefurce detection", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/lemonldap-ng" ], "scenarios": [ "firewallservices/lemonldap-ng-bf" ] }, "firewallservices/pf": { "path": "collections/firewallservices/pf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d549e7f67cffe712b081a9467a84f94f9a57a3852a369e68d079b61eba83c264", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBwb3J0IHNjYW4gb24gUGZTZW5zZSAvIEZyZWVCU0QK", "content": "c2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCnBhcnNlcnM6CiAgLSBmaXJld2FsbHNlcnZpY2VzL3BmLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZXIgYW5kIHNjZW5hcmlvIGZvciBQYWNrZXQgRmlsdGVyIGxvZ3MiCmF1dGhvcjogZmlyZXdhbGxzZXJ2aWNlcwp0YWdzOgogIC0gZmlyZXdhbGwKICAtIHBmc2Vuc2UKICAtIGZyZWVic2QKICAtIHBvcnRzY2FuCg==", "description": "Parser and scenario for Packet Filter logs", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/pf-logs" ], "scenarios": [ "firewallservices/pf-scan-multi_ports" ] }, "firewallservices/zimbra": { "path": "collections/firewallservices/zimbra.yaml", "version": "0.1", "versions": { "0.1": { "digest": "23dcbf45a7677927d72361f7d0d0210763fd1e4bc019c276b98092966ab14b5c", "deprecated": false } }, "long_description": "IyMgWmltYnJhIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBwYXJzZSBaaW1icmEncyBsb2dzIGFuZCBkZXRlY3QgYnJ1dCBmb3JjZSBvbiB0aGUgZm9sbG93aW5nIHNlcnZpY2VzCi0gd2ViIGF1dGhlbnRpY2F0aW9uIGZvcm0KLSBTTVRQCi0gSU1BUAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9vcHQvemltYnJhL2xvZy9tYWlsYm94LmxvZwpsYWJlbHM6CiAgdHlwZTogemltYnJhCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGZpcmV3YWxsc2VydmljZXMvemltYnJhLWxvZ3MKc2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy96aW1icmEtYmYKZGVzY3JpcHRpb246ICJ6aW1icmEgc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogZmlyZXdhbGxzZXJ2aWNlcwp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UKICAtIHppbWJyYQo=", "description": "zimbra support : parser and spammer detection", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/zimbra-logs" ], "scenarios": [ "firewallservices/zimbra-bf" ] }, "fulljackz/proxmox": { "path": "collections/fulljackz/proxmox.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a671536baca4ae612eede90a29e39e7079a03d4d16fea9a534fab79c50b30deb", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKc2NlbmFyaW9zOgogIC0gZnVsbGphY2t6L3Byb3htb3gtYmYKZGVzY3JpcHRpb246ICJQcm94bW94IFdlYiBpbnRlcmZhY2Ugc3VwcG9ydCA6IHBhcnNlciBmb3IgYnJ1dGUgZm9yY2UgZGV0ZWN0aW9uIG9uIFByb3htb3ggVkUgV2ViIFVJIgphdXRob3I6IGZ1bGxqYWNregp0YWdzOgogIC0gUHJveG1veCAKICAtIGJydXRlZm9yY2UKCg==", "description": "Proxmox Web interface support : parser for brute force detection on Proxmox VE Web UI", "author": "fulljackz", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "fulljackz/proxmox-logs" ], "scenarios": [ "fulljackz/proxmox-bf" ] }, "fulljackz/pureftpd": { "path": "collections/fulljackz/pureftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "efffdc3d30f38ea0e236f6fe55d0997b046ab25f44bef64fbf37ab5fb9b184ed", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBQVVJFRlRQRCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKLSBQVVJFRlRQRCBwYXJzZXI6IGBmdWxsamFja3ovcHVyZWZ0cGQtbG9nc2AKLSBicnV0ZWZvcmNlIHNjZW5hcmlvIDogYGZ1bGxqYWNrei9wdXJlZnRwZC1iZmAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzCnNjZW5hcmlvczoKICAtIGZ1bGxqYWNrei9wdXJlZnRwZC1iZgpkZXNjcmlwdGlvbjogIlB1cmVmdHBkIHN1cHBvcnQgOiBwYXJzZXIgZm9yIGJydXRlIGZvcmNlIGRldGVjdGlvbiBvbiBQdXJlZnRwZCIKYXV0aG9yOiBmdWxsamFja3oKdGFnczoKICAtIFB1cmVmdHBkCiAgLSBicnV0ZWZvcmNlCgo=", "description": "Pureftpd support : parser for brute force detection on Pureftpd", "author": "fulljackz", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "fulljackz/pureftpd-logs" ], "scenarios": [ "fulljackz/pureftpd-bf" ] }, "hitech95/nginx-mail": { "path": "collections/hitech95/nginx-mail.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0dd42652366dd9cc2dcdc8bee7977cc45b51fba865796fb699b0bf5ca010d736", "deprecated": false } }, "long_description": "IyMgTmdpbnggTWFpbCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIE5naW54IG1haWwgcHJveHkKICogTmdpbnggTWFpbCBjb3JlIG1vZHVsZSBsb2cgcGFyc2VycwogKiBOZ2lueCBNYWlsIGF1dGggbW9kdWxlIHNjZW5hcmlvIGJydXRlZm9yY2Ugc3BhbSBhdHRlbXB0CgpJdCBpcyByZWNvbW1lbmRlZCBoYXZpbmcgdGhlIGBjcm93ZHNlY3VyaXR5L25naW54YCBjb2xsZWN0aW9uIGluc3RhbGxlZCEKCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9oaXRlY2g5NQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCiAgLSAuL3Rlc3RzL25naW54L25naW54LmxvZwojdGhpcyBpcyBub3QgYSBzeXNsb2cgbG9nLCBpbmRpY2F0ZSB3aGljaCBraW5kIG9mIGxvZ3MgaXQgaXMKbGFiZWxzOgogIHR5cGU6IG5naW54CmBgYAoKSWYgeW91IGFyZSBydW5uaW5nIE5naW54IGluc2lkZSBkb2NrZXIsIGxpa2UgW21haWx1XShodHRwczovL21haWx1LmlvLyk6CgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZTogCiAtICBtYWlsdS1mcm9udApsYWJlbHM6CiAgdHlwZTogbmdpbngKYGBgCgpub3RlcyA6CiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGhpdGVjaDk1L25naW54LW1haWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBoaXRlY2g5NS9tYWlsLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJuZ2lueCBlbWFpbCBjb3JlIDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBoaXRlY2g5NQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UKICAtIGVtYWlsCg==", "description": "nginx email core : parser and spammer detection", "author": "hitech95", "labels": null, "parsers": [ "hitech95/nginx-mail-logs" ], "scenarios": [ "hitech95/mail-generic-bf" ] }, "jusabatier/apereo-cas": { "path": "collections/jusabatier/apereo-cas.yaml", "version": "0.1", "versions": { "0.1": { "digest": "44e11d3facd2d5ff4b39d72367f688a1dc995270dd78b30ca9226e0a0b70ad3f", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBBcGVyZW8gQ0FTIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgoKKiBDQVMgYXVkaXRzIHBhcnNlcgoqIENBUyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCiogQ0FTICdzbG93JyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1hdWRpdC1sb2dzCnNjZW5hcmlvczoKICAtIGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1iZgogIC0ganVzYWJhdGllci9hcGVyZW8tY2FzLXNsb3ctYmYKZGVzY3JpcHRpb246ICJBUEVSRU8tQ0FTIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBqdXNhYmF0aWVyCnRhZ3M6CiAgLSBBcGVyZW8gQ0FTCiAgLSBicnV0ZWZvcmNlCg==", "description": "APEREO-CAS support : parser and brute-force detection", "author": "jusabatier", "labels": null, "parsers": [ "jusabatier/apereo-cas-audit-logs" ], "scenarios": [ "jusabatier/apereo-cas-bf", "jusabatier/apereo-cas-slow-bf" ] }, "lourys/pterodactyl": { "path": "collections/lourys/pterodactyl.yaml", "version": "0.1", "versions": { "0.1": { "digest": "081021627594cbedcd4523e84b910f71f113feb36f3de50acd1474dd94985916", "deprecated": false } }, "long_description": "IyMgUHRlcm9kYWN0eWwgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBwdGVyb2RhY3R5bCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gQnJ1dGVmb3JjZSBhZ2FpbnN0IHNmdHAKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9wdGVyb2RhY3R5bC93aW5ncy5sb2cKbGFiZWxzOgogIHR5cGU6IHB0ZXJvZGFjdHlsCmBgYA==", "content": "cGFyc2VyczoKICAtIGxvdXJ5cy9wdGVyb2RhY3R5bC13aW5ncy1sb2dzCmNvbGxlY3Rpb25zOgpzY2VuYXJpb3M6CiAgLSBsb3VyeXMvcHRlcm9kYWN0eWwtd2luZ3MtYmYKZGVzY3JpcHRpb246ICJwdGVyb2RhY3R5bCB3aW5ncyBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIHdpbmdzIGJydXRlZm9yY2UiCmF1dGhvcjogbG91cnlzCnRhZ3M6CiAgLSBwdGVyb2RhY3R5bAogIC0gd2luZ3MKICAtIGJydXRlLWZvcmNlCg==", "description": "pterodactyl wings support : parser and generic wings bruteforce", "author": "lourys", "labels": null, "parsers": [ "lourys/pterodactyl-wings-logs" ], "scenarios": [ "lourys/pterodactyl-wings-bf" ] }, "mstilkerich/bind9": { "path": "collections/mstilkerich/bind9.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4ee8361d2f94b53c29a518291fbf548d6fdd336c1dee37942d2c305771796957", "deprecated": false } }, "long_description": "IyMgQmluZDkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBiaW5kOQogKiBMb2cgcGFyc2VyIGZvciBzdXBwb3J0aW5nIGJvdGggbG9ncyBpbiBzeXNsb2cgYW5kIHNlcGFyYXRlIGJpbmQ5IGxvZ2ZpbGUKICogU2NlbmFyaW8gdGhhdCBkZXRlY3RzIGJpbmQ5IHNlY3VyaXR5IHBvbGljeSB2aW9sYXRpb25zCgpUaGlzIGNvbGxlY3Rpb24gc2hvdWxkIGFkZHJlc3MgdGhlIHNhbWUgZXZlbnRzIGFzIHRoZSBmYWlsMmJhbiBuYW1lZC1yZWZ1c2VkCmphaWwuCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkFjcXVpc2l0aW9uIGNvbmZpZ3VyYXRpb24gZGVwZW5kcyBvbiB3aGV0aGVyIGJpbmQ5IGlzIGNvbmZpZ3VyZWQgdG8gbG9nIHRvCnN5c2xvZywgc2VwYXJhdGUgbG9nIGZpbGVzLCBvciBib3RoLgoKRm9yIGEgc2VwYXJhdGUgbG9nIGZpbGUsIHNldCB0aGUgbG9nIHR5cGUgdG8gYG5hbWVkYDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbmFtZWQvc2VjdXJpdHkubG9nCmxhYmVsczoKICB0eXBlOiBuYW1lZApgYGAKCklmIHlvdSBhcmUgdXNpbmcgc3lzbG9nLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkLgo=", "content": "cGFyc2VyczoKICAtIG1zdGlsa2VyaWNoL2JpbmQ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gbXN0aWxrZXJpY2gvYmluZDktcmVmdXNlZApkZXNjcmlwdGlvbjogImJpbmQ5IHN1cHBvcnQgOiBzZWN1cml0eSBwb2xpY3kgdmlvbGF0aW9ucyBkZXRlY3Rpb24iCmF1dGhvcjogbXN0aWxrZXJpY2gKdGFnczoKICAtIGxpbnV4Cg==", "description": "bind9 support : security policy violations detection", "author": "mstilkerich", "labels": null, "parsers": [ "mstilkerich/bind9-logs" ], "scenarios": [ "mstilkerich/bind9-refused" ] }, "schiz0phr3ne/prowlarr": { "path": "collections/schiz0phr3ne/prowlarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3b125f7cb02336af4db16850ba14589f3976f4a9907ac18d568e50a61d6b1bbf", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtQcm93bGFycl0oaHR0cHM6Ly9naXRodWIuY29tL1Byb3dsYXJyL1Byb3dsYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBQcm93bGFyciBwYXJzZXIKIC0gUHJvd2xhcnIgYnJ1dGUtZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYApEZXBlbmRpbmcgb24geW91ciBpbnN0YWxsYXRpb24gbWV0aG9kLCB5b3UgbWF5IG5lZWQgdG8gY2hhbmdlIHRoZSBhY3F1aXNpdGlvbiB0ZW1wbGF0ZS4K", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9wcm93bGFyci1sb2dzCnNjZW5hcmlvczoKICAtIHNjaGl6MHBocjNuZS9wcm93bGFyci1iZgpkZXNjcmlwdGlvbjogIlByb3dsYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gcHJvd2xhcnIK", "description": "Prowlarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/prowlarr-logs" ], "scenarios": [ "schiz0phr3ne/prowlarr-bf" ] }, "schiz0phr3ne/radarr": { "path": "collections/schiz0phr3ne/radarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "577bcb650cb6069a638290703064efa15884614a3ba4736feae2adc37033a4dd", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtSYWRhcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9SYWRhcnIvUmFkYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBSYWRhcnIgcGFyc2VyCiAtIFJhZGFyciBicnV0ZS1mb3JjZSAmIGVudW1lcmF0aW9uIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0Kc291cmNlOiBmaWxlCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvc3lzbG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHlvdSBtYXkgbmVlZCB0byBjaGFuZ2UgdGhlIGFjcXVpc2l0aW9uIHRlbXBsYXRlLgo=", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9yYWRhcnItbG9ncwpzY2VuYXJpb3M6CiAgLSBzY2hpejBwaHIzbmUvcmFkYXJyLWJmCmRlc2NyaXB0aW9uOiAiUmFkYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gcmFkYXJyCg==", "description": "Radarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/radarr-logs" ], "scenarios": [ "schiz0phr3ne/radarr-bf" ] }, "schiz0phr3ne/sonarr": { "path": "collections/schiz0phr3ne/sonarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5a354d90be668eccf6b4c63e176778cb732c01641738a0b4a350ad3556c1fc3b", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtTb25hcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9Tb25hcnIvU29uYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBTb25hcnIgcGFyc2VyCiAtIFNvbmFyciBicnV0ZS1mb3JjZSAmIGVudW1lcmF0aW9uIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0Kc291cmNlOiBmaWxlCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvc3lzbG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHlvdSBtYXkgbmVlZCB0byBjaGFuZ2UgdGhlIGFjcXVpc2l0aW9uIHRlbXBsYXRlLgo=", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9zb25hcnItbG9ncwpzY2VuYXJpb3M6CiAgLSBzY2hpejBwaHIzbmUvc29uYXJyLWJmCmRlc2NyaXB0aW9uOiAiU29uYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gc29uYXJyCg==", "description": "Sonarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/sonarr-logs" ], "scenarios": [ "schiz0phr3ne/sonarr-bf" ] }, "thespad/sshesame": { "path": "collections/thespad/sshesame.yaml", "version": "0.1", "versions": { "0.1": { "digest": "761e58fae8abf3b8093560273f10dfca4f6681a01ba7e5a41b869b39b10dbfef", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gcGFyc2Ugc3NoZXNhbWUgaG9uZXlwb3QgbG9ncy4KCiogc3NoZXNhbWUgbG9nIHBhcnNlcgoqIHNzaGVzYW1lIGxvZ2luIGFuZCBjb21tYW5kIHNjZW5hcmlvcwoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc3NoZXNhbWUubG9nCmxhYmVsczoKICB0eXBlOiBzc2hlc2FtZQpgYGAKCiMjIE5vdGVzCgoqIFRoZSBwYXJzZXIgZXhwZWN0cyBzc2hlc2FtZSBsb2cgdGltZXN0YW1wcyB0byBiZSBlbmFibGVkCiogVGhlIGNvbW1hbmQgc2NlbmFyaW8gd2lsbCBpbW1lZGlhdGVseSBvdmVyZmxvdyBvbiBhbnkgY29tbWFuZCByZWNlaXZlZCBmcm9tIGEgcmVtb3RlIGNsaWVudAo=", "content": "cGFyc2VyczoKICAtIHRoZXNwYWQvc3NoZXNhbWUtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCnNjZW5hcmlvczoKICAtIHRoZXNwYWQvc3NoZXNhbWUtaG9uZXlwb3QKZGVzY3JpcHRpb246ICJDb2xsZWN0aW9uIGZvciBzc2hlc2FtZSBTU0ggaG9uZXlwb3QiCmF1dGhvcjogdGhlc3BhZAp0YWdzOgogIC0gc3NoZXNhbWUKICAtIHNzaAo=", "description": "Collection for sshesame SSH honeypot", "author": "thespad", "labels": null, "parsers": [ "thespad/sshesame-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "thespad/sshesame-honeypot" ] }, "timokoessler/gitlab": { "path": "collections/timokoessler/gitlab.yaml", "version": "0.1", "versions": { "0.1": { "digest": "41638aa525b599bf4cef982cf833362d6c698a8fe780d21534800dcf3dd7f7de", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtHaXRMYWJdKGh0dHBzOi8vYWJvdXQuZ2l0bGFiLmNvbSkgV2ViIFVJIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEdpdExhYiBwYXJzZXIKIC0gR2l0TGFiIGJydXRlLWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgpUZXN0ZWQgd2l0aCB0aGUgT21uaWJ1cyBwYWNrYWdlIHYxNCBhbmQgdjE1LgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9naXRsYWIvZ2l0bGFiLXJhaWxzL3Byb2R1Y3Rpb25fanNvbi5sb2cKbGFiZWxzOgogIHR5cGU6IGdpdGxhYgpgYGAKCm9yIGZvciBEb2NrZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogZ2l0bGFiCmBgYApEZXBlbmRpbmcgb24geW91ciBnaXRsYWIgaW5zdGFsbGF0aW9uIG1ldGhvZCwgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZS4KVGlwOiBEb24ndCBmb3JnZXQgdG8gYWRkIEdpdExhYnMgTmdpbnggbG9ncyB0byBDcm93ZFNlYy4=", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci9naXRsYWItbG9ncwpzY2VuYXJpb3M6CiAgLSB0aW1va29lc3NsZXIvZ2l0bGFiLWJmCmRlc2NyaXB0aW9uOiAiR2l0TGFiIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSBnaXRsYWI=", "description": "GitLab support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/gitlab-logs" ], "scenarios": [ "timokoessler/gitlab-bf" ] }, "timokoessler/mongodb": { "path": "collections/timokoessler/mongodb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5b2ea020a1ac45b47a5b5981c6d913d52c83acb72bdd26b704b1b2c722f5a394", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTW9uZ29EQl0oaHR0cHM6Ly93d3cubW9uZ29kYi5jb20vKSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBNb25nb0RCIHBhcnNlcgogLSBNb25nb0RCIGJydXRlLWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgpNb25nb0RCIHZlcnNpb24gNC40IG9yIGhpZ2hlciBpcyByZXF1aXJlZC4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGRvY2tlciBjb250YWluZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogbW9uZ29kYgpgYGAKCm9yIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL21vbmdvZGIvbW9uZ29kYi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vbmdvZGIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2Uu", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci9tb25nb2RiLWxvZ3MKc2NlbmFyaW9zOgogIC0gdGltb2tvZXNzbGVyL21vbmdvZGItYmYKZGVzY3JpcHRpb246ICJNb25nb0RCIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSBtb25nb2Ri", "description": "MongoDB support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/mongodb-logs" ], "scenarios": [ "timokoessler/mongodb-bf" ] }, "timokoessler/uptime-kuma": { "path": "collections/timokoessler/uptime-kuma.yaml", "version": "0.1", "versions": { "0.1": { "digest": "1168b907ae5a3817d3f6fdaa685a4e2bab130a92242cdb3a46dbe8923ae52022", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtVcHRpbWUgS3VtYV0oaHR0cHM6Ly9naXRodWIuY29tL2xvdWlzbGFtL3VwdGltZS1rdW1hKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBVcHRpbWUgS3VtYSBwYXJzZXIKIC0gVXB0aW1lIEt1bWEgYnJ1dGUtZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCioqVXB0aW1lIEt1bWEgdmVyc2lvbiAxLjE1LjAgb3IgaGlnaGVyIGlzIHJlcXVpcmVkLioqCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uOgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gbXlfY29udGFpbmVyX25hbWUKbGFiZWxzOgogIHR5cGU6IHVwdGltZS1rdW1hCmBgYApEZXBlbmRpbmcgb24geW91ciBpbnN0YWxsYXRpb24gbWV0aG9kLCB5b3UgbWF5IG5lZWQgdG8gY2hhbmdlIHRoZSBhY3F1aXNpdGlvbiB0ZW1wbGF0ZS4=", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1sb2dzCnNjZW5hcmlvczoKICAtIHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1iZgpkZXNjcmlwdGlvbjogIlVwdGltZSBLdW1hIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSB1cHRpbWUta3VtYQ==", "description": "Uptime Kuma support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/uptime-kuma-logs" ], "scenarios": [ "timokoessler/uptime-kuma-bf" ] } }, "parsers": { "Dominic-Wagner/vaultwarden-logs": { "path": "parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "016236c174143284ded1df7e2180c4271b9e7e2e949560aed17b32a00da8c0d6", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6aWRlbnRpdHlcXVxbRVJST1JcXSBVc2VybmFtZSBvciBwYXNzd29yZCBpcyBpbmNvcnJlY3RcLiBUcnkgYWdhaW5cLiBJUDogJXtJUDpzb3VyY2VfaXB9XC4gVXNlcm5hbWU6ICV7RU1BSUxBRERSRVNTOnVzZXJuYW1lfVwuJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6YWRtaW5cXVxbRVJST1JcXSBJbnZhbGlkIGFkbWluIHRva2VuLiBJUDogJXtJUDpzb3VyY2VfaXB9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYWRtaW5fYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cWyV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUiCg==", "description": "Parse vaultwarden logs", "author": "Dominic-Wagner", "labels": null }, "LePresidente/authelia-logs": { "path": "parsers/s01-parse/LePresidente/authelia-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "0d1e7a9e74dc9ce035f8bf45f84dbc8d4741b76f4440d663e8354b87f919913b", "deprecated": false }, "0.2": { "digest": "6180a4b745722e87d7cb946dfa8cbd3a2a70949b95c8e159fd4e3470bce944b3", "deprecated": false }, "0.3": { "digest": "62b1b7424d5fc1c5aad1da9307b05e1164d1b0948dc578228b67ba10e534225b", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQXV0aGVsaWFdKGh0dHBzOi8vd3d3LmF1dGhlbGlhLmNvbSkgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvQXV0aGVsaWEubG9nCmxhYmVsczoKICB0eXBlOiBhdXRoZWxpYQpgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmRlYnVnOiBmYWxzZQpuYW1lOiBMZVByZXNpZGVudGUvYXV0aGVsaWEtbG9ncwpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2F1dGhlbGlhJyIKZGVzY3JpcHRpb246ICJQYXJzZSBBdXRoZWxpYSBsb2dzIgpwYXR0ZXJuX3N5bnRheDogIAogIEFVVEhFTElBX0JBRF9BVVRIOiAnVW5zdWNjZXNzZnVsIDFGQSBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGJ5IHVzZXIgXFMoJXtFTUFJTEFERFJFU1M6ZW1haWx9fCV7VVNFUk5BTUU6dXNlcm5hbWV9KVxTJwogIEFVVEhFTElBX0JBRF9EVU86ICdVbnN1Y2Nlc3NmdWwgRHVvIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgYnkgdXNlciBcUygle0VNQUlMQUREUkVTUzplbWFpbH18JXtVU0VSTkFNRTp1c2VybmFtZX0pXFMnCiAgQVVUSEVMSUFfQkFEX1RPVFA6ICdVbnN1Y2Nlc3NmdWwgVE9UUCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGJ5IHVzZXIgXFMoJXtFTUFJTEFERFJFU1M6ZW1haWx9fCV7VVNFUk5BTUU6dXNlcm5hbWV9KVxTJwogIEFVVEhFTElBX0NMRl9CQURBVVRIOiAnXnRpbWU9IiV7UkZDMzMzOTp0aW1lc3RhbXB9Ii4qPyV7QVVUSEVMSUFfQkFEX0FVVEh9Lio/cmVtb3RlX2lwPSV7SVA6cmVtb3RlX2lwfScKICBBVVRIRUxJQV9DTEZfRFVPOiAnXnRpbWU9IiV7UkZDMzMzOTp0aW1lc3RhbXB9Ii4qPyV7QVVUSEVMSUFfQkFEX0RVT30uKj9yZW1vdGVfaXA9JXtJUDpyZW1vdGVfaXB9JwogIEFVVEhFTElBX0NMRl9UT1RQOiAnXnRpbWU9IiV7UkZDMzMzOTp0aW1lc3RhbXB9Ii4qPyV7QVVUSEVMSUFfQkFEX1RPVFB9Lio/cmVtb3RlX2lwPSV7SVA6cmVtb3RlX2lwfScKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiQVVUSEVMSUFfQ0xGX0JBREFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IGF1dGhlbGlhX2ZhaWxlZF9jbGZfYXV0aCAKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJBVVRIRUxJQV9DTEZfRFVPIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBhdXRoZWxpYV9mYWlsZWRfY2xmX2F1dGggCiAgLSBncm9rOgogICAgICBuYW1lOiAiQVVUSEVMSUFfQ0xGX1RPVFAiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IGF1dGhlbGlhX2ZhaWxlZF9jbGZfYXV0aCAKICAtIGdyb2s6CiAgICBub2RlczoKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogVW5zdWNjZXNzZnVsICgxRkF8RHVvfFRPVFApIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgYnkgdXNlciAnKCV7RU1BSUxBRERSRVNTOmVtYWlsfXwle1VTRVJOQU1FOnVzZXJuYW1lfSknCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJtc2ciKQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICAgIHZhbHVlOiBhdXRoZWxpYV9mYWlsZWRfanNvbl9hdXRoCiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0lQOnJlbW90ZV9pcH0nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJyZW1vdGVfaXAiKQogICAgICAtIGdyb2s6IAogICAgICAgICAgcGF0dGVybjogJyV7UkZDMzMzOTp0aW1lc3RhbXB9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZSIpCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBhdXRoZWxpYQogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXJuYW1lIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmVtYWlsIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfaXAi", "description": "Parse Authelia logs", "author": "LePresidente", "labels": null }, "LePresidente/emby-logs": { "path": "parsers/s01-parse/LePresidente/emby-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "e4721455bd2732edce9a185498f865f42eaa945c76de2fc62666ecbcc8257aff", "deprecated": false }, "0.2": { "digest": "a059a5f6bd938262e7775f158a6a4fe0902ae44e0f4d853285613553be7ea236", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbZW1ieV0oaHR0cHM6Ly9lbWJ5Lm1lZGlhKSBMb2dzLgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9lbWJ5c2VydmVyLnR4dApsYWJlbHM6CiAgdHlwZTogZW1ieQpgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2VtYnktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGVtYnkgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdlbWJ5JyIKcGF0dGVybl9zeW50YXg6CiAgREFURV9ZTUQ6ICIle1lFQVI6eWVhcn0tJXtNT05USE5VTTptb250aH0tJXtNT05USERBWTpkYXl9Igpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0uKj9BVVRILUVSUk9SOiAle0lQOnNvdXJjZV9pcH0gLSBJbnZhbGlkIHVzZXJuYW1lIG9yIHBhc3N3b3JkIGVudGVyZWRcLiQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVtYnlfZmFpbGVkX2F1dGgKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGVtYnkKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcA==", "description": "Parse emby logs", "author": "LePresidente", "labels": null }, "LePresidente/gitea-logs": { "path": "parsers/s01-parse/LePresidente/gitea-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "61733cf559c01d68ad3ee7d571c836273a0f26e03d1ac7d3b6c5f80783f802de", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbR2l0ZWFdKGh0dHBzOi8vZ2l0ZWEuaW8pIExvZ3MuCgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGVhLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0ZWEKYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2dpdGVhLWxvZ3MKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdnaXRlYSciCmRlc2NyaXB0aW9uOiAiUGFyc2UgZ2l0ZWEgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgQ1VTVE9NREFURTogIiV7REFURV9YfSAle1RJTUV9Igpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtDVVNUT01EQVRFOnRpbWVzdGFtcH0uKj9GYWlsZWQgYXV0aGVudGljYXRpb24gYXR0ZW1wdCBmb3IgKCV7RU1BSUxBRERSRVNTOmVtYWlsfXwle1VTRVJOQU1FOnVzZXJuYW1lfSkgZnJvbSAle0lQOnJlbW90ZV9pcH06JXtOVU1CRVI6cmVtb3RlX3BvcnR9OiB1c2VyIGRvZXMgbm90IGV4aXN0JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBnaXRlYV9mYWlsZWRfYXV0aAoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogZ2l0ZWEKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5lbWFpbCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2lwIg==", "description": "Parse gitea logs", "author": "LePresidente", "labels": null }, "LePresidente/jellyseerr-logs": { "path": "parsers/s01-parse/LePresidente/jellyseerr-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "7d41498c0683ae655c3a6dcd35b9bcd8986cbe73fc4567fd09ffdf12ca3d8176", "deprecated": false }, "0.2": { "digest": "8db12c71262bc7ea91380d2ba1387efbb932c4c384b65945b017201442ca1f18", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGplbGx5c2VlcnIgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdqZWxseXNlZXJyJyIKcGF0dGVybl9zeW50YXg6CiAgQ1VTVE9NVVNFUjogIigle0VNQUlMQUREUkVTU318JXtVU0VSTkFNRX0pIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle1JGQzMzMzk6dGltZXN0YW1wfS4qRmFpbGVkIHNpZ24taW4gYXR0ZW1wdCB1c2luZyBpbnZhbGlkIC4qIHBhc3N3b3JkLip7ImlwIjoiOjpmZmZmOiV7SVA6c291cmNlX2lwfSIsImVtYWlsIjoiJXtDVVNUT01VU0VSOnVzZXJuYW1lfSJ9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBqZWxseXNlZXJyX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtSRkMzMzM5OnRpbWVzdGFtcH0uKkZhaWxlZCBsb2dpbiBhdHRlbXB0IGZyb20gdXNlciB3aXRoIGluY29ycmVjdC4qY3JlZGVudGlhbHMgeyJhY2NvdW50Ijp7ImlwIjoiOjpmZmZmOiV7SVA6c291cmNlX2lwfSIsImVtYWlsIjoiJXtDVVNUT01VU0VSOnVzZXJuYW1lfSIsInBhc3N3b3JkIjoiX19SRURBQ1RFRF9fIn19JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBqZWxseXNlZXJyX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtSRkMzMzM5OnRpbWVzdGFtcH0uKkZhaWxlZCBzaWduLWluIGF0dGVtcHQgdXNpbmcgaW52YWxpZCAuKiBwYXNzd29yZC4qeyJpcCI6IiV7SVA6c291cmNlX2lwfSIsImVtYWlsIjoiJXtDVVNUT01VU0VSOnVzZXJuYW1lfSJ9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBqZWxseXNlZXJyX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtSRkMzMzM5OnRpbWVzdGFtcH0uKkZhaWxlZCBsb2dpbiBhdHRlbXB0IGZyb20gdXNlciB3aXRoIGluY29ycmVjdC4qY3JlZGVudGlhbHMgeyJhY2NvdW50Ijp7ImlwIjoiJXtJUDpzb3VyY2VfaXB9IiwiZW1haWwiOiIle0NVU1RPTVVTRVI6dXNlcm5hbWV9IiwicGFzc3dvcmQiOiJfX1JFREFDVEVEX18ifX0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGplbGx5c2VlcnJfZmFpbGVkX2F1dGgKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGplbGx5c2VlcnIKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcA==", "description": "Parse jellyseerr logs", "author": "LePresidente", "labels": null }, "LePresidente/ombi-logs": { "path": "parsers/s01-parse/LePresidente/ombi-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "349a5cf885c37a19465568ffdd1951677c0a9c9657cfa2fcd952d07899b1166d", "deprecated": false }, "0.2": { "digest": "a0cb8745d077d692586d36eb64b052a139666d26bc04f4a48cd72575eab714d1", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbT21iaV0oaHR0cHM6Ly9vbWJpLmlvKSBMb2dzLgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9vbWJpL2xvZy0qLnR4dApsYWJlbHM6CiAgdHlwZTogb21iaQpgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL29tYmktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9tYmkgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdvbWJpJyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9Lio/RmFpbGVkIGxvZ2luIGF0dGVtcHQgYnkgSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG9tYmlfYXV0aF9mYWlsZWQKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG9tYmkKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcA==", "description": "Parse ombi logs", "author": "LePresidente", "labels": null }, "aderumier/proxmox-iptables-logs": { "path": "parsers/s01-parse/aderumier/proxmox-iptables-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "c0c3a2300829f3172cd2b850ed3c21fcc27765a587b31ebad8c1223c06cc647f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHByb3htb3ggaXB0YWJsZXMgZm9ybWF0IGAtaiBORkxPRyAtLW5mbG9nLXByZWZpeCAnJHZtaWQ6JGxvZ2xldmVsOiRjaGFpbjogJG1zZydgOgoKIC0gT25seSBwYXJzZSBrZXJuZWwgbWVzc2FnZXMgY29udGFpbmluZyBgLUlOPWAsIHNwZWNpZmljIHRvIHByb3htb3ggKDxjaGFpbj4tSU4pCiAtIFNraXAgbGluZXMgaWYgZGVjaXNpb25zIGlzIGBBQ0NFUFRgIG9yIGBQVkVGVy1TRVQtQUNDRVBULU1BUktgCiAtIEFsbCBsb2dnZWQgcGFja2V0cyBhcmUgY29uc2lkZXJlZCBhcyBEUk9Qcy4K", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnUFZFRlctcmVqZWN0JyBvciBldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ0RST1AnIG9yIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnUkVKRUNUJyIKZGVidWc6IGZhbHNlCm5hbWU6IGFkZXJ1bWllci9wcm94bW94LWlwdGFibGVzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwcm94bW94IGlwdGFibGVzIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAiXiV7Tk9UU1BBQ0U6dm1pZH0gJXtOT1RTUEFDRTpsb2dsZXZlbH0gJXtOT1RTUEFDRTppbnRfZXRofS1JTiAle0hUVFBEQVRFOmxvZ2RhdGV9IChwb2xpY3kgKT8le05PVFNQQUNFOmFjdGlvbn06KCBJTj0le0RBVEE6aWZhY2V9KT8oIE9VVD0le0RBVEE6b2ZhY2V9KT8oIFBIWVNJTj0le0RBVEE6cGh5c2lufSk/KCBQSFlTT1VUPSV7REFUQTpwaHlzb3V0fSk/KCBNQUM9JXtNQUM6ZHN0X21hY306JXtNQUN9JXtOT1RTUEFDRX0pPyBTUkM9JXtJUDpzcmNfaXB9IERTVD0le0lQOmRzdF9pcH0gTEVOPSV7SU5UOmRhdGFfbGVuZ3RofSggVE9TPTB4JXtCQVNFMTZOVU06dG9zfSk/KCBQUkVDPTB4JXtCQVNFMTZOVU06cHJlY30pPyggVEM9JXtJTlR9KT8oIEZMT1dMQkw9JXtJTlR9KT8oIEhPUExJTUlUPSV7SU5UOnR0bH0pPyggVFRMPSV7SU5UOnR0bH0pPyggSUQ9JXtJTlQ6aWR9KT8oICV7V09SRH0pPyBQUk9UTz0le05PVFNQQUNFOnByb3RvfSggU1BUPSV7SU5UOnNyY19wb3J0fSk/KCBEUFQ9JXtJTlQ6ZHN0X3BvcnR9KT8oIExFTj0le0lOVDpkYXRhX2xlbmd0aH0pPyggU0VRPSV7SU5UfSk/KCBBQ0s9JXtJTlQ6YWNrfSk/KCBXSU5ET1c9JXtJTlR9KT8oICV7V09SRDp0Y3BfZmxhZ3N9KT8iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCg==", "description": "Parse proxmox iptables drop logs", "author": "aderumier", "labels": null }, "baudneo/gotify-logs": { "path": "parsers/s01-parse/baudneo/gotify-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "526d78255dcba17af4ee78e969241dfdcf00fe1efee8d4498e4875ec2db9d0b8", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciB0aGF0IHdpbGwgc2VhcmNoIGZvciB1bmF1dGhvcml6ZWQgKDQwMSkgc3RhdHVzIGNvZGUgaW4gYSBsb2cgZmlsZSB0aGF0IGdvdGlmeSBpcyBvdXRwdXR0aW5nIGl0cyBzdGRvdXQgdG8uIApGcm9tIHRlc3RpbmcgaXQgc2VlbXMgZ290aWZ5IHJldHVybnMgYSA0MDEgZm9yIHVua25vd24gdXNlciwgYmFkIHBhc3N3b3JkLCBhbmQgaW5jb3JyZWN0IHRva2Vucy4gVGhlcmUgaXMgbm8gd2F5IHRvIApkZXRlcm1pbmUgd2hpY2ggaXMgd2hpY2ggc28gdGhpcyBwYXJzZXIgd2lsbCBvbmx5IHNlYXJjaCBmb3IgNDAxIHN0YXR1cyBjb2RlLgoKIyBIT1cgVE8gSU5TVEFMTCBQUk9QRVJMWQotIFJFUVVJUkVEIC0gZXhhbXBsZSBgYWNxdWlzLnlhbWxgIGVudHJ5IC0gVGhlIGB0eXBlYCAqKk1VU1QqKiBiZSBleGFjdGx5IGFzIHNob3duIGhlcmUgb3IgdGhlIHBhcnNlciB3aWxsIG5ldmVyIGJlIHN1Y2Nlc3NmdWwuCgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9wYXRoL3RvL2dvdGlmeS5sb2cKbGFiZWxzOgogIHR5cGU6IGdvdGlmeQpgYGAKOmV4Y2xhbWF0aW9uOiBUaGUgYHR5cGVgICoqTVVTVCoqIGJlIGBnb3RpZnlgIDpleGNsYW1hdGlvbjoKCiMgU3RhdGljcwotIFRoZSBJUCBpcyB0aGUgb25seSBkYXRhIGdyYWJiZWQgZnJvbSB0aGUgbG9nIGFuZCBpcyBzdG9yZWQgaW4gYGV2dC5QYXJzZWQuc291cmNlX2lwYCBhbmQgYGV2dC5NZXRhLnNvdXJjZV9pcGAKCiMgSG93IHRvIC0gSGF2ZSBHb3RpZnkgKERvY2tlcikgbG9nIHRvIGEgZmlsZQotIFlvdSBtdXN0IGNyZWF0ZSB5b3VyIG93biBgRG9ja2VyZmlsZWAgYW5kIHRoZW4gYnVpbGQgaXQuIEV4YW1wbGUgRG9ja2VyZmlsZSBhcyBmb2xsb3dzLgpgYGBEb2NrZXJmaWxlCkZST00gZ290aWZ5L3NlcnZlcgpFTlRSWVBPSU5UIC9iaW4vYmFzaCAtYyAnL2FwcC9nb3RpZnktYXBwIHwgdGVlIC9hcHAvZGF0YS9nb3RpZnkubG9nJwpgYGAKLSBCdWlsZCB0aGUgaW1hZ2UgYHN1ZG8gZG9ja2VyIGJ1aWxkIC10IDxUQUcgTkFNRT5gCi0gRXhhbXBsZSBgPFRBRyBOQU1FPmAgLSBzZXJ2ZXIvZ290aWZ5OmxvZ2dlcgotIE5vdyBtYWtlIGEgZG9ja2VyLWNvbXBvc2UgZmlsZSB0byB1c2UgdGhlIGltYWdlLCB0aGUgbG9nIGZpbGUgd2lsbCBlbmQgdXAgaW4gdGhlIGBnb3RpZnlfZGF0YWAgZGlyZWN0b3J5CmBgYGRvY2tlcgogIGdvdGlmeToKICAgIGltYWdlOiBnb3RpZnkvc2VydmVyOmxvZ2dlcgogICAgY29udGFpbmVyX25hbWU6IGdvdGlmeQogICAgcmVzdGFydDogYWx3YXlzCiAgICBwb3J0czoKICAgICAgLSA4MDgwOjgwCiAgICB2b2x1bWVzOgogICAgICAtICIuL2dvdGlmeV9kYXRhOi9hcHAvZGF0YSIKCmBgYAo=", "content": "I2ZpbHRlcjogJzEgPT0gMScgICMgRm9yIGh1YiB0ZXN0cwpmaWx0ZXI6IGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAiZ290aWZ5IiAgIyBQcm9kdWN0aW9uCiNkZWJ1ZzogdHJ1ZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogYmF1ZG5lby9nb3RpZnktbG9ncwpkZXNjcmlwdGlvbjogcGFyc2VyIGZvciBHb3RpZnkgc2VydmVyCnBhdHRlcm5fc3ludGF4OgogIEdPVElGWV9TRVBFUkFUT1I6ICcle1NQQUNFfVx8JXtTUEFDRX0nCiAgR09USUZZXzQwMTogJ15cW0dJTlxdXHMqJXtZRUFSOnllYXJ9LyV7TU9OVEhOVU06bW9udGh9LyV7TlVNQkVSOmRheX0le1NQQUNFfVstXSV7U1BBQ0V9JXtUSU1FOnRpbWV9JXtHT1RJRllfU0VQRVJBVE9SfTQwMSV7R09USUZZX1NFUEVSQVRPUn0le0RBVEE6cmVxdWVzdF90aW1lX3Rvb2t9JXtHT1RJRllfU0VQRVJBVE9SfSV7SVA6c291cmNlX2lwfSV7R09USUZZX1NFUEVSQVRPUn0le1dPUkQ6cmVxdWVzdF90eXBlfSV7U1BBQ0V9IiV7REFUQTplbmRwb2ludH0iJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJHT1RJRllfNDAxIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBnb3RpZnlfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogfC0KICAgICAgICAgICAgZXZ0LlBhcnNlZC55ZWFyKyAiLyIgKyBldnQuUGFyc2VkLm1vbnRoICsgIi8iICsgZXZ0LlBhcnNlZC5kYXkgKyAiICIgKyBldnQuUGFyc2VkLnRpbWUKc3RhdGljczoKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAK", "description": "parser for Gotify server", "author": "baudneo", "labels": null }, "baudneo/zoneminder-logs": { "path": "parsers/s01-parse/baudneo/zoneminder-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "f603455093722174960807241d0959bfbd485c089372e4770298a0a9cd219001", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciB0aGF0IHNlYXJjaGVzIGZvciB1bmtub3duIHVzZXIgYW5kIGluY29ycmVjdCBwYXNzd29yZCBsb2dpbnMgdG8gWm9uZU1pbmRlciBieSB1c2luZyBgd2ViX3BocC5sb2dgIGFzIGEgZGF0YSBzb3VyY2UuCgojIEhPVyBUTyBJTlNUQUxMIFBST1BFUkxZCi0gUkVRVUlSRUQgLSBleGFtcGxlIGBhY3F1aXMueWFtbGAgZW50cnkgLSB0aGUgYHR5cGVgIG11c3QgYmUgZXhhY3RseSBhcyBzaG93biBoZXJlIG9yIHRoZSBwYXJzZXIgd2lsbCBuZXZlciBiZSBzdWNjZXNzZnVsLgoqKipUaGUgbG9nIHBhdGggaXMgdGhlIGRlZmF1bHQgcGF0aCBvbiBhIGRlYmlhbiBiYXNlZCBkaXN0cm8sIGNoYW5nZSB0byBwb2ludCB0b3dhcmRzIHdoZXJlIHlvdXIgWm9uZU1pbmRlciBgd2ViX3BocC5sb2dgIGlzKioqCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvem0vd2ViX3BocC5sb2cKbGFiZWxzOgogIHR5cGU6IHpvbmVtaW5kZXIKYGBgCjpleGNsYW1hdGlvbjogVGhlIGB0eXBlYCAqKk1VU1QqKiBiZSBgem9uZW1pbmRlcmAgOmV4Y2xhbWF0aW9uOgoKIyBTdGF0aWNzCi0gSVAgaXMgbG9nZ2VkIGFzIGBldnQuUGFyc2VkLnNvdXJjZV9pcGAgYW5kIGBldnQuTWV0YS5zb3VyY2VfaXBgCi0gVXNlcm5hbWUgaXMgbG9nZ2VkIGFzIGBldnQuUGFyc2VkLnVzZXJuYW1lYCBhbmQgYGV2dC5NZXRhLnVzZXJuYW1lYAo=", "content": "ZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gInpvbmVtaW5kZXIiICAgIyBQcm9kdWN0aW9uCiNkZWJ1ZzogdHJ1ZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogYmF1ZG5lby96b25lbWluZGVyLWxvZ3MKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciB6b25lbWluZGVyIHdlYl9waHAubG9nIChMb2dpbnMgdG8gREIvV2ViKQpwYXR0ZXJuX3N5bnRheDoKICBaTV9USU1FOiAyWzAxMjNdfFswMV0/WzAtOV06WzAtNV1bMC05XTooPzpbMC01XT9bMC05XXw2MCkKICBaTV9CQURVU0VSOiBeJXtNT05USE5VTTptb250aH1bLy1dJXtNT05USERBWTpkYXl9Wy8tXSV7WUVBUjp5ZWFyfVstIF0le1pNX1RJTUU6dGltZX1cLlxkKy4qXFsoJXtJUDpzb3VyY2VfaXB9KVxdXHNcW0NvdWxkIG5vdCByZXRyaWV2ZSB1c2VyICV7REFUQTp1c2VybmFtZX0gZGV0YWlsc1xdCiAgWk1fQkFEUEFTU1dPUkQ6IF4le01PTlRITlVNOm1vbnRofVsvLV0le01PTlRIREFZOmRheX1bLy1dJXtZRUFSOnllYXJ9Wy0gXSV7Wk1fVElNRTp0aW1lfVwuXGQrXHMoJXtXT1JEfSlcWy4qXFsoJXtJUDpzb3VyY2VfaXB9KVxdXHNcW0xvZ2luIGRlbmllZCBmb3IgdXNlciBcIiV7REFUQTp1c2VybmFtZX1cIlxdCiMgMDEvMDYvMjIgMDk6MjY6MTUuMTE3NDM0IHdlYl9waHBbMjU4XS5FUlIgWzk5LjEuMS4xXSBbQ291bGQgbm90IHJldHJpZXZlIHVzZXIgdGVzdHVzZXIgZGV0YWlsc10gYXQgL3Vzci9zaGFyZS96b25lbWluZGVyL3d3dy9pbmNsdWRlcy9hdXRoLnBocCBsaW5lIDMxMwojIDAxLzA2LzIyIDA5OjI3OjM5Ljg0MzMzOCB3ZWJfcGhwWzY4OF0uRVJSIFs5OS4xLjEuMV0gW0xvZ2luIGRlbmllZCBmb3IgdXNlciAidmFsaWR1c2VyIl0gYXQgL3Vzci9zaGFyZS96b25lbWluZGVyL3d3dy9pbmNsdWRlcy9hdXRoLnBocCBsaW5lIDMxMwoKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiWk1fQkFEUEFTU1dPUkQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHptX2ZhaWxlZF9hdXRoCiAgICAgICAgLSBtZXRhOiBsb2dfc3VidHlwZQogICAgICAgICAgdmFsdWU6IHptX2JhZF9wYXNzd29yZAogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJaTV9CQURVU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB6bV9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogbG9nX3N1YnR5cGUKICAgICAgICAgIHZhbHVlOiB6bV9iYWRfdXNlcgogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKCnN0YXRpY3M6CiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgLSB0YXJnZXQ6IFN0clRpbWUKICAgIGV4cHJlc3Npb246IHwtCiAgICAgICIyMCIgKyBldnQuUGFyc2VkLnllYXIgKyAiLyIgKyBldnQuUGFyc2VkLm1vbnRoICsgIi8iICsgZXZ0LlBhcnNlZC5kYXkgKyAiICIgKyBldnQuUGFyc2VkLnRpbWUKCg==", "description": "A parser for zoneminder web_php.log (Logins to DB/Web)", "author": "baudneo", "labels": null }, "crowdsecurity/apache2-logs": { "path": "parsers/s01-parse/crowdsecurity/apache2-logs.yaml", "stage": "s01-parse", "version": "1.1", "versions": { "0.1": { "digest": "405a1eacb736240024a1302fb7a95184bd1dbb4205c9746877b01aa74aff602f", "deprecated": false }, "0.2": { "digest": "911be04b02a2aef5052020087b0941c9a646a0ad6213cb34d541d35c5c10fba1", "deprecated": false }, "0.3": { "digest": "2acd7b53dd7ac9765246dbcc539395ad89942a5b48f3cab6b1489cb6c9fe1360", "deprecated": false }, "0.4": { "digest": "63c47a8b0740d05e15a84640c44cdbc7b96907deae4650dcdb61329d37bcf9e8", "deprecated": false }, "0.5": { "digest": "cb41418db5e5dcf3f1e0fba7731f2eab8eff07f1083a92f5e45e13a4d8f6ff95", "deprecated": false }, "0.6": { "digest": "305729e749b6c7c7c7370d0b2fd247c5de13c3d3b45809745049eeb45d7f46b9", "deprecated": false }, "0.7": { "digest": "8244953978839afc950bea90934cf20834d4f243b79163a44c8ff67b9eb9e459", "deprecated": false }, "0.8": { "digest": "b37a7940a2b6c0b7b909679c1e837ec9e6628f24e9a88f8830600e0df9ba5941", "deprecated": false }, "0.9": { "digest": "f4fa2cfb6ff5742b499f575630acf884e1dbdd6af7196e2fd3a2aeeeec9bceb9", "deprecated": false }, "1.0": { "digest": "bc4cce2766afde63489bfe7d8d1f8aec82f9c897da5e824904156c53cdc555f6", "deprecated": false }, "1.1": { "digest": "311e3761538c96f641478da49af219df8084205e191c39f3794fba4a4780ed76", "deprecated": false } }, "long_description": "VGhpcyBhcGFjaGUyIHBhcnNlciBzdXBwb3J0IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyBpbiB0aGUgSFRUUEQgQ09NQklORUQgTE9HIHN0YW5kYXJkIGZvcm1hdCwgd2l0aCB0aGUgZm9sbG93aW5nIHBvc3NpYmxlIG1vZGlmaWNhdGlvbnMgOgogLSBBbiBvcHRpb25hbCBJUCBvciBGUUROIGNhbiBiZSBwcmVzZW50IGFzIHRoZSBmaXJzdCBlbGVtZW50IG9mIGxpbmUsIGFuZCB3aWxsIGJlIHN0b3JlZCBpbiBgdGFyZ2V0X2ZxZG5gLiBUaGlzIGlzIG1lYW50IGZvciBtdWx0aS10ZW5hbnQgLyBhZ2dyZWdhdGVkIGxvZ3MuCiAtIGByZWZlcnJlcmAgYW5kIGB1c2VyX2FnZW50YCBoYXZlIGJlZW4gbWFkZSBvcHRpb25hbCBmb3IgbW9yZSBlcHVyYXRlZCBsb2dnaW5nIGZvcm1hdHMKCgoqbm90ZSA6KiBJZiB5b3UgYXJlIGFnZ3JlZ2F0aW5nIGxvZ3MgZnJvbSBzZXZlcmFsIGRvbWFpbnMsIHByZWZpeCB5b3VyIGxvZ2xpbmUgd2l0aCB0aGUgdGFyZ2V0IEZRRE4uIEhUVFAgYmFzZWQgc2NlbmFyaW9zIHNob3VsZCB0YWtlIHRoaXMgaW50byBhY2NvdW50IHNvIHRoYXQgYnVja2V0cyBhcmUgX3Blcl8gc291cmNlIElQIHBlciB0YXJnZXQgRlFETiwgbGltaXRpbmcgZmFsc2UgcG9zaXRpdmVzIGR1ZSB0byBsb2dzIG11bHRpcGxleGluZy4K", "content": "I0FwYWNoZSBhY2Nlc3MvZXJyb3JzIGxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBzdGFydHNXaXRoICdhcGFjaGUyJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXBhY2hlMiBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCiNsb2cgbGluZSBjYW4gYmUgcHJlZml4ZWQgYnkgYSB0YXJnZXRfZnFkbgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0NPTU1PTkFQQUNIRUxPR30oICIle05PVERRVU9URTpyZWZlcnJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9Iik/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgICB2YWx1ZTogaHR0cAogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudGlwCiAgICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQogICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICAtIG1ldGE6IGh0dHBfdmVyYgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAgICAgICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogICAgICAgIC0gbWV0YTogdGFyZ2V0X2ZxZG4KICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9mcWRuIgogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtIVFRQRF9FUlJPUkxPR30nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgIHBhdHRlcm5fc3ludGF4OgogICAgICBOT1RfRE9VQkxFX1BPSU5UOiAnW146XSsnCiAgICAgIE5PVF9ET1VCTEVfUVVPVEU6ICdbXiJdKycgICAgCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1vZHVsZSA9PSAnYXV0aF9iYXNpYyciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBFWFRSQUNUX1VTRVJfQU5EX1BBVEg6ICd1c2VyICV7Tk9UX0RPVUJMRV9QT0lOVDp1c2VybmFtZX06IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmUgZm9yICIle05PVF9ET1VCTEVfUVVPVEU6dGFyZ2V0X3VyaX0iOiBQYXNzd29yZCBNaXNtYXRjaCcKICAgICAgICAgIEVYVFJBQ1RfVVNFUl9BTkRfUEFUSDI6ICd1c2VyICV7Tk9UX0RPVUJMRV9QT0lOVDp1c2VybmFtZX0gbm90IGZvdW5kOiAiPyV7Tk9UX0RPVUJMRV9RVU9URTp0YXJnZXRfdXJpfSI/JwogICAgICAgIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtFWFRSQUNUX1VTRVJfQU5EX1BBVEh9fCV7RVhUUkFDVF9VU0VSX0FORF9QQVRIMn0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2NvcmUnICYmIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnSW52YWxpZCBVUkknIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgRVhUUkFDVF9VUklWRVJCOiAnSW52YWxpZCBVUkkgaW4gcmVxdWVzdCAle1dPUkQ6dmVyYn0gJXtOT1RTUEFDRTpyZXF1ZXN0fSg/OiBIVFRQLyV7TlVNQkVSOmh0dHB2ZXJzaW9ufSknCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfVVJJVkVSQn0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJpbnZhbGlkX3VyaSIKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1vZHVsZSA9PSAnYXV0aHpfY29yZScgJiYgZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdjbGllbnQgZGVuaWVkJyIKICAgICAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIEVYVFJBQ1RfUEFUSDogJ2NsaWVudCBkZW5pZWQgYnkgc2VydmVyIGNvbmZpZ3VyYXRpb246ICV7R1JFRURZREFUQTp0YXJnZXRfdXJpfScKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7RVhUUkFDVF9QQVRIfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGFyZ2V0X3VyaQogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogInBlcm1pc3Npb25fZGVuaWVkIgogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBodHRwX2Vycm9yLWxvZwogICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgICB2YWx1ZTogaHR0cAogICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50CiAgICAgIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlc3BvbnNlCgogICAgICAK", "description": "Parse Apache2 access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/asterisk-logs": { "path": "parsers/s01-parse/crowdsecurity/asterisk-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "6c32f0c5c37b86d83b35c9c90aee2550b8c2d59748a31bd2ba95842be35bf031", "deprecated": false }, "0.2": { "digest": "29155ff1a969acdbd1be800f350168d0b2bf2c2adcfd9350d284667d857e9fe3", "deprecated": false }, "0.3": { "digest": "f8a4fb06d81b9b1344ae9ba158c34b069f234597dc2fa140ae2f139cc8da148d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBhc3RlcmlzayBsb2dzIChwYXJzZSBvbmx5IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBsb2dzIGZvciB0aGUgbW9tZW50KS4=", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlzay1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXN0ZXJpc2sgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdhc3RlcmlzayciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcWyV7REFUQTp0aW1lc3RhbXB9XF0gU0VDVVJJVFlcWyV7TlVNQkVSfVxdLiogU2VjdXJpdHlFdmVudD0iSW52YWxpZEFjY291bnRJRCIsRXZlbnRUVj0iJXtEQVRBOmV2ZW50X3RpbWVzdGFtcH0iLFNldmVyaXR5PSJFcnJvciIsU2VydmljZT0iJXtOT1REUVVPVEU6YXN0ZXJpc2tfc2VydmljZX0iLEV2ZW50VmVyc2lvbj0iJXtOVU1CRVJ9IixBY2NvdW50SUQ9IiV7Tk9URFFVT1RFOnVzZXJuYW1lfSIsU2Vzc2lvbklEPSIle05PVERRVU9URTphc3Rlcmlza19zZXNzaW9uX2lkfSIsTG9jYWxBZGRyZXNzPSJJUFYle05VTUJFUn0vKFVEUHxUQ1ApLyV7SVBPUkhPU1Q6dGFyZ2V0X2lwfS8le05VTUJFUjp0YXJnZXRfcG9ydH0iLFJlbW90ZUFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDpzb3VyY2VfaXB9LyV7TlVNQkVSOnNvdXJjZV9wb3J0fSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGFzdGVyaXNrX2ZhaWxlZF9hdXRoCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgICAtIG1ldGE6IHNlc3Npb25faWQKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuYXN0ZXJpc2tfc2Vzc2lvbl9pZAogICAgICAgIC0gbWV0YTogYXN0ZXJpc2tfc2VydmljZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXJ2aWNlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0RBVEE6dGltZXN0YW1wfVxdIFNFQ1VSSVRZXFsle05VTUJFUn1cXS4qIFNlY3VyaXR5RXZlbnQ9IkNoYWxsZW5nZVJlc3BvbnNlRmFpbGVkIixFdmVudFRWPSIle0RBVEE6ZXZlbnRfdGltZXN0YW1wfSIsU2V2ZXJpdHk9IkVycm9yIixTZXJ2aWNlPSIle05PVERRVU9URTphc3Rlcmlza19zZXJ2aWNlfSIsRXZlbnRWZXJzaW9uPSIle05VTUJFUn0iLEFjY291bnRJRD0iJXtOT1REUVVPVEU6dXNlcm5hbWV9IixTZXNzaW9uSUQ9IiV7Tk9URFFVT1RFOmFzdGVyaXNrX3Nlc3Npb25faWR9IixMb2NhbEFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDp0YXJnZXRfaXB9LyV7TlVNQkVSOnRhcmdldF9wb3J0fSIsUmVtb3RlQWRkcmVzcz0iSVBWJXtOVU1CRVJ9LyhVRFB8VENQKS8le0lQT1JIT1NUOnNvdXJjZV9pcH0vJXtOVU1CRVI6c291cmNlX3BvcnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXN0ZXJpc2tfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gbWV0YTogc2Vzc2lvbl9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXNzaW9uX2lkCiAgICAgICAgLSBtZXRhOiBhc3Rlcmlza19zZXJ2aWNlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmFzdGVyaXNrX3NlcnZpY2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcWyV7REFUQTp0aW1lc3RhbXB9XF0gU0VDVVJJVFlcWyV7TlVNQkVSfVxdLiogU2VjdXJpdHlFdmVudD0iSW52YWxpZFBhc3N3b3JkIixFdmVudFRWPSIle0RBVEE6ZXZlbnRfdGltZXN0YW1wfSIsU2V2ZXJpdHk9IkVycm9yIixTZXJ2aWNlPSIle05PVERRVU9URTphc3Rlcmlza19zZXJ2aWNlfSIsRXZlbnRWZXJzaW9uPSIle05VTUJFUn0iLEFjY291bnRJRD0iJXtOT1REUVVPVEU6dXNlcm5hbWV9IixTZXNzaW9uSUQ9IiV7Tk9URFFVT1RFOmFzdGVyaXNrX3Nlc3Npb25faWR9IixMb2NhbEFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDp0YXJnZXRfaXB9LyV7TlVNQkVSOnRhcmdldF9wb3J0fSIsUmVtb3RlQWRkcmVzcz0iSVBWJXtOVU1CRVJ9LyhVRFB8VENQKS8le0lQT1JIT1NUOnNvdXJjZV9pcH0vJXtOVU1CRVI6c291cmNlX3BvcnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXN0ZXJpc2tfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gbWV0YTogc2Vzc2lvbl9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXNzaW9uX2lkCiAgICAgICAgLSBtZXRhOiBhc3Rlcmlza19zZXJ2aWNlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmFzdGVyaXNrX3NlcnZpY2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogYXN0ZXJpc2sKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCg==", "description": "Parse Asterisk logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/caddy-logs": { "path": "parsers/s01-parse/crowdsecurity/caddy-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "30bf81915d8254ab7611c156ddbe0cf389838d471f973403ae1b07fffa5b6d5a", "deprecated": false }, "0.2": { "digest": "482a3d592e742b54f80c4473259ff8e0d5c46a657f086814d6a13e985a550376", "deprecated": false }, "0.3": { "digest": "22abc6def6fb9c36fcc6bb021002fe0b471116eab16e86c56625cfeef668eb7d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBjYWRkeSBsb2dzLgpJdCBleHBlY3RzIHRoZSBkZWZhdWx0IGtleSB2YWx1ZXMgZm9yIGNhZGR5IGxvZ3MuCgpZb3UgbmVlZCB0byBzcGVjaWZ5IGNhZGR5IGNvbmZpZyB0byBlbmFibGUgbG9nZ2luZyBpbiBhIGZpbGU6CgpgYGBiYXNoCjo4MCB7CiAgICAgICAgIyBTZXQgdGhpcyBwYXRoIHRvIHlvdXIgc2l0ZSdzIGRpcmVjdG9yeS4KICAgICAgICByb290ICogL3Vzci9zaGFyZS9jYWRkeQoKICAgICAgICAjIEVuYWJsZSB0aGUgc3RhdGljIGZpbGUgc2VydmVyLgogICAgICAgIGZpbGVfc2VydmVyCgogICAgICAgICMgQW5vdGhlciBjb21tb24gdGFzayBpcyB0byBzZXQgdXAgYSByZXZlcnNlIHByb3h5OgogICAgICAgICMgcmV2ZXJzZV9wcm94eSBsb2NhbGhvc3Q6ODA4MAoKICAgICAgICAjIE9yIHNlcnZlIGEgUEhQIHNpdGUgdGhyb3VnaCBwaHAtZnBtOgogICAgICAgICMgcGhwX2Zhc3RjZ2kgbG9jYWxob3N0OjkwMDAKICAgICAgICBsb2cgewogICAgICAgICAgICAgICAgb3V0cHV0IGZpbGUgL3Zhci9sb2cvY2FkZHkvYWNjZXNzLmxvZwogICAgICAgIH0KfQoKYGBgCgpBbmQgdGhlbiBhZGQgaW4gYWNxdWlzaXRpb24gdGhpcyA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2NhZGR5L2FjY2Vzcy5sb2cKbGFiZWxzOgogIHR5cGU6IGNhZGR5CmBgYA==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2NhZGR5JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiMgZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9jYWRkeS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY2FkZHkgbG9ncyIKcGF0dGVybl9zeW50YXg6CiBDVVNUT01EQVRFOiAnJXtEQVk6ZGF5fSwgJXtNT05USERBWTptb250aGRheX0gJXtNT05USDptb250aH0gJXtZRUFSOnllYXJ9ICV7VElNRTp0aW1lfSAle1dPUkQ6dHp9Jwpub2RlczoKICAtIG5vZGVzOgogICAgLSBncm9rOgogICAgICAgIHBhdHRlcm46ICcle05PVFNQQUNFfSAle05PVFNQQUNFfSAle05PVFNQQUNFfSBcWyV7SFRUUERBVEU6dGltZXN0YW1wfVxdJXtEQVRBfScKICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICJjb21tb25fbG9nIikKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAtIGdyb2s6CiAgICAgICAgcGF0dGVybjogIiV7Q1VTVE9NREFURTp0aW1lc3RhbXB9IgogICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInJlc3BfaGVhZGVycy5EYXRlWzBdIikKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF5ICsgIiAiICsgZXZ0LlBhcnNlZC5tb250aCArICIgIiArIGV2dC5QYXJzZWQubW9udGhkYXkgKyAiICIgKyBldnQuUGFyc2VkLnRpbWUgKyAiLjAwMDAwMCIgKyAiICIgKyBldnQuUGFyc2VkLnllYXIKICAgIC0gZ3JvazoKICAgICAgICBwYXR0ZXJuOiAnJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn06JXtOVU1CRVJ9JwogICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInJlcXVlc3QucmVtb3RlX2FkZHIiKQogICAgLSBncm9rOgogICAgICAgIHBhdHRlcm46ICcle0lQT1JIT1NUOnJlbW90ZV9pcH0nCiAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LkxpbmUuUmF3LCAicmVxdWVzdC5yZW1vdGVfaXAiKQogICAgLSBncm9rOgogICAgICAgIHBhdHRlcm46ICdcWyIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9XCJdJwogICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInJlcXVlc3QuaGVhZGVycy5Vc2VyLUFnZW50IikKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlbW90ZV9hZGRyCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVtb3RlX2lwCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LkxpbmUuUmF3LCAic3RhdHVzIikKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LkxpbmUuUmF3LCAicmVxdWVzdC51cmkiKQogIC0gcGFyc2VkOiB2ZXJiCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICJyZXF1ZXN0Lm1ldGhvZCIpCiAgLSBtZXRhOiBodHRwX3ZlcmIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInJlcXVlc3QubWV0aG9kIikKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQKICAtIG1ldGE6IHRhcmdldF9mcWRuCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICJyZXF1ZXN0Lmhvc3QiKQogIC0gbWV0YTogc3ViX3R5cGUKICAgIGV4cHJlc3Npb246ICJKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICdzdGF0dXMnKSA9PSAnNDAxJyAmJiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICdyZXF1ZXN0LmhlYWRlcnMuQXV0aG9yaXphdGlvblswXScpIHN0YXJ0c1dpdGggJ0Jhc2ljICcgPyAnYXV0aF9mYWlsJyA6ICcnIg==", "description": "Parse caddy logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cowrie-logs": { "path": "parsers/s01-parse/crowdsecurity/cowrie-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "4ebcf38bef1106ba94ccf6aa575958695de12fa1278b25dddb76cfdce93b553b", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNvd3JpZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY293cmllIGhvbmV5cG90cyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nvd3JpZSciCmdyb2s6CiAgbmFtZTogIkNPV1JJRV9ORVdfQ08iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVsbmV0CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiB0ZWxuZXRfbmV3X3Nlc3Npb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogZGVzdF9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogICAgLSBtZXRhOiBkZXN0X3BvcnQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0IgogICAgLSBwYXJzZWQ6ICJ0ZWxuZXRfc2Vzc2lvbiIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGVsbmV0X3Nlc3Npb24i", "description": "Parse cowrie honeypots logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cpanel-logs": { "path": "parsers/s01-parse/crowdsecurity/cpanel-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "1ff320cb8be4b2ed7e02f2614277d32fcfe8ee60058f6480bb3ab4ff53125ae0", "deprecated": false }, "0.2": { "digest": "38155a2c95c77f26ae07f1718f01eb0fbf946b7dde10f50d375d6b82095807cb", "deprecated": false }, "0.3": { "digest": "66ff0528cc940645a2a1e07894b048d52c9eb02341f6e2abe8756e70ae36f870", "deprecated": false }, "0.4": { "digest": "3ce770d729d896d39598fa0f2d560edf900a05dbcd4f9a460e35a987f8eca8cf", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBjcGFuZWwgbG9ncy4g", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnY3BhbmVsJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9jcGFuZWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIENwYW5lbCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBOT19ET1VCTEVfUVVPVEU6ICdbXiJdKycKICBDUEFORUxfSEVBREVSOiBcWyV7REFUQTpkYXRlfSBcK1swLTldK1xdIGluZm8gXFsoY3BhbmVsZHx3aG9zdG1ncmQpXF0gJXtJUDpyZW1vdGVfYWRkcn0gLSAle05PVFNQQUNFOnVzZXJuYW1lfSAiJXtXT1JEOnZlcmJ9ICV7VVJJUEFUSFBBUkFNOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIKbm9kZXM6CiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJyV7Q1BBTkVMX0hFQURFUn0gRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGJydXRlIGZvcmNlIGF0dGVtcHQgXCh1c2VyICV7REFUQX1cKSBoYXMgbG9ja2VkIG91dCBJUCAle0lQfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9hdHRlbXB0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAnJXtDUEFORUxfSEVBREVSfSBGQUlMRUQgTE9HSU4gY3BhbmVsZDogYnJ1dGUgZm9yY2UgYXR0ZW1wdCBcKHVzZXIgJXtEQVRBOnRhcmdldF91c2VyfVwpIGhhcyBsb2NrZWQgb3V0IElQICV7SVB9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBhdXRoX2JmX2xvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJyV7Q1BBTkVMX0hFQURFUn0gRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGludmFsaWQgY3BhbmVsIHVzZXIgJXtEQVRBOnRhcmdldF91c2VyfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogCiAgICAgIHBhdHRlcm46ICcle0NQQU5FTF9IRUFERVJ9IEZBSUxFRCBMT0dJTiBjcGFuZWxkOiAle0RBVEE6dGFyZ2V0X3VzZXJ9IGxvZ2luIGlzIG5vdCBwZXJtaXR0ZWQgdG8gY3BhbmVsZCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogCiAgICAgIHBhdHRlcm46ICcle0NQQU5FTF9IRUFERVJ9IEZBSUxFRCBMT0dJTiB3aG9zdG1ncmQ6IGxvZ2luIGF0dGVtcHQgdG8gd2htIGJ5IGEgbm9uLXJlc2VsbGVyL3Jvb3QnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGF1dGhfYmZfbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAnJXtDUEFORUxfSEVBREVSfSBGQUlMRUQgTE9HSU4gd2hvc3RtZ3JkOiB1c2VyIHBhc3N3b3JkIGluY29ycmVjdCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogIyBzZWUgaHR0cHM6Ly9kb2NzLmNwYW5lbC5uZXQva25vd2xlZGdlLWJhc2UvY3BhbmVsLXByb2R1Y3QvdGhlLWNwYW5lbC1sb2ctZmlsZXMvCiAgICAgIHBhdHRlcm46ICcle0lQOnJlbW90ZV9hZGRyfSAtICV7Tk9UU1BBQ0U6dXNlcm5hbWV9IFxbJXtEQVRFfTole1RJTUV9ICV7SVNPODYwMV9USU1FWk9ORX1cXSAiJXtXT1JEOnZlcmJ9ICV7VVJJUEFUSFBBUkFNOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtJTlQ6c3RhdHVzfSAle0lOVDpyZXF1ZXN0X2JvZHlfbGVuZ3RofSAiJXtOT1RTUEFDRTpodHRwX3JlZmVyZXJ9IiAiJXtOT19ET1VCTEVfUVVPVEU6aHR0cF91c2VyX2FnZW50fSIgIiV7Tk9fRE9VQkxFX1FVT1RFOmF1dGhfbWV0aG9kfSIgIiV7Tk9fRE9VQkxFX1FVT1RFOnhfZm9yd2FyZGVkX2Zvcn0iICV7TlVNQkVSOnNlcnZlcl9wb3J0fScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IHVzZXJuYW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSI=", "description": "Parse Cpanel logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cri-logs": { "path": "parsers/s00-raw/crowdsecurity/cri-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "3818208420042396bc2ed0d75dee43d6651c5979b351642128d11ce8360f7347", "deprecated": false } }, "long_description": "IyBDUkkgbG9nIGZvcm1hdCBwYXJzZXIKClRoaXMgaXMgdGhlIGRlZmF1bHQgQ1JJIGxvZ3MgZm9ybWF0IHBhcnNlci4KSXQgd29ya3Mgb24ga3ViZXJuZXRlcyB1c2luZyBjb250YWluZXJkLgoKIyMgcmVxdWlyZW1lbnRzCgpXaGVuIHVzaW5nIHRoaXMgcGFyc2VyLCB5b3UgbmVlZCB0byBzcGVjaWZ5IGluIHlvdXIgYGFjcXVpcy55YW1sYCB0eXBlIGFuZCBwcm9ncmFtLiBTbyB5b3VyIGxvZyB3aWxsIGJlIGV4dHJhY3RlZCBhbmQgdGhlbiBzZW50IHRvIHRoZSBwcm9wZXIgbmV4dCBwYXJzZXIgdXNpbmcgdGhlIHByb2dyYW0ga2V5LgoKZXhhbXBsZTogCgpgYGB5YW1sCmxhYmVsczoKIHR5cGU6IGNvbnRhaW5lcmQKIHByb2dyYW06IG5naW54CmBgYAo=", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLnR5cGUgPT0gJ2NvbnRhaW5lcmQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9jcmktbG9ncwpkZXNjcmlwdGlvbjogQ1JJIGxvZ2dpbmcgZm9ybWF0IHBhcnNlcgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtUSU1FU1RBTVBfSVNPODYwMTpjcmlfdGltZXN0YW1wfSAle1dPUkQ6c3RyZWFtfSAle1dPUkQ6bG9ndGFnfSAle0dSRUVEWURBVEE6bWVzc2FnZX0iCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwpzdGF0aWNzOgogIC0gcGFyc2VkOiAibG9nc291cmNlIgogICAgdmFsdWU6ICJjcmkiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNyaV90aW1lc3RhbXAKICAtIHBhcnNlZDogcHJvZ3JhbQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTGFiZWxzLnByb2dyYW0KICAtIG1ldGE6IGRhdGFzb3VyY2VfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuU3JjCiAgLSBtZXRhOiBkYXRhc291cmNlX3R5cGUKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLk1vZHVsZQ==", "description": "CRI logging format parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dateparse-enrich": { "path": "parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "16b79f7ef39d0c5e71180cff559b0e2ef98983f2009b5f26d778509e897f94d4", "deprecated": false }, "0.2": { "digest": "3f51a6c389bbf1c38f49d8824b6bffd9a265d0fa78a98af71628256019847951", "deprecated": false } }, "long_description": "UGFyc2VzIHRpbWVzdGFtcCBzdHJpbmdzIGluIGxvZ3MgdG8gYmUgdXNlZCBpbiBbZm9yZW5zaWMgbW9kZV0oaHR0cHM6Ly9kb2MuY3Jvd2RzZWMubmV0L0Nyb3dkc2VjL3YxL3VzZXJfZ3VpZGUvZm9yZW5zaWNfbW9kZS8pLiBUaGUgZm9sbG93aW5nIGZvcm1hdHMgYXJlIGN1cnJlbnRseSBzdXBwb3J0ZWQgOgoKIC0gUkZDMzMzOQogLSBgMDIvSmFuLzIwMDY6MTU6MDQ6MDUgLTA3MDBgCiAtIGBNb24gSmFuIDIgMTU6MDQ6MDUgMjAwNmAKIC0gYDAyLUphbi0yMDA2IDE1OjA0OjA1IGV1cm9wZS9wYXJpc2AKIC0gYDAxLzAyLzIwMDYgMTU6MDQ6MDVgCiAtIGAyMDA2LTAxLTAyIDE1OjA0OjA1Ljk5OTk5OTk5OSAtMDcwMCBNU1RgCiAtIGBKYW4gIDIgMTU6MDQ6MDVgCiAtIGBNb24gSmFuIDAyIDE1OjA0OjA1LjAwMDAwMCAyMDA2YAogLSBgMjAwNi0wMS0wMlQxNTowNDowNVowNzowMGAKIC0gYDIwMDYvMDEvMDJgCiAtIGAyMDA2LzAxLzAyIDE1OjA0YAogLSBgMjAwNi0wMS0wMmAKIC0gYDIwMDYtMDEtMDIgMTU6MDRgCgpUaGUgYFN0clRpbWVgIGl0ZW0gb2YgdGhlIGV2ZW50IGlzIHBhcnNlZCBieSBkZWZhdWx0LiBTZWUgW2Nyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3NdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb25maWd1cmF0aW9ucy9zeXNsb2ctbG9ncykgYXMgYW4gZXhhbXBsZSBvZiBhIHBhcnNlciBzZXR0aW5nIHRoaXMgZmllbGQgZm9yIGBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2hgLgo=", "content": "ZmlsdGVyOiAiZXZ0LlN0clRpbWUgIT0gJyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaAojZGVidWc6IHRydWUKI2l0J3MgYSBoYWNrIGxvbApzdGF0aWNzOgogIC0gbWV0aG9kOiBQYXJzZURhdGUKICAgIGV4cHJlc3Npb246IGV2dC5TdHJUaW1lCiAgLSB0YXJnZXQ6IE1hcnNoYWxlZFRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1lCiAgLSBtZXRhOiB0aW1lc3RhbXAKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1l", "author": "crowdsecurity", "labels": null }, "crowdsecurity/docker-logs": { "path": "parsers/s00-raw/crowdsecurity/docker-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "b4f5459826ae22b000239839f51c82b0358625f71416f9ef2540719eb791a746", "deprecated": false } }, "long_description": "IyBEb2NrZXIgcGFyc2VyCgpUaGlzIGlzIHRoZSBkZWZhdWx0IGRvY2tlciBqc29uIGxvZ3MgZm9ybWF0IHBhcnNlci4KSXQgd29ya3Mgb24ga3ViZXJuZXRlcyB1c2luZyBkb2NrZXIuCgojIyByZXF1aXJlbWVudHMKCldoZW4gdXNpbmcgdGhpcyBwYXJzZXIsIHlvdSBuZWVkIHRvIHNwZWNpZnkgaW4geW91ciBgYWNxdWlzLnlhbWxgIHR5cGUgYW5kIHByb2dyYW0uIFNvIHlvdXIgbG9nIHdpbGwgYmUgZXh0cmFjdGVkIGFuZCB0aGVuIHNlbnQgdG8gdGhlIHByb3BlciBuZXh0IHBhcnNlciB1c2luZyB0aGUgcHJvZ3JhbSBrZXkuCgpleGFtcGxlOiAKCmBgYHlhbWwKbGFiZWxzOgogdHlwZTogZG9ja2VyCiBwcm9ncmFtOiBuZ2lueApgYGAK", "content": "I0lmIGl0J3MgZG9ja2VyLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBsb2cgbGluZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdkb2NrZXInIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9kb2NrZXItbG9ncwpkZXNjcmlwdGlvbjogZG9ja2VyIGpzb24gbG9ncyBwYXJzZXIKc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInRpbWUiKQogIC0gcGFyc2VkOiBtZXNzYWdlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdFVuZXNjYXBlKGV2dC5MaW5lLlJhdywgImxvZyIpCiAgLSBwYXJzZWQ6IHByb2dyYW0KICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLkxhYmVscy5wcm9ncmFt", "description": "docker json logs parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dovecot-logs": { "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42", "deprecated": false }, "0.2": { "digest": "e1fdf543acd0fb44d6db33368c5250d4667a5c2283c8310fd0fd6f87a820276a", "deprecated": false }, "0.3": { "digest": "58047a5c1f160cf95b7156eeaf9f17428f8bb8a070776f6ea6531c4110e2aa6e", "deprecated": false }, "0.4": { "digest": "2fdc9cb6499f83dcda7897cb05bfbe7639938980986b32b5f37adc4b2f7594c9", "deprecated": false } }, "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9OiB1c2VyPTwle0RBVEE6ZG92ZWNvdF91c2VyfT4uKiwgcmlwPSV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LCBsaXA9JXtJUDpkb3ZlY290X2xvY2FsX2lwfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJhdXRoLXdvcmtlclxcKCV7SU5UfVxcKTogcGFtXFwoJXtEQVRBOmRvdmVjb3RfdXNlcn0sJXtJUDpkb3ZlY290X3JlbW90ZV9pcH0sPyV7REFUQX1cXCk6ICgle0RBVEF9OiApPyV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9JCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJhdXRoLXdvcmtlclxcKCV7SU5UfVxcKTogY29ubiB1bml4OmF1dGgtd29ya2VyIFxcKHBpZD0le0lOVH0sdWlkPSV7SU5UfVxcKTogYXV0aC13b3JrZXI8JXtJTlR9PjogcGFtXFwoJXtEQVRBOmRvdmVjb3RfdXNlcn0sJXtJUDpkb3ZlY290X3JlbW90ZV9pcH0sPyV7REFUQX1cXCk6ICgle0RBVEF9OiApPyV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9JCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGRvdmVjb3RfbG9ncwogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZG92ZWNvdF9yZW1vdGVfaXAiCiAgICAtIG1ldGE6IGRvdmVjb3RfbG9naW5fcmVzdWx0CiAgICAgIGV4cHJlc3Npb246ICJhbnkoWydBdXRoZW50aWNhdGlvbiBmYWlsdXJlJywgJ3Bhc3N3b3JkIG1pc21hdGNoJywgJ2F1dGggZmFpbGVkJywgJ3Vua25vd24gdXNlciddLCB7ZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX21lc3NhZ2UgY29udGFpbnMgI30pID8gJ2F1dGhfZmFpbGVkJyA6ICcnIgo=", "description": "Parse dovecot logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dropbear-logs": { "path": "parsers/s01-parse/crowdsecurity/dropbear-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "316bce3c9bfd35900b9a4d668189fa733a2a91d65f3725337c085ac18af51d38", "deprecated": false }, "0.2": { "digest": "1bc1ef9778e3d75213ab3475e51107516b6b176783533f3855a9d37940828015", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBkcm9wYmVhciBTU0ggc2VydmVyLg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZHJvcGJlYXInIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Ryb3BiZWFyLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkcm9wYmVhciBsb2dzIgpub2RlczoKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAiQmFkIFBBTSBwYXNzd29yZCBhdHRlbXB0IGZvciAnJXtEQVRBOnVzZXJ9JyBmcm9tICV7SVA6c291cmNlX2lwfTole0lOVDpwb3J0fSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAiTG9naW4gYXR0ZW1wdCBmb3Igbm9uZXhpc3RlbnQgdXNlciBmcm9tICV7SVA6c291cmNlX2lwfTole0lOVDpwb3J0fSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBkcm9wYmVhcgogIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgK", "description": "Parse dropbear logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/endlessh-logs": { "path": "parsers/s01-parse/crowdsecurity/endlessh-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "dc1affad319badddf95ad1a16bf633b6fd70ed02db0e490dc0540eef47576f2a", "deprecated": false }, "0.2": { "digest": "ca022caa2de3a13101bea25006686a4d92ffb0e7bd558e44d215f481526632f1", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdlbmRsZXNzaCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEVuZGxlc3NoIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIEVORExFU1NIX0FDQ0VQVF9WNDogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSBBQ0NFUFQgaG9zdD0oOjpmZmZmOik/JXtJUFY0OnNvdXJjZV9pcH0gIgogIEVORExFU1NIX0FDQ0VQVF9WNjogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSBBQ0NFUFQgaG9zdD0le0lQVjY6c291cmNlX2lwfSAiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGVuZGxlc3NoCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCg==", "description": "Parse Endlessh logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-imap-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-imap-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "13a7780e3f01839342580cb6845342ad612f06b34b35f540f0e31c7509999da2", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1pbWFwJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWltYXAtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4Y2hhbmdlIElNQVAgbG9ncyIKI2RhdGVUaW1lLHNlc3Npb25JZCxzZXFOdW1iZXIsc0lwLGNJcCx1c2VyLGR1cmF0aW9uLHJxc2l6ZSxycHNpemUsY29tbWFuZCxwYXJhbWV0ZXJzLGNvbnRleHQscHVpZAojMjAyMi0wNi0xNlQwOTo0MToyMS4wOTRaLDAwMDAwMDAwMDAwMDAwNEIsMiwxOTIuMTY4LjkuMjQxOjk5MywxOTIuMTY4LjkuMjEyOjQ5MDE2LGZvb2JhciwzNCwzMSwzMSxhdXRoZW50aWNhdGUsUExBSU4sIlI9IiIyIE5PIEFVVEhFTlRJQ0FURSBmYWlsZWQuIiI7TXNnPSIiQXV0aEZhaWxlZDpMb2dvbkRlbmllZCxVc2VyOiBmb29iYXIiIjtFcnJNc2c9QXV0aEZhaWxlZDpMb2dvbkRlbmllZCIsCmdyb2s6CiAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0sJXtEQVRBOnNlc3Npb25faWR9LCV7SU5UOnNlcXVlbmNlX251bWJlcn0sJXtJUE9SSE9TVDpzZXJ2ZXJfaXB9OiV7SU5UOnNlcnZlcl9wb3J0fSwle0lQT1JIT1NUOmNsaWVudF9pcH06JXtJTlQ6Y2xpZW50X3BvcnR9LCV7REFUQTp1c2VybmFtZX0sJXtJTlQ6ZHVyYXRpb259LCV7SU5UOnJxc2l6ZX0sJXtJTlQ6cnBzaXplfSwle1dPUkQ6Y29tbWFuZH0sJXtEQVRBOnBhcmFtZXRlcnN9LCV7REFUQX1BdXRoRmFpbGVkOkxvZ29uRGVuaWVkXCIsJXtEQVRBOnB1aWR9PyIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogaW1hcAogIC0gbWV0YTogc3ViX3R5cGUKICAgIHZhbHVlOiBhdXRoX2ZhaWw=", "description": "Parse exchange IMAP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-pop-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-pop-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "a63be634585ef106f64781029c01f4fc8bfc77bb277a70775c73c181a467894f", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1wb3AnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvZXhjaGFuZ2UtcG9wLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBleGNoYW5nZSBQT1AgbG9ncyIKI2RhdGVUaW1lLHNlc3Npb25JZCxzZXFOdW1iZXIsc0lwLGNJcCx1c2VyLGR1cmF0aW9uLHJxc2l6ZSxycHNpemUsY29tbWFuZCxwYXJhbWV0ZXJzLGNvbnRleHQscHVpZAojMjAyMi0wNi0yMFQwMDowMzo0OC41MzFaLDAwMDAwMDAwMDAwMDFFODYsMSwxOTIuMTY4LjkuMjQxOjk5NSwxOTIuMTY4LjkuMjEyOjMzNTI2LHRlc3R1c2VyLDE3MSwyMSw2OSxhdXRoLCBQTEFJTiwiUj0iIi1FUlIgQXV0aGVudGljYXRpb24gZmFpbHVyZTogdW5rbm93biB1c2VyIG5hbWUgb3IgYmFkIHBhc3N3b3JkLiIiO01zZz0iIkF1dGhGYWlsZWQ6TG9nb25EZW5pZWQsVXNlcjogdGVzdHVzZXIiIjtFcnJNc2c9QXV0aEZhaWxlZDpMb2dvbkRlbmllZCIsCmdyb2s6CiAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0sJXtEQVRBOnNlc3Npb25faWR9LCV7SU5UOnNlcXVlbmNlX251bWJlcn0sJXtJUE9SSE9TVDpzZXJ2ZXJfaXB9OiV7SU5UOnNlcnZlcl9wb3J0fSwle0lQT1JIT1NUOmNsaWVudF9pcH06JXtJTlQ6Y2xpZW50X3BvcnR9LCV7REFUQTp1c2VybmFtZX0sJXtJTlQ6ZHVyYXRpb259LCV7SU5UOnJxc2l6ZX0sJXtJTlQ6cnBzaXplfSwle1dPUkQ6Y29tbWFuZH0sJXtEQVRBOnBhcmFtZXRlcnN9LCV7REFUQX1BdXRoRmFpbGVkOkxvZ29uRGVuaWVkXCIsJXtEQVRBOnB1aWR9PyIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogcG9wCiAgLSBtZXRhOiBzdWJfdHlwZQogICAgdmFsdWU6IGF1dGhfZmFpbA==", "description": "Parse exchange POP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-smtp-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-smtp-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "158fe6b19f9cc5b900de750c43522a86e68691156e489e1922b7c89e6f9300fe", "deprecated": false }, "0.2": { "digest": "a9aff504ce013489311d4c85e6fe4f7594326e6351a7c024c93cd15950f66c09", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGV4Y2hhbmdlIFNNVFAgcHJvdG9jb2wgbG9ncy4KCg==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1zbXRwJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLXNtdHAtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4Y2hhbmdlIFNNVFAgbG9ncyIKI2RhdGUtdGltZSxjb25uZWN0b3ItaWQsc2Vzc2lvbi1pZCxzZXF1ZW5jZS1udW1iZXIsbG9jYWwtZW5kcG9pbnQscmVtb3RlLWVuZHBvaW50LGV2ZW50LGRhdGEsY29udGV4dAojMjAyMi0wNC0yOFQxMzoyNDo1MC4yMDBaLEVYQ0hBTkdFLTFcRGVmYXVsdCBGcm9udGVuZCBFWENIQU5HRS0xLDA4REEyOEE5QUY2NzEyNjcsMTUsMTkyLjE2OC45LjI0MToyNSwxOTIuMTY4LjkuMjEyOjI4NjU3LD4sNTM1IDUuNy4zIEF1dGhlbnRpY2F0aW9uIHVuc3VjY2Vzc2Z1bCwKZ3JvazoKICBwYXR0ZXJuOiAiJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRlfSwle0RBVEE6Y29ubmVjdG9yX2lkfSwle0RBVEE6c2Vzc2lvbl9pZH0sJXtJTlQ6c2VxdWVuY2VfbnVtYmVyfSwle0lQT1JIT1NUOnNlcnZlcl9pcH06JXtJTlQ6c2VydmVyX3BvcnR9LCV7SVBPUkhPU1Q6Y2xpZW50X2lwfTole0lOVDpjbGllbnRfcG9ydH0sJXtEQVRBOmV2ZW50fSwle0lOVDpzbXRwX2NvZGV9IFteIF0rICV7REFUQTpzbXRwX21lc3NhZ2V9LCIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzbXRwX21lc3NhZ2UKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc210cF9tZXNzYWdlCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc210cAogIC0gbWV0YTogc3ViX3R5cGUKICAgIHZhbHVlOiBhdXRoX2ZhaWw=", "description": "Parse exchange SMTP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/fastly-logs": { "path": "parsers/s01-parse/crowdsecurity/fastly-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "8d1cbf3514b3e7f0ff31ab725befdfdd8d2393392450f407937b80456b168b5a", "deprecated": false }, "0.2": { "digest": "b344fa353c085e6651526716184ac7b4299f62ed7fd39163884b1bf865a80230", "deprecated": false }, "0.3": { "digest": "b8dcd888169ab2b9efed507a4d977b3bc7925f4ab834a6765899f0636733f5e5", "deprecated": false }, "0.4": { "digest": "6e34459bf59e89b72e72598605b8c39ef91ac9fcf2b655d02ec56dfc60059ab0", "deprecated": false }, "0.5": { "digest": "7bddb9e5d4eac138276f8e8af31b460f5fd10c0d62977746a78d8d74edda0de7", "deprecated": false }, "0.6": { "digest": "b27ea9a9c982e9f907574456973364fc5b91ea85cebbfbf6ab43f74a51d5064d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBmYXN0bHkgbG9ncyB3aXRoIGRlZmF1bHQgZm9ybWF0IFsoc2VlIGZhc2x0eSBkb2N1bWVudGF0aW9uKV0oaHR0cHM6Ly9kb2NzLmZhc3RseS5jb20vZW4vZ3VpZGVzL2ludGVncmF0aW9ucyNfbG9nZ2luZy1lbmRwb2ludHMpCgoqKk1hbmRhdG9yeSoqIFlvdSBuZWVkIHRvIGFkZCB0aG9zZSBsYWJlbHMgb24gdGhlIGFjcXVpc2l0aW9uOgpgYGB5YW1sCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKICBleHRlcm5hbF9mb3JtYXQ6IGZhc3RseQpgYGA=", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLmV4dGVybmFsX2Zvcm1hdCA9PSAnZmFzdGx5JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2Zhc3RseS1sb2dzCmRlc2NyaXB0aW9uOiBmYXN0bHkgbG9ncyBwYXJzZXIKcGF0dGVybl9zeW50YXg6CiAgRE9VQkxFX05VTTogIlswLTldezJ9Igpncm9rOgogIHBhdHRlcm46ICIle0dSRUVEWURBVEE6ZmFzdGx5X3RpbWVzdGFtcH1cXCsle0RPVUJMRV9OVU06dHpfcGFydDF9JXtET1VCTEVfTlVNOnR6X3BhcnQyfSIKICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJ0aW1lc3RhbXAiKQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmZhc3RseV90aW1lc3RhbXAgKyAiLjAwKyIgKyBldnQuUGFyc2VkLnR6X3BhcnQxICsgIjoiICsgZXZ0LlBhcnNlZC50el9wYXJ0MgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJjbGllbnRfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInVybCIpCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInVybCIpCiAgLSBwYXJzZWQ6IHZlcmIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfbWV0aG9kIikKICAtIG1ldGE6IHZlcmIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfbWV0aG9kIikKICAtIHBhcnNlZDogaHR0cF9yZWZlcmVyCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJyZXF1ZXN0X3JlZmVyZXIiKQogIC0gcGFyc2VkOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfdXNlcl9hZ2VudCIpCiAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfdXNlcl9hZ2VudCIpCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicmVzcG9uc2Vfc3RhdHVzIikKICAtIHBhcnNlZDogYm9keV9ieXRlc19zZW50CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJyZXNwb25zZV9ib2R5X3NpemUiKQ==", "description": "fastly logs parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/geoip-enrich": { "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6", "deprecated": false }, "0.2": { "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765", "deprecated": false } }, "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9jcm93ZHNlYy1zdGF0aWNzLWFzc2V0cy5zMy1ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9HZW9MaXRlMi1BU04ubW1kYikKCg==", "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2Nyb3dkc2VjLXN0YXRpY3MtYXNzZXRzLnMzLWV1LXdlc3QtMS5hbWF6b25hd3MuY29tL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=", "description": "Populate event with geoloc info : as, country, coords, source range.", "author": "crowdsecurity", "labels": null }, "crowdsecurity/haproxy-logs": { "path": "parsers/s01-parse/crowdsecurity/haproxy-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "a2bca50192c0623d8d553882fbac0f6fa1d6dc824804aa0a5ca7559ed65321f4", "deprecated": false }, "0.2": { "digest": "2257440ad5cba6a7c48c7e57a0d30a97b38656927fa18a0f7289d05042035cb4", "deprecated": false }, "0.3": { "digest": "e40b4e552cf417be4bd57f3cb452af057a8872dc16a35a51eb3bb38726bf6dd6", "deprecated": false }, "0.4": { "digest": "029545297f7d2beab8f98ad471ef15fd6165e86e645aface54cb9d8b522ab08e", "deprecated": false }, "0.5": { "digest": "6f69723dc68203b323f67e4d35490a08564806dcd9a37f50d42cf5f8e04e6143", "deprecated": false }, "0.6": { "digest": "57a1868b20758955034ef5005f136535403991f0959a44d5ccbdeb87dab901e2", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2hhcHJveHknIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9oYXByb3h5LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBoYXByb3h5IGh0dHAgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtJUDpjbGllbnRfaXB9OiV7SU5UOmNsaWVudF9wb3J0fSBcWyV7SEFQUk9YWURBVEU6YWNjZXB0X2RhdGV9XF0gJXtOT1RTUEFDRTpmcm9udGVuZF9uYW1lfSAle05PVFNQQUNFOmJhY2tlbmRfbmFtZX0vJXtOT1RTUEFDRTpzZXJ2ZXJfbmFtZX0gJXtJTlQ6dGltZV9yZXF1ZXN0fS8le0lOVDp0aW1lX3F1ZXVlfS8le0lOVDp0aW1lX2JhY2tlbmRfY29ubmVjdH0vJXtJTlQ6dGltZV9iYWNrZW5kX3Jlc3BvbnNlfS8le05PVFNQQUNFOnRpbWVfZHVyYXRpb259ICV7SU5UOmh0dHBfc3RhdHVzX2NvZGV9ICV7Tk9UU1BBQ0U6Ynl0ZXNfcmVhZH0gJXtEQVRBOmNhcHR1cmVkX3JlcXVlc3RfY29va2llfSAle0RBVEE6Y2FwdHVyZWRfcmVzcG9uc2VfY29va2llfSAle05PVFNQQUNFOnRlcm1pbmF0aW9uX3N0YXRlfSAle0lOVDphY3Rjb25ufS8le0lOVDpmZWNvbm59LyV7SU5UOmJlY29ubn0vJXtJTlQ6c3J2Y29ubn0vJXtOT1RTUEFDRTpyZXRyaWVzfSAle0lOVDpzcnZfcXVldWV9LyV7SU5UOmJhY2tlbmRfcXVldWV9IChceyV7SEFQUk9YWUNBUFRVUkVEUkVRVUVTVEhFQURFUlN9XH0pPyggKT8oXHsle0hBUFJPWFlDQVBUVVJFRFJFU1BPTlNFSEVBREVSU31cfSk/KCApPyIoPEJBRFJFUT58KCV7V09SRDpodHRwX3ZlcmJ9ICgle1VSSVBST1RPOmh0dHBfcHJvdG99Oi8vKT8oPzole1VTRVI6aHR0cF91c2VyfSg/OjpbXkBdKik/QCk/KD86JXtVUklIT1NUOmh0dHBfaG9zdH0pPyg/OiV7VVJJUEFUSFBBUkFNOmh0dHBfcmVxdWVzdH0pPyggSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259KT8pKT8iJwogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgI0hBUFJPWFlEQVRFIGZvcm1hdCBpcyB1bmtub3duIHRvIGRhdGVwYXJzZSwgbGV0IGNvbnZlcnQgaXQgdG8gYSBmb3JtYXQgd2Uga25vdyB0byBwYXJzZQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5oYXByb3h5X21vbnRoZGF5ICsgJy8nICsgZXZ0LlBhcnNlZC5oYXByb3h5X21vbnRoICAgKyAnLycgKyBldnQuUGFyc2VkLmhhcHJveHlfeWVhciAgKyAnOicgKyAgIGV2dC5QYXJzZWQuaGFwcm94eV9ob3VyICsgJzonICsgZXZ0LlBhcnNlZC5oYXByb3h5X21pbnV0ZSArICc6JyArICBldnQuUGFyc2VkLmhhcHJveHlfc2Vjb25kWzA6Ml0gKyAnIC0wMDAwJwogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5jbGllbnRfaXAKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3JlcXVlc3QKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmh0dHBfc3RhdHVzX2NvZGUKICAtIHBhcnNlZDogcmVxdWVzdAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3JlcXVlc3QKICAtIHBhcnNlZDogdmVyYgogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3ZlcmIK", "description": "Parse haproxy http logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/home-assistant-logs": { "path": "parsers/s01-parse/crowdsecurity/home-assistant-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "4963cadd8ae936d9104861b383d215a94aed622b1db481a3fe79ea9e7db359bf", "deprecated": false }, "0.2": { "digest": "aee629922e77d2bc2f2c1cd5ec3b646dcafe6c6856c8195b4340584c29d23ef2", "deprecated": false }, "0.3": { "digest": "7382fc2e6129877aa66f5728d8c93c1007d85e1976d7412140581c97a368d940", "deprecated": false }, "0.4": { "digest": "71208b25e33cef30e88cdf0c701b92460c37d8c140be2e769856a8a6292669c5", "deprecated": false }, "0.5": { "digest": "8d6c5ea97042f540faac45456240bc277257e1fdb331cc7cc7d9590804ffcb94", "deprecated": false } }, "long_description": "SG9tZSBhc3Npc3RhbnQgYXV0aGVudGljYXRpb24gZmFpbHVyZSBwYXJzZXIuCgpTdXBwb3J0cyBob21lYXNzaXN0YW50IGRvY2tlciBpbWFnZSBhbmQgSGFzc09TIGxvZ3Mu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaG9tZS1hc3Npc3RhbnQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEhvbWUgQXNzaXN0YW50IGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnaG9tZS1hc3Npc3RhbnQnIG9yIGV2dC5QYXJzZWQucHJvZ3JhbSBlbmRzV2l0aCAnaG9tZWFzc2lzdGFudCciCnBhdHRlcm5fc3ludGF4OgogIFRJTUVTVEFNUDogJyV7WUVBUn0tJXtNT05USE5VTX0tJXtNT05USERBWX0gJXtIT1VSfTole01JTlVURX06JXtTRUNPTkR9Jwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUDp0aW1lfSBXQVJOSU5HIFxcKCV7REFUQTp0aHJlYWROYW1lfVxcKSBcXFtob21lYXNzaXN0YW50LmNvbXBvbmVudHMuaHR0cC5iYW5cXF0gTG9naW4gYXR0ZW1wdCBvciByZXF1ZXN0IHdpdGggaW52YWxpZCBhdXRoZW50aWNhdGlvbiBmcm9tICV7REFUQTpzb3VyY2VfcmRuc30gXFwoJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFwpLiBcXCgle0dSRUVEWURBVEE6aHR0cF91c2VyX2FnZW50fVxcKSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaG9tZS1hc3Npc3RhbnRfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUDp0aW1lfSBXQVJOSU5HIFxcKCV7REFUQTp0aHJlYWROYW1lfVxcKSBcXFtob21lYXNzaXN0YW50LmNvbXBvbmVudHMuaHR0cC5iYW5cXF0gTG9naW4gYXR0ZW1wdCBvciByZXF1ZXN0IHdpdGggaW52YWxpZCBhdXRoZW50aWNhdGlvbiBmcm9tICV7REFUQTpzb3VyY2VfcmRuc30gXFwoJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFwpLiBSZXF1ZXN0ZWQgVVJMOiAnJXtHUkVFRFlEQVRBOnVybH0nLiBcXCgle0dSRUVEWURBVEE6aHR0cF91c2VyX2FnZW50fVxcKSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaG9tZS1hc3Npc3RhbnRfZmFpbGVkX2F1dGgKc3RhdGljczoKICAtIHRhcmdldDogU3RyVGltZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZSIKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAtIG1ldGE6IHNvdXJjZV9yZG5zCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfcmRucyIK", "description": "Parse Home Assistant logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/http-logs": { "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml", "stage": "s02-enrich", "version": "0.9", "versions": { "0.1": { "digest": "d11c01b85927959d1619735c6ac09f260008211edcbf496db0d01b0bd93c5be2", "deprecated": false }, "0.2": { "digest": "1274d4a8afd04f96fa0adb03f661ba4a7771cd0be84cf33d1b405881d07c5f0e", "deprecated": false }, "0.3": { "digest": "26d3a09d652bd0024ceb1b51a864183367d7391fa33c87db5274c1e47c072999", "deprecated": false }, "0.4": { "digest": "ba77a9a5e6b979b9e8d327946aea0a42eed1f035766b80aab2c2a43fb7cf3c13", "deprecated": false }, "0.5": { "digest": "132938d05f1af484c29088b588aaa86a329a2e677842e17c255295fb47532990", "deprecated": false }, "0.6": { "digest": "57d5b2535d46a2fa6a738917d9e2e64924f5e0090d3c75f2a7c44ad8db36f49c", "deprecated": false }, "0.7": { "digest": "c934455276a4ebea1d40f3a80fb960a2f309a06a523b7750c67c374f577f53cf", "deprecated": false }, "0.8": { "digest": "7016a32564d1eb6499d8cc9de1591886c6313acb356e513b67da45f9a7386267", "deprecated": false }, "0.9": { "digest": "79589c27fe75a013f3ebc4c9f6940c3cd0ee376abcd1f863bfa38e1ca237fc10", "deprecated": false } }, "long_description": "VGhpcyBwYXJzZXIgaXMgYSBnZW5lcmljIHBvc3QtcGFyc2luZyBodHRwIHJlLXBhcnNlciBhbmQgcHJvZmlkZXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbiBzdWNoIGFzIDoKIC0gc3RhdGljX3Jlc3NvdXJjZSA6IGEgYm9vbGVhbiB0byB0ZWxsIGlmIHRoZSByZXF1ZXN0ZWQgcmVzc291cmNlIGlzIGEgc3RhdGljIGZpbGUKIC0gZmlsZV9uYW1lIDogc2ltcGxlIGZpbGUrZmlsZS1leHRlbnNpb24KIC0gaW1wYWN0X2NvbXBsZXRpb24gOiBhIGJvb2xlYW4gZmxhZyBpbmRpY2F0aW5nIGlmIHRoZSByZXF1ZXN0IHN1Y2NlZWRlZCAoYmFzZWQgb24gdGhlIGh0dHAgcmVzcG9uc2UgY29kZSkK", "content": "ZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKZGVzY3JpcHRpb246ICJQYXJzZSBtb3JlIFNwZWNpZmljYWxseSBIVFRQIGxvZ3MsIHN1Y2ggYXMgSFRUUCBDb2RlLCBIVFRQIHBhdGgsIEhUVFAgYXJncyBhbmQgaWYgaXRzIGEgc3RhdGljIHJlc3NvdXJjZSIKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgRElSOiAiXi4qLyIKICBGSUxFOiAiW14vXS4qPyIKICBFWFQ6ICJcXC5bXi5dKiR8JCIKbm9kZXM6CiAgLSBzdGF0aWNzOgogICAgIC0gcGFyc2VkOiAiaW1wYWN0X2NvbXBsZXRpb24iCiAgICAgICAjIHRoZSB2YWx1ZSBvZiBhIGZpZWxkIGNhbiBhcyB3ZWxsIGJlIGRldGVybWluZWQgYXMgdGhlIHJlc3VsdCBvZiBhbiBleHByZXNzaW9uCiAgICAgICBleHByZXNzaW9uOiAiZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDQnLCAnNDAzJywgJzUwMiddID8gJ2ZhbHNlJyA6ICd0cnVlJyIKICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlCiAgICAgICB2YWx1ZTogJ2ZhbHNlJwogICMgbGV0J3Mgc3BsaXQgdGhlIHBhdGg/cXVlcnkgaWYgcG9zc2libGUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtHUkVFRFlEQVRBOnJlcXVlc3R9XFw/JXtHUkVFRFlEQVRBOmh0dHBfYXJnc30kIgogICAgICBhcHBseV9vbjogcmVxdWVzdAogICMgdGhpcyBpcyBhbm90aGVyIG5vZGUsIHdpdGggaXRzIG93biBwYXR0ZXJuX3N5bnRheAogIC0gI2RlYnVnOiB0cnVlCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtESVI6ZmlsZV9kaXJ9JXtGSUxFOmZpbGVfZnJhZ30le0VYVDpmaWxlX2V4dH0iCiAgICAgIGFwcGx5X29uOiByZXF1ZXN0CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfcGF0aCIKICAgICAgICAgICMgbWV0YSBhZgogICAgICAgIC0gbWV0YTogaHR0cF9hcmdzX2xlbgogICAgICAgICAgZXhwcmVzc2lvbjogImxlbihldnQuUGFyc2VkLmh0dHBfYXJncykiCiAgICAgICAgLSBwYXJzZWQ6IGZpbGVfbmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5maWxlX2ZyYWcgKyBldnQuUGFyc2VkLmZpbGVfZXh0CiAgICAgICAgLSBwYXJzZWQ6IHN0YXRpY19yZXNzb3VyY2UKICAgICAgICAgIGV4cHJlc3Npb246ICJVcHBlcihldnQuUGFyc2VkLmZpbGVfZXh0KSBpbiBbJy5KUEcnLCAnLkNTUycsICcuSlMnLCAnLkpQRUcnLCAnLlBORycsICcuU1ZHJywgJy5NQVAnLCAnLklDTycsICcuT1RGJywgJy5HSUYnLCAnLk1QMycsICcuTVA0JywgJy5XT0ZGJywgJy5XT0ZGMicsICcuVFRGJywgJy5PVEYnLCAnLkVPVCcsICcuV0VCUCcsICcuV0FWJywgJy5HWicsICcuQlJPVExJJywgJy5CVlInLCAnLlRTJ10gPyAndHJ1ZScgOiAnZmFsc2UnIgo=", "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource", "author": "crowdsecurity", "labels": null }, "crowdsecurity/iis-logs": { "path": "parsers/s01-parse/crowdsecurity/iis-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "b7a80af9ef0d2dc28939cde8eb773c578c6526b0d09737ca3b5be1821b1d83b6", "deprecated": false }, "0.2": { "digest": "1bf7cff86c0f408a93e661eb8c5ef2959c294a737ffcb800d36c3b03c8358c78", "deprecated": false }, "0.3": { "digest": "3f573bae5c2a602dfc51e753bfcde0e51f3d76ebdba9a795c1126b66f2045087", "deprecated": false }, "0.4": { "digest": "766ad2b89ad05737339cb9364572f2a48ba629b2f13791e7ee5491f8f7601ff7", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBJSVMgZGVmYXVsdCBXM0MgbG9ncy4KCkxvZyBmaWxlIGFuZCBldmVudCBsb2cgYXJlIGJvdGggc3VwcG9ydGVkLg==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdpaXMnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9paXMtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIElJUyBhY2Nlc3MgbG9ncyIKbm9kZXM6CiAgI1czQyBsb2dzIGNhbiBjb21lIGZyb20gdGhlIGV2ZW50IGxvZwogIC0gZmlsdGVyOiAiZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlID09ICd3aW5ldmVudGxvZycgYW5kIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNjIwMCciCiAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjLWlwJ10iKSAKICAgICAgICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdzYy1zdGF0dXMnXSIpCiAgICAgICAgLSBwYXJzZWQ6IGh0dHBfcGF0aAogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nY3MtdXJpLXN0ZW0nXSIpCiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuaHR0cF9wYXRoCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjcy11cmktcXVlcnknXSIpCiAgICAgICAgLSBwYXJzZWQ6IHZlcmIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J2NzLW1ldGhvZCddIikKICAgICAgICAtIG1ldGE6IGh0dHBfdmVyYgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nY3MtbWV0aG9kJ10iKQogICAgICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjc1VzZXItQWdlbnQnXSIpCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0ncy1zaXRlbmFtZSddIikgI25vdCBhIEZRRE4sIGJ1dCBjbG9zZSBlbm91Z2ggPwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nZGF0ZSddIikgKyAiICIgKyBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSd0aW1lJ10iKQogICAgICAgIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLmh0dHBfcGF0aCArICc/JyArIGV2dC5QYXJzZWQuaHR0cF9hcmdzCiAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLmRhdGFzb3VyY2VfdHlwZSAhPSAnd2luZXZlbnRsb2cnIgogICAgZ3JvazoKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0gJXtJUDpzZXJ2ZXJfaXB9ICV7V09SRDpodHRwX21ldGhvZH0gJXtEQVRBOmh0dHBfcGF0aH0gJXtEQVRBOmh0dHBfYXJnc30gJXtJTlR9ICV7REFUQTpyZW1vdGVfdXNlcn0gJXtJUDpjbGllbnRfaXB9ICV7REFUQTp1c2VyX2FnZW50fSAle0RBVEE6cmVmZXJlcn0gJXtJTlQ6c3RhdHVzfSAle0lOVDpzdWJzdGF0dXN9ICV7SU5UOndpbjMyX3N0YXR1c30gJXtJTlQ6ZHVyYXRpb259IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5jbGllbnRfaXAKICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc3RhdHVzCiAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3BhdGgKICAgICAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJfYWdlbnQKICAgICAgLSBtZXRhOiBodHRwX3ZlcmIKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLm1ldGhvZAogICAgICAtIHBhcnNlZDogdmVyYgogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQubWV0aG9kCiAgICAgIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICBleHByZXNzaW9uOiBldnQuTWV0YS5odHRwX3BhdGggKyAnPycgKyBldnQuUGFyc2VkLmh0dHBfYXJncwoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZw==", "description": "Parse IIS access logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/iptables-logs": { "path": "parsers/s01-parse/crowdsecurity/iptables-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "00076ea5d8fa862aeb6bb48890d84d9e2763bfc332a635eab884c0a3069fcccd", "deprecated": false }, "0.2": { "digest": "5b9e9e5bc1fc9a6ab923a7e08f0c5e4e16e5702f09b5142245694f52c45348f5", "deprecated": false }, "0.3": { "digest": "32c82e2b47e825f63e3536bd38bd153019139c8b7f57b8b005aa6d86f88c62f7", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGlwdGFibGVzIGAtaiBMT0dgIGxvZ3MgOgoKIC0gT25seSBwYXJzZSBrZXJuZWwgbWVzc2FnZXMgY29udGFpbmluZyBgSU49YAogLSBTa2lwIGxpbmVzIGlmIGRlY2lzaW9ucyBpcyBgQUNDRVBUYAogLSBBbGwgbG9nZ2VkIHBhY2tldHMgYXJlIGNvbnNpZGVyZWQgYXMgRFJPUHMuCgpUbyBtYWtlIHRoaXMgcGFyc2VyIHJlbGV2YW50LCB5b3Ugc2hvdWxkIGhhdmUgYSBgaXB0YWJsZXMgLUEgSU5QVVQgIC1tIHN0YXRlIC0tc3RhdGUgTkVXIC1qIExPR2Agb3Igc2ltaWxhciBpbnRvIHlvdXIgY29uZmlndXJhdGlvbi4gVGhpcyBvbmUgd2lsbCBsb2cgYWxsIG5ldyBjb25uZWN0aW9ucywgc3VjY2Vzc2Z1bCBvciBub3QuCgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnSU49JyBhbmQgbm90IChldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ0FDQ0VQVCcpIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBpcHRhYmxlcyBkcm9wIGxvZ3MiCmdyb2s6CiAgcGF0dGVybjogSU49JXtEQVRBOmludF9ldGh9IChPVVQ9ICk/TUFDPSV7SVB9OiV7TUFDfSBTUkM9JXtJUDpzcmNfaXB9IERTVD0le0lQOmRzdF9pcH0gTEVOPSV7SU5UOmxlbmd0aH0uKlBST1RPPSV7V09SRDpwcm90b30gU1BUPSV7SU5UOnNyY19wb3J0fSBEUFQ9JXtJTlQ6ZHN0X3BvcnR9CiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCgo=", "description": "Parse iptables drop logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/litespeed-logs": { "path": "parsers/s01-parse/crowdsecurity/litespeed-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "868cf099d57ea7a1994961b8d65e5abce01e797517bb97959c7e68e52dcb0b6f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGxpdGVzcGVlZCBzZXJ2ZXIgbG9ncywgc3VwcG9ydCBib3RoIGFjY2VzcyBhbmQgZXJyb3JzIChIVFRQIHVzZXIgYXV0aGVudGljYXRpb24pIGxvZ3Mu", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdsaXRlc3BlZWQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGxpdGVzcGVlZCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgI2FjY2VzcyBsb2cKICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gKCV7TkdVU0VSOnJlbW90ZV91c2VyfSk/IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtEQVRBOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtOVU1CRVI6c3RhdHVzfSAle05VTUJFUjpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjdXNlciBub3QgZm91bmQgb3IgYmFkIHBhc3N3b3JkIGZvciBIVFRQIGF1dGgKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0gXFxbJXtEQVRBOmxvZ19sZXZlbH1cXF0gXFxbJXtOT05ORUdJTlQ6cGlkfVxcXSBcXFsle0lQT1JIT1NUOnJlbW90ZV9hZGRyfTole0RBVEE6bWlzY30jJXtEQVRBOnZob3N0fVxcXSBVc2VyICcle05HVVNFUjp1c2VybmFtZX0nIGZhaWxlZCB0byBhdXRoZW50aWNhdGVcXC4iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgLSBncm9rOgogICAgICAjYWRtaW4gVUkgYXV0aCBmYWlsCiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWV9IFxcWyV7REFUQTpsb2dfbGV2ZWx9XFxdIFxcWyV7Tk9OTkVHSU5UOnBpZH1cXF0gXFxbJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn06JXtEQVRBOm1pc2N9IyV7REFUQTp2aG9zdH1cXF0gXFxbJXtXT1JEfVxcXSBcXFsle0RBVEF9XFxdIEZhaWxlZCBMb2dpbiBBdHRlbXB0IC0gdXNlcm5hbWU6JXtEQVRBOnVzZXJuYW1lfSBpcDole0lQOmNsaWVudF9pcH0gdXJsOiV7REFUQTp1cmx9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgIHZhbHVlOiAibGl0ZXNwZWVkX2FkbWluX2F1dGhfZmFpbCIKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogdGFyZ2V0X2ZxZG4KICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9mcWRuIgo=", "description": "Parse litespeed access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/magento-extension-logs": { "path": "parsers/s01-parse/crowdsecurity/magento-extension-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "14462ab2a582ecf9be26402de41b9a253e997b93a39c1aa1cfb22abf3740f808", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciB0aGUgW0Nyb3dkU2VjIE1hZ2VudG8gRXh0ZW5zaW9uXShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvYm91bmNlcnMvY3MtbWFnZW50by1ib3VuY2VyKS4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ21hZ2VudG8tZXh0ZW5zaW9uJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9tYWdlbnRvLWV4dGVuc2lvbi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQ3Jvd2RTZWMgTWFnZW50byBleHRlbnNpb24gbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgSEVBREVSOiAnXFsle0RBVEE6dGltZXN0YW1wfVxdIGNyb3dkc2VjLWV2ZW50c1wuW146XSs6ICAle0dSRUVEWURBVEE6bGluZX0gXFtcXScKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiSEVBREVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gdGFyZ2V0OiBTdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcApzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBtYWdlbnRvCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubGluZSwgInR5cGUiKQogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAiaXAiKQogICAgLSBtZXRhOiB4X2ZvcndhcmRlZF9mb3IKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAieC1mb3J3YXJkZWQtZm9yLWlwIikKICAgIC0gbWV0YTogYm91bmNlcl9hZ2VudAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJib3VuY2VyX2FnZW50IikKICAgIC0gbWV0YTogY3VzdG9tZXJfaWQKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAiY3VzdG9tZXJfaWQiKQogICAgLSBtZXRhOiBwYXltZW50X21ldGhvZAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJwYXltZW50X21ldGhvZCIpCiAgICAtIG1ldGE6IG9yZGVyX2lkCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubGluZSwgIm9yZGVyX2lkIikKICAgIC0gbWV0YTogcHJvZHVjdF9pZAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJwcm9kdWN0X2lkIikKICAgIC0gbWV0YTogcXVvdGVfaWQKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAicXVvdGVfaWQiKQ==", "description": "Parse CrowdSec Magento extension logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mariadb-logs": { "path": "parsers/s01-parse/crowdsecurity/mariadb-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "98468759d771f3db2dfdf795ac2794c9b56c01d6d46e98a1a81913309bedc74f", "deprecated": false }, "0.2": { "digest": "f41ce905ce3bd2034f375af20547930c913260792a82e8426aa8ab3b146cdba0", "deprecated": false } }, "long_description": "TWFyaWFkYiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4K", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTWFyaWFEQiBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ21hcmlhZGInIgpwYXR0ZXJuX3N5bnRheDoKICBEQVRFX1lNRDogIiV7WUVBUjp5ZWFyfS0le01PTlRITlVNOm1vbnRofS0le01PTlRIREFZOmRheX0iCmdyb2s6CiAgcGF0dGVybjogIiV7REFURV9ZTUQ6ZGF0ZX0gID8le1RJTUU6dGltZX0gJXtOVU1CRVI6dGhyZWFkX2lkfSBcXFtXYXJuaW5nXFxdIEFjY2VzcyBkZW5pZWQgZm9yIHVzZXIgJyV7REFUQTp1c2VyfSdAJyV7SVA6c291cmNlX2lwfScgXFwodXNpbmcgcGFzc3dvcmQ6ICV7V09SRDp1c2luZ19wYXNzd29yZH1cXCkiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUiCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6ICJtYXJpYWRiX2ZhaWxlZF9hdXRoIgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIg==", "description": "Parse MariaDB logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/modsecurity": { "path": "parsers/s01-parse/crowdsecurity/modsecurity.yaml", "stage": "s01-parse", "version": "0.9", "versions": { "0.1": { "digest": "8db1b74ef6681ebe8e9fcc09ed271830a330f3aa5dd3e273a98b3906c334f715", "deprecated": false }, "0.2": { "digest": "522f242c438219ae659e775aa123c252d9dcebf8bf808d644eb8a0069ed87919", "deprecated": false }, "0.3": { "digest": "f173c890dc7abadbeedf7e99d11ae8834e0dfc90e21684b5ea71f267a5a506f5", "deprecated": false }, "0.4": { "digest": "cd4f670cbb0b41d6e19d61170cfb60868832bf19e8393235d857dd356f33df2a", "deprecated": false }, "0.5": { "digest": "bc41dae1bc38731159c2c141ed9a0e4f99d6c8ec525555c6915a5ee376716da2", "deprecated": false }, "0.6": { "digest": "e598abbbe73a831393605f33b513cbf92b1f568a37f1388a3aa9fa7065d1514e", "deprecated": false }, "0.7": { "digest": "beee35fd2bb445549f0ef2f1be21dee30019aaaf6522a86e9bc114df6ecae73f", "deprecated": false }, "0.8": { "digest": "2f897a99b1d318627537f760a09194d62cb7d3cf6f2673b48815b2bd28a4279e", "deprecated": false }, "0.9": { "digest": "051d3c5c4b723913221f8e864f8ae21e491d79c139f3f8776e1591b5cba48582", "deprecated": false } }, "long_description": "VGhpcyBtb2RzZWN1cml0eSBwYXJzZXIgc3VwcG9ydCBtb2RzZWN1cml0eSBsb2dzIGZyb20gYXBhY2hlMiBlcnJvciBsb2cuCgooTm90IHRlc3RlZCB3aXRoIE5naW54IHlldCkuIA==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtb2RzZWN1cml0eScKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQojZGVidWc6IHRydWUKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciBtb2RzZWN1cml0eSBXQUYKcGF0dGVybl9zeW50YXg6CiAgQVBBQ0hFRVJST1JQUkVGSVgyOiAiXFxbJXtBUEFDSEVFUlJPUlRJTUU6dGltZXN0YW1wfVxcXSBcXFsle05PVFNQQUNFOmFwYWNoZXNldmVyaXR5fVxcXSAoXFxbcGlkICV7SU5UfSg6dGlkICV7SU5UfSk/XFxdICk/XFxbY2xpZW50ICV7SVBPUkhPU1Q6c291cmNlaG9zdH0oOiV7SU5UOnNvdXJjZV9wb3J0fSk/XFxdIChcXFtjbGllbnQgJXtJUE9SSE9TVH1cXF0pPyIKICBOR0lOWEVSUk9SUFJFRklYOiAiJXtOR0lOWEVSUlRJTUU6dGltZX0gXFxbJXtMT0dMRVZFTDpsb2dsZXZlbH1cXF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXFwqJXtOT05ORUdJTlQ6Y2lkfSApPyhcXFtjbGllbnQgJXtJUE9SSE9TVH1cXF0gKT8iCiAgTkdJTlhFUlJPUlNVRkZJWDogImNsaWVudDogJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0sIHNlcnZlcjogJXtEQVRBOnRhcmdldF9mcWRufSwgcmVxdWVzdDogXCIle1dPUkQ6dmVyYn0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259XCIsIGhvc3Q6IFwiJXtJUE9SSE9TVH0oOiV7SU5UfSk/XCIiCiAgTU9EU0VDTkdJTlhQUkVGSVg6ICIle05HSU5YRVJST1JQUkVGSVh9TW9kU2VjdXJpdHk6ICgle05PVFNQQUNFOm1vZHNlY3NldmVyaXR5fVxcLiApPyV7R1JFRURZREFUQTptb2RzZWNtZXNzYWdlfSIKICBNT0RTRUNQUkVGSVgyOiAiJXtBUEFDSEVFUlJPUlBSRUZJWDJ9IE1vZFNlY3VyaXR5OiAoJXtOT1RTUEFDRTptb2RzZWNzZXZlcml0eX1cXC4gKT8le0dSRUVEWURBVEE6bW9kc2VjbWVzc2FnZX0iCiAgTU9EU0VDUlVMRUZJTEUyOiAiXFxbZmlsZSBcIiV7REFUQTpydWxlZmlsZX1cIlxcXSIKICBNT0RTRUNSVUxFTElORTI6ICJcXFtsaW5lIFwiJXtEQVRBOnJ1bGVsaW5lfVwiXFxdIgogIE1PRFNFQ01BVENIT0ZGU0VUMjogIlxcW29mZnNldCBcIiV7REFUQTptYXRjaG9mZnNldH1cIlxcXSIKICBNT0RTRUNSVUxFSUQyOiAiXFxbaWQgXCIle0RBVEE6cnVsZWlkfVwiXFxdIgogIE1PRFNFQ1JVTEVSRVYyOiAiXFxbcmV2IFwiJXtEQVRBOnJ1bGVyZXZ9XCJcXF0iCiAgTU9EU0VDUlVMRU1TRzI6ICJcXFttc2cgXCIle0RBVEE6cnVsZW1lc3NhZ2V9XCJcXF0iCiAgTU9EU0VDUlVMRURBVEEyOiAiXFxbZGF0YSBcIiV7REFUQTpydWxlZGF0YX1cIlxcXSIKICBNT0RTRUNSVUxFU0VWRVJJVFkyOiAiXFxbc2V2ZXJpdHkgXCIle0RBVEE6cnVsZXNldmVyaXR5fVwiXFxdIgogIE1PRFNFQ1JVTEVNQVRVUklUWTogIlxcW21hdHVyaXR5IFwiJXtEQVRBOm1hdHVyaXR5fVwiXFxdIgogIE1PRFNFQ1JVTEVBQ0NVUkFDWTogIlxcW2FjY3VyYWN5IFwiJXtEQVRBOmFjY3VyYWN5fVwiXFxdIgogIE1PRFNFQ1JVTEVWRVJTMjogIlxcW3ZlciBcIiV7REFUQTp2ZXJzaW9ufVwiXFxdIgogIE1PRFNFQ1JVTEVUQUdTMjogIig/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMn1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnM31cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNn1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnN31cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnOH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnOX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQX1cIlxcXSApKiIKICBNT0RTRUNIT1NUTkFNRTI6ICJcXFtob3N0bmFtZSBbJ1wiXSV7REFUQTp0YXJnZXRob3N0fVtcIiddXFxdIgogIE1PRFNFQ1VSSTI6ICJcXFt1cmkgW1wiJ10le0RBVEE6dGFyZ2V0dXJpfVtcIiddXFxdIgogIE1PRFNFQ1VJRDI6ICJcXFt1bmlxdWVfaWQgXCIle0RBVEE6dW5pcXVlaWR9XCJcXF0iCiAgTU9EU0VDUkVGMjogIlxcW3JlZiBcIiV7REFUQTpyZWZ9XCJcXF0iCiAgTU9EU0VDQVBBQ0hFRVJST1IyOiAiJXtNT0RTRUNQUkVGSVgyfSAle01PRFNFQ1JVTEVGSUxFMn0gJXtNT0RTRUNSVUxFTElORTJ9ICg/OiV7TU9EU0VDTUFUQ0hPRkZTRVQyfSApPyg/OiV7TU9EU0VDUlVMRUlEMn0gKT8oPzole01PRFNFQ1JVTEVSRVYyfSApPyg/OiV7TU9EU0VDUlVMRU1TRzJ9ICk/KD86JXtNT0RTRUNSVUxFREFUQTJ9ICk/KD86JXtNT0RTRUNSVUxFU0VWRVJJVFkyfSApPyg/OiV7TU9EU0VDUlVMRVZFUlMyfSApPyV7TU9EU0VDUlVMRVRBR1MyfSV7TU9EU0VDSE9TVE5BTUUyfSAle01PRFNFQ1VSSTJ9ICV7TU9EU0VDVUlEMn0iCiAgTU9EU0VDTkdJTlhFUlJPUjogIiV7TU9EU0VDTkdJTlhQUkVGSVh9ICV7TU9EU0VDUlVMRUZJTEUyfSAle01PRFNFQ1JVTEVMSU5FMn0gKD86JXtNT0RTRUNNQVRDSE9GRlNFVDJ9ICk/KD86JXtNT0RTRUNSVUxFSUQyfSApPyg/OiV7TU9EU0VDUlVMRVJFVjJ9ICk/KD86JXtNT0RTRUNSVUxFTVNHMn0gKT8oPzole01PRFNFQ1JVTEVEQVRBMn0gKT8oPzole01PRFNFQ1JVTEVTRVZFUklUWTJ9ICk/KD86JXtNT0RTRUNSVUxFVkVSUzJ9ICk/KD86JXtNT0RTRUNSVUxFTUFUVVJJVFl9ICk/KD86JXtNT0RTRUNSVUxFQUNDVVJBQ1l9ICk/JXtNT0RTRUNSVUxFVEFHUzJ9JXtNT0RTRUNIT1NUTkFNRTJ9ICV7TU9EU0VDVVJJMn0gJXtNT0RTRUNVSUQyfSAle01PRFNFQ1JFRjJ9LCAle05HSU5YRVJST1JTVUZGSVh9IgoKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiBNT0RTRUNBUEFDSEVFUlJPUjIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogbW9kc2VjdXJpdHkKICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2Vob3N0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgIC0gbWV0YTogcnVsZV9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlaWQKICAgICAgICAtIG1ldGE6IG1vZHNlY19tZXNzYWdlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJ1bGVtZXNzYWdlCiAgICAgICAgLSBtZXRhOiBtb2RzZWNfcnVsZWRhdGEKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucnVsZWRhdGEKICAtIGdyb2s6CiAgICAgIG5hbWU6IE1PRFNFQ05HSU5YRVJST1IKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogbW9kc2VjdXJpdHkKICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZW1vdGVfYWRkcgogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICAgICAgLSBtZXRhOiBydWxlX2lkCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJ1bGVpZAogICAgICAgIC0gbWV0YTogbW9kc2VjX21lc3NhZ2UKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucnVsZW1lc3NhZ2UKICAgICAgICAtIG1ldGE6IG1vZHNlY19ydWxlZGF0YQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlZGF0YQoK", "description": "A parser for modsecurity WAF", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mssql-logs": { "path": "parsers/s01-parse/crowdsecurity/mssql-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "9c99578104a9158ada41bb8dd920575a83d494e6f6e2d166eb5773fb4d7023b1", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIGV2dC5QYXJzZWQuU291cmNlID09ICdNU1NRTFNFUlZFUicgJiYgZXZ0LlBhcnNlZC5FdmVudElEID09ICcxODQ1NiciCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogQ291bGQgbm90IGZpbmQgYSBsb2dpbiBtYXRjaGluZyB0aGUgbmFtZSBwcm92aWRlZFxcLiIKICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVsyXSIpCiAgICBub2RlczoKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogIlxcW0NMSUVOVDogJXtJUDpzb3VyY2VfaXB9XFxdIgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVszXSIpCiAgICAgICAgICBzdGF0aWNzOgogICAgICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICB2YWx1ZTogYmFkX3VzZXIKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXNzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMV0iKQ==", "description": "Parse mssql logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mysql-logs": { "path": "parsers/s01-parse/crowdsecurity/mysql-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "9ad9acb6f2c62c6d38c8b662a22af412f6bb0d73f14197b5136cc2c777a3865b", "deprecated": false }, "0.2": { "digest": "4d2fb3da27c9e65b95fe74f962b0ed1f246f2312ca48b8e9fc95e073488a0809", "deprecated": false }, "0.3": { "digest": "e87dcc2182097881e9b90183917fa6e482e5dbe5a03420aab7c0d62b039cb0dd", "deprecated": false } }, "long_description": "TXlzcWwgYXV0aGVudGljYXRpb24gZmFpbCBwYXJzZXIuCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE15U1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXlzcWwnIgpncm9rOgogIHBhdHRlcm46ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWV9ICV7TlVNQkVSfSBcXFtOb3RlXFxdKCBcXFsle0RBVEE6ZXJyX2NvZGV9XFxdIFxcWyV7REFUQTpzdWJzeXN0ZW19XFxdKT8gQWNjZXNzIGRlbmllZCBmb3IgdXNlciAnJXtEQVRBOnVzZXJ9J0AnJXtJUDpzb3VyY2VfaXB9JyBcXCh1c2luZyBwYXNzd29yZDogJXtXT1JEOnVzaW5nX3Bhc3N3b3JkfVxcKSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBteXNxbF9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIg==", "description": "Parse MySQL logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/naxsi-logs": { "path": "parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml", "stage": "s02-enrich", "version": "0.1", "versions": { "0.1": { "digest": "c8b9f9ffdc82619cfc9ef10be9ba18513f702688d86d5c48a5cffb525499a8f0", "deprecated": false } }, "content": "I2xldCdzIHRyeSB0byBwb3N0LXByb2Nlc3MgbmdpbnggZXJyb3IgbG9nIHRvIGhhdmUgbmF4c2kgcGF0dGVybgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9lcnJvci1sb2cnICYmIGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbmdpbngnIgpkZXNjcmlwdGlvbjogIkVucmljaCBsb2dzIGlmIGl0cyBmcm9tIE5BWFNJIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25heHNpLWxvZ3MKZ3JvazoKICBuYW1lOiAiTkFYU0lfRVhMT0ciCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0Lk1ldGEubG9nX3R5cGUKICAgIHZhbHVlOiB3YWZfbmF4c2ktbG9nCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLm5heHNpX3NyY19pcCIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF9wYXRoIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2lwIg==", "description": "Enrich logs if its from NAXSI", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nextcloud-logs": { "path": "parsers/s01-parse/crowdsecurity/nextcloud-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "072ff18cde784aedbe88ded5742860fcdf5000c3b56f10ca4d5fc2ec0b8166d7", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbTmV4dGNsb3VkXShodHRwczovL25leHRjbG91ZC5jb20vKSBsb2dzCgpJZiB5b3UgaGF2ZSB0aGUgZGVmYXVsdCBbc2V0dGluZ10oaHR0cHM6Ly9kb2NzLm5leHRjbG91ZC5jb20vc2VydmVyL3N0YWJsZS9hZG1pbl9tYW51YWwvY29uZmlndXJhdGlvbl9zZXJ2ZXIvY29uZmlnX3NhbXBsZV9waHBfcGFyYW1ldGVycy5odG1sP2hpZ2hsaWdodD1sb2dsZXZlbCNsb2dnaW5nKQpvZiBsb2dnaW5nIHRvIGZpbGUsIHlvdSBuZWVkIHRvIGFkZCBpbiBhY3F1aXNpdGlvbiAoY2hhbmdlIGZpbGVuYW1lIHRvIHlvdXIgbG9nIGZpbGUgbG9jYXRpb24pOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL3d3dy9uZXh0Y2xvdWQvZGF0YS9uZXh0Y2xvdWQubG9nCmxhYmVsczoKICB0eXBlOiBOZXh0Y2xvdWQKYGBgCgpJZiB5b3UgYXJlIHNlbmRpbmcgbG9ncyB0byBzeXNsb2cgb3Igc3lzdGVtZCBhbmQgcmVhZCBmcm9tIGpvdXJuYWxkLCBhZGQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRklFUj1OZXh0Y2xvdWQiCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCg==", "content": "LS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6ICJVcHBlcihldnQuUGFyc2VkLnByb2dyYW0pID09ICdORVhUQ0xPVUQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgbmV4dGNsb3VkIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ0xvZ2luIGZhaWxlZDogJXtVU0VSTkFNRTp0YXJnZXRfdXNlcn0gXChSZW1vdGUgSVA6ICV7SVA6c291cmNlX2lwfVwpJwogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJtZXNzYWdlIikKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50YXJnZXRfdXNlciIKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBuZXh0Y2xvdWRfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdCcnV0ZWZvcmNlIGF0dGVtcHQgZnJvbSBcXD8iJXtJUDpzb3VyY2VfaXB9XFw/IiBkZXRlY3RlZCBmb3IgYWN0aW9uIFxcPyIle0RBVEE6YWN0aW9ufVxcPyInCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1lc3NhZ2UiKQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBhY3Rpb24KICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5hY3Rpb24iCiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogbmV4dGNsb3VkX2JydXRlZm9yY2VfYXR0ZW1wdApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IG5leHRjbG91ZAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJ0aW1lIikK", "description": "Parse nextcloud logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nginx-logs": { "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml", "stage": "s01-parse", "version": "1.3", "versions": { "0.1": { "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059", "deprecated": false }, "0.2": { "digest": "eae9b00d93c9e86f4b909bf0b0ce7dee821834702bc99c29213ebeca86054367", "deprecated": false }, "0.3": { "digest": "7e6aeff6e07708806ffdc92b81b290cb41da8ddf95c2a1933f59f6b36ba62ace", "deprecated": false }, "0.4": { "digest": "c1a14a662419b6edc17078467cea654082f02925961341e29fead330d11174ff", "deprecated": false }, "0.5": { "digest": "81aee3a0a3eb3f603d846ba17b7efbae49d1169a13a49099a4e16b929cc20747", "deprecated": false }, "0.6": { "digest": "1c1ac2988fce3691f5b571886921ba4d92563ba739756b9d112c58370e55a830", "deprecated": false }, "0.7": { "digest": "2e209cb2f4277ccc854254a3dc627bc3d96e9f29ccb4756129d9b0c32964515e", "deprecated": false }, "0.8": { "digest": "ea536d0d2c336ffc1720bb6d7678839f0488c1fca96614327396afd2f92ae9fc", "deprecated": false }, "0.9": { "digest": "b30a1fb8efb8148f9444587a8bfb9558fd6c28f898644fd140f7995ffa302c68", "deprecated": false }, "1.0": { "digest": "3e1f4e967e6088b83b8191c357cd5dc8ab5842200ffd47de7b5e8ddd8f2b28f7", "deprecated": false }, "1.1": { "digest": "2d3bc9c768099ff55fc8948879bf3f57c35d37f834916a490b72094d5dc8812d", "deprecated": false }, "1.2": { "digest": "e2cf65e3272cf7c269ffcb2282f6e6f9169a8acec98a97acae96d90f3f8b30dd", "deprecated": false }, "1.3": { "digest": "b76ec30d100908555f3d2085f12338b6366a6286cbf00dc5ae590cc7d8f7373f", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuClRoaXMgcGFyc2VyIHN1cHBvcnQgYWxzbyBpbmdyZXNzIG5naW54IGNvbnRyb2xsZXIgZGVmYXVsdCBbbG9nX2Zvcm1hdF0oaHR0cHM6Ly9rdWJlcm5ldGVzLmdpdGh1Yi5pby9pbmdyZXNzLW5naW54L3VzZXItZ3VpZGUvbmdpbngtY29uZmlndXJhdGlvbi9sb2ctZm9ybWF0LykKCgoqbm90ZSA6ICogSWYgeW91IGFyZSBhZ2dyZWdhdGluZyBsb2dzIGZyb20gc2V2ZXJhbCBkb21haW5zLCBwcmVmaXggeW91ciBsb2dsaW5lIHdpdGggdGhlIHRhcmdldCBGUUROLiBIVFRQIGJhc2VkIHNjZW5hcmlvcyBzaG91bGQgdGFrZSB0aGlzIGludG8gYWNjb3VudCBzbyB0aGF0IGJ1Y2tldHMgYXJlIF9wZXJfIHNvdXJjZSBJUCBwZXIgdGFyZ2V0IEZRRE4sIGxpbWl0aW5nIGZhbHNlIHBvc2l0aXZlcyBkdWUgdG8gbG9ncyBtdWx0aXBsZXhpbmcuCgo=", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG5naW54IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAoJXtOR1VTRVI6cmVtb3RlX3VzZXJ9KT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7V09SRDp2ZXJifSAle0RBVEE6cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjIGFuZCB0aGlzIG9uZSB0aGUgZXJyb3IgbG9nCiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9LCBjbGllbnQ6ICV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9LCBzZXJ2ZXI6ICV7REFUQTp0YXJnZXRfZnFkbn0sIHJlcXVlc3Q6ICIle1dPUkQ6dmVyYn0gKFteL10rKT8le1VSSVBBVEhQQVJBTTpyZXF1ZXN0fSggSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259KT8iLCBob3N0OiAiJXtJUE9SSE9TVH0oOiV7Tk9OTkVHSU5UfSk/IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9lcnJvci1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQogICAgcGF0dGVybl9zeW50YXg6CiAgICAgIE5PX0RPVUJMRV9RVU9URTogJ1teIl0rJwogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ3dhcyBub3QgZm91bmQgaW4nIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgVVNFUl9OT1RfRk9VTkQ6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iIHdhcyBub3QgZm91bmQgaW4gIiV7Tk9fRE9VQkxFX1FVT1RFfSInCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1VTRVJfTk9UX0ZPVU5EfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ3Bhc3N3b3JkIG1pc21hdGNoJyIKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIFBBU1NXT1JEX01JU01BVENIOiAndXNlciAiJXtOT19ET1VCTEVfUVVPVEU6dXNlcm5hbWV9IjogcGFzc3dvcmQgbWlzbWF0Y2gnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1BBU1NXT1JEX01JU01BVENIfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ2xpbWl0aW5nIHJlcXVlc3RzLCBleGNlc3MnIgogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAicmVxX2xpbWl0X2V4Y2VlZGVkIgogICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogdGFyZ2V0X2ZxZG4KICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9mcWRuIgo=", "description": "Parse nginx access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nginx-proxy-manager-logs": { "path": "parsers/s01-parse/crowdsecurity/nginx-proxy-manager-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "d3537478fca875fdaccc3d5591ec3ce3f6fbeb5283737aca3b12d322bd8abfd7", "deprecated": false }, "0.2": { "digest": "b3c98501a460913b0d09aaf410e5651e999eba720516bb4822e69f0adea19685", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgW05naW54IFByb3h5IE1hbmFnZXJdKGh0dHBzOi8vZ2l0aHViLmNvbS9OZ2lueFByb3h5TWFuYWdlci9uZ2lueC1wcm94eS1tYW5hZ2VyKSwgc3VwcG9ydCBib3RoIFthY2Nlc3MgYW5kIGVycm9yIGxvZ3NdKGh0dHBzOi8vZ2l0aHViLmNvbS9OZ2lueFByb3h5TWFuYWdlci9uZ2lueC1wcm94eS1tYW5hZ2VyL2Jsb2IvZGV2ZWxvcC9kb2NrZXIvcm9vdGZzL2V0Yy9uZ2lueC9uZ2lueC5jb25mI0w0NikuCgo=", "content": "IwpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gc3RhcnRzV2l0aCAnbmdpbngtcHJveHktbWFuYWdlciciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L25naW54LXByb3h5LW1hbmFnZXItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE5naW54IFByb3h5IE1hbmFnZXIgYWNjZXNzIGFuZCBlcnJvciBsb2dzIgpub2RlczoKICAjIEZvciBQcm94eSBob3N0cyBsb2dzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0oICV7TlVNX09SX0RBU0g6dXBzdHJlYW1fY2FjaGVfc3RhdHVzfSAle05VTV9PUl9EQVNIOnVwc3RyZWFtX3N0YXR1c30pPyAle05VTUJFUjpzdGF0dXN9IC0gJXtXT1JEOnZlcmJ9ICV7V09SRDpzY2hlbWV9ICV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59IFwiJXtOT1REUVVPVEU6cmVxdWVzdH1cIiBcW0NsaWVudCAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfVxdIFxbTGVuZ3RoICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH1cXSBcW0d6aXAgJXtEQVRBOmd6aXBfcmF0aW99XF0oIFxbU2VudC10byAle0lQT1JIT1NUOnRhcmdldF9zZXJ2ZXJ9XF0pPyBcIiV7Tk9URFFVT1RFOmh0dHBfdXNlcl9hZ2VudH1cIiBcIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn1cIicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAgIHBhdHRlcm5fc3ludGF4OgogICAgICBOVU1fT1JfREFTSDogJy18XGQqJwogICMgRm9yIERlZmF1bHQgaG9zdCBsb2dzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAoJXtOR1VTRVI6cmVtb3RlX3VzZXJ9KT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7V09SRDp2ZXJifSAle0RBVEE6cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogIC0gZ3JvazoKICAgICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtOR0lOWEVSUlRJTUU6dGltZX0gXFsle0xPR0xFVkVMOmxvZ2xldmVsfVxdICV7Tk9OTkVHSU5UOnBpZH0jJXtOT05ORUdJTlQ6dGlkfTogKFwqJXtOT05ORUdJTlQ6Y2lkfSApPyV7R1JFRURZREFUQTptZXNzYWdlfSwgY2xpZW50OiAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSwgc2VydmVyOiAle0lQT1JIT1NUOnRhcmdldF9mcWRufSwgcmVxdWVzdDogIiV7V09SRDp2ZXJifSAle1VSSVBBVEhQQVJBTTpyZXF1ZXN0fSBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0iLCBob3N0OiAiJXtJUE9SSE9TVH0iJwogICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnd2FzIG5vdCBmb3VuZCBpbiciCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBVU0VSX05PVF9GT1VORDogJ3VzZXIgIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSIgd2FzIG5vdCBmb3VuZCBpbiAiJXtOT19ET1VCTEVfUVVPVEV9IicKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7VVNFUl9OT1RfRk9VTkR9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAncGFzc3dvcmQgbWlzbWF0Y2gnIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgUEFTU1dPUkRfTUlTTUFUQ0g6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iOiBwYXNzd29yZCBtaXNtYXRjaCcKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7UEFTU1dPUkRfTUlTTUFUQ0h9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQojIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogaHR0cF92ZXJiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC52ZXJiIgogIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCg==", "description": "Parse Nginx Proxy Manager access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/odoo-logs": { "path": "parsers/s01-parse/crowdsecurity/odoo-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "a41a81ec54fd61070c0d15f954a4a6f00c63e33546f12d79c6abaf745c36fb4e", "deprecated": false } }, "long_description": "T2RvbyBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4KClJlZmVyZW5jZToKaHR0cHM6Ly93d3cub2Rvby5jb20vZG9jdW1lbnRhdGlvbi8xNS4wL2FkbWluaXN0cmF0aW9uL2luc3RhbGwvZGVwbG95Lmh0bWwjYmxvY2tpbmctYnJ1dGUtZm9yY2UtYXR0YWNrcw==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvb2Rvby1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgT2RvbyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ29kb28nIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJTlQ6UElEfSBJTkZPICV7REFUQTpkYl9uYW1lfSBvZG9vLmFkZG9ucy5iYXNlLm1vZGVscy5yZXNfdXNlcnM6IExvZ2luIGZhaWxlZCBmb3IgZGI6JXtEQVRBfSBsb2dpbjole0RBVEE6dXNlcn0gZnJvbSAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG9kb29fZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciIKICAtIG1ldGE6IGRiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kYl9uYW1lIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse Odoo logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/opnsense-gui-logs": { "path": "parsers/s01-parse/crowdsecurity/opnsense-gui-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "1a93083832b2ef50845cbf1fd056ab1b680e6f524d17892bc8f6cb72cfe87935", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIGF1dGhlbnRpY2F0aW9uIHBhcnNlcgoKQSBwYXJzZXIgZm9yIG9wbnNlbnNlIHdlYiBhdXRoZW50aWNhdGlvbiAoZmFpbGVkKSBsb2dzLgpUaG9zZSBsb2dzIGFyZSB1c3VhbGx5IHByZXNlbnQgaW4gYCAvdmFyL2xvZy9hdWRpdC9sYXRlc3QubG9nYC4KCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnYXVkaXQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLWd1aS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgT1BOU2Vuc2Ugd2ViIGF1dGggbG9ncyIKIy9pbmRleC5waHA6IFdlYiBHVUkgYXV0aGVudGljYXRpb24gZXJyb3IgZm9yICd0b3RvJyBmcm9tIDEuMi4zLjQKZ3JvazogCiAgcGF0dGVybjogIi9pbmRleC5waHA6IFdlYiBHVUkgYXV0aGVudGljYXRpb24gZXJyb3IgZm9yICcle1VTRVJOQU1FOnVzZXJuYW1lfScgZnJvbSAle0lQT1JIT1NUOnNvdXJjZV9pcH0iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvcG5zZW5zZS1ndWkKICAtIG1ldGE6IHVzZXJuYW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogb3Buc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoCg==", "description": "Parse OPNSense web auth logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pam-logs": { "path": "parsers/s01-parse/crowdsecurity/pam-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "8648ee68511e7f48834a7e4a2c850f55de13ebcf05cb97b147265290ec089384", "deprecated": false }, "0.2": { "digest": "7fc970165bfb774accdf27c4932473bd2633cc680d213ed49656e4f462fdd495", "deprecated": false } }, "long_description": "QSBtaW5pbWFsIHBhcnNlciBmb3IgcGFtLCBzdXBwb3J0cyBvbmx5IDoKIC0gYXV0aGVudGljYXRpb24gZmFpbHVyZSBtZXNzYWdlcwogLSBhY2NvdW50IGxvY2sgKHBhbV90YWxseSkK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VkbyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGFtLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwYW0gbG9ncyIKbm9kZXM6CiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJ3BhbV90YWxseTJcKHN1ZG86YXV0aFwpOiB1c2VyICV7Tk9UU1BBQ0U6dXNlcm5hbWV9IFwoJXtOVU1CRVI6dWlkfVwpIHRhbGx5IFxkLCBkZW55IFxkJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBwYW1fdXNlcl9sb2NrCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAncGFtX3VuaXhcKHN1ZG86YXV0aFwpOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyBsb2duYW1lPSV7Tk9UU1BBQ0U6bG9nbmFtZX0gdWlkPSV7TlVNQkVSOnVpZH0gZXVpZD0le05VTUJFUjpldWlkfSB0dHk9JXtOT1RTUEFDRTp0dHl9IHJ1c2VyPSV7Tk9UU1BBQ0U6cnVzZXJ9IHJob3N0PSV7R1JFRURZREFUQTpyaG9zdH0gIHVzZXI9JXtOT1RTUEFDRTp1c2VybmFtZX0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHBhbV9mYWlsZWRfYXV0aApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHBhbQogIC0gbWV0YTogdXNlcm5hbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXJuYW1lIgo=", "description": "Parse pam logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pgsql-logs": { "path": "parsers/s01-parse/crowdsecurity/pgsql-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "180dbffa0ae9a0b7fa192d5328dfc69c8b1a0489a81604c6642a47be3fd1394d", "deprecated": false }, "0.2": { "digest": "bf228d679c51e8b47d06ee58185591b97c5be3acb4fcb0e38d36707f6452bd5d", "deprecated": false }, "0.3": { "digest": "693c053d3ff524e84e2aea4d4e29d0fc2b8151804d4672f7cbdf77d8ac48eccc", "deprecated": false }, "0.4": { "digest": "107048061794ca54bf99a080d78642a1345cc9d5554bc54bad353aec3fa313d0", "deprecated": false }, "0.5": { "digest": "70c79e6c9c679779cd61bad22760bc0ac421b6a735278d659dec3b39c85f15f2", "deprecated": false } }, "long_description": "UG9zdGdyZVNRTCBmYWlsIGF1dGhlbnRpY2F0aW9uIHBhcnNlci4KCgoqKndhcm5pbmcqKiA6IEJ5IGRlZmF1bHQgKGF0IGxlYXN0IG9uIGRlYmlhbiB3aXRoIHBnc3FsIDEyKSwgcG9zdGdyZVNRTCBsb2dzIGRvIG5vdCBjb250YWluIHRoZSBzb3VyY2UgSVAsIGFuZCBgbG9nX2xpbmVfcHJlZml4YCBuZWVkcyB0byBiZSBlZGl0ZWQgdG8gY29udGFpbiBgJWhgICh0aGUgcmVtb3RlIGhvc3QpLiBUaGlzIHBhcnNlciBhc3N1bWVzIHRoZSBgbG9nX2xpbmVfcHJlZml4YCBpcyAgYCVtIFslcF0gJWglcSAldUAlZCBgIChpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IGAlbSBbJXBdICVxJXVAJWQgYCkKClBsZWFzZSBub3RlIHRoYXQgdGhlIHBhcnNlciBpZ25vcmVzIHRoZSB0aW1lem9uZSB3cml0dGVuIGJ5IHBvc3RncmVzLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGdzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFBnU1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGdyZXMnIgpub2RlczoKICAtIGdyb2s6CiAgICAjcGdzcWwgMTIKICAgICAgcGF0dGVybjogJyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9IFxbJXtJTlQ6UElEfVxdICV7SVA6c291cmNlX2lwfSAle1VTRVJOQU1FOnBnc3FsX3VzZXJ9QCV7R1JFRURZREFUQTpwZ3NxbF9kYm5hbWV9IEZBVEFMOiAgJXtXT1JEOmF1dGhfbWV0aG9kfSBhdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgIiV7VVNFUk5BTUU6cGdzcWxfdGFyZ2V0X3VzZXJ9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAjYXdzIGF1cm9yYQogICAgIyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9OiV7SVA6c291cmNlX2lwfVwoJXtJTlQ6c291cmNlX3BvcnR9XCk6JXtVU0VSTkFNRTpwZ3NxbF91c2VyfUAle0dSRUVEWURBVEE6cGdzcWxfZGJuYW1lfTpcWyV7SU5UOnBpZH1cXTpGQVRBTDogcGFzc3dvcmQgYXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyICIle1VTRVJOQU1FOnBnc3FsX3RhcmdldF91c2VyfSIKICAgICAgcGF0dGVybjogJyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9OiV7SVA6c291cmNlX2lwfVwoJXtJTlQ6c291cmNlX3BvcnR9XCk6JXtVU0VSTkFNRTpwZ3NxbF91c2VyfUAle0dSRUVEWURBVEE6cGdzcWxfZGJuYW1lfTpcWyV7SU5UOnBpZH1cXTpGQVRBTDogICV7V09SRDphdXRoX21ldGhvZH0gYXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyICIle1VTRVJOQU1FOnBnc3FsX3RhcmdldF91c2VyfSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHBnc3FsX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiBhdXRoX21ldGhvZAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYXV0aF9tZXRob2QiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnBnc3FsX3RhcmdldF91c2VyIgogIC0gbWV0YTogZGIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnBnc3FsX2RibmFtZSIKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1w", "description": "Parse PgSQL logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pkexec-logs": { "path": "parsers/s01-parse/crowdsecurity/pkexec-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "3b8e30530f69f776d327b5710653a496245949ca6dde84d16357f433b7303a25", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3BrZXhlYyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGtleGVjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwa2V4ZWMgbG9ncyBzcGVjaWZpY2FsbHkgZm9yIENWRS0yMDIxLTQwMzQiCnBhdHRlcm5fc3ludGF4OgogIFBXTktJVF9YUEw6ICcle0RBVEE6dXNlcn06IFRoZSB2YWx1ZSBmb3IgdGhlIFNIRUxMIHZhcmlhYmxlIHdhcyBub3QgZm91bmQgdGhlIC9ldGMvc2hlbGxzIGZpbGUnCmdyb2s6CiAgbmFtZTogIlBXTktJVF9YUEwiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogQ1ZFLTIwMjEtNDAzNC14cGwKICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIgo=", "description": "Parse pkexec logs specifically for CVE-2021-4034", "author": "crowdsecurity", "labels": null }, "crowdsecurity/postfix-logs": { "path": "parsers/s01-parse/crowdsecurity/postfix-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "da6b8ecae70e951905697c92fc0c198c2148041bf96e33658d485818c37d7414", "deprecated": false }, "0.2": { "digest": "7338524c5cd363792ee2b8edd488ee6e855b925e073ad659ae2c1b9fb1f4afdf", "deprecated": false }, "0.3": { "digest": "22d3fd0f7d3ca3ea1899df909c5748ed8781b58d243e8d54217ce268874072e1", "deprecated": false }, "0.4": { "digest": "1b30aa19109f2f95ac96afa38e83d5abea3ace8b310773cf936e7191241a01df", "deprecated": false } }, "content": "IyBDb3B5cmlnaHQgKGMpIDIwMTQsIDIwMTUsIFJ1ZHkgR2V2YWVydAojIENvcHlyaWdodCAoYykgMjAyMCBDcm93ZHNlYwoKIyBQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkLCBmcmVlIG9mIGNoYXJnZSwgdG8gYW55IHBlcnNvbiBvYnRhaW5pbmcKIyBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1bWVudGF0aW9uIGZpbGVzICh0aGUKIyAiU29mdHdhcmUiKSwgdG8gZGVhbCBpbiB0aGUgU29mdHdhcmUgd2l0aG91dCByZXN0cmljdGlvbiwgaW5jbHVkaW5nCiMgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHMgdG8gdXNlLCBjb3B5LCBtb2RpZnksIG1lcmdlLCBwdWJsaXNoLAojIGRpc3RyaWJ1dGUsIHN1YmxpY2Vuc2UsIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0bwojIHBlcm1pdCBwZXJzb25zIHRvIHdob20gdGhlIFNvZnR3YXJlIGlzIGZ1cm5pc2hlZCB0byBkbyBzbywgc3ViamVjdCB0bwojIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczoKCiMgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMgcGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUKIyBpbmNsdWRlZCBpbiBhbGwgY29waWVzIG9yIHN1YnN0YW50aWFsIHBvcnRpb25zIG9mIHRoZSBTb2Z0d2FyZS4KCiMgVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEICJBUyBJUyIsIFdJVEhPVVQgV0FSUkFOVFkgT0YgQU5ZIEtJTkQsCiMgRVhQUkVTUyBPUiBJTVBMSUVELCBJTkNMVURJTkcgQlVUIE5PVCBMSU1JVEVEIFRPIFRIRSBXQVJSQU5USUVTIE9GCiMgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQKIyBOT05JTkZSSU5HRU1FTlQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1JTIE9SIENPUFlSSUdIVCBIT0xERVJTIEJFCiMgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVIgTElBQklMSVRZLCBXSEVUSEVSIElOIEFOIEFDVElPTgojIE9GIENPTlRSQUNULCBUT1JUIE9SIE9USEVSV0lTRSwgQVJJU0lORyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTgojIFdJVEggVEhFIFNPRlRXQVJFIE9SIFRIRSBVU0UgT1IgT1RIRVIgREVBTElOR1MgSU4gVEhFIFNPRlRXQVJFLgoKIyBTb21lIG9mIHRoZSBncm9rcyB1c2VkIGhlcmUgYXJlIGZyb20gaHR0cHM6Ly9naXRodWIuY29tL3JnZXZhZXJ0L2dyb2stcGF0dGVybnMvYmxvYi9tYXN0ZXIvZ3Jvay5kL3Bvc3RmaXhfcGF0dGVybnMKb25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBpbiBbJ3Bvc3RmaXgvc210cGQnLCdwb3N0Zml4L3NtdHBzL3NtdHBkJywncG9zdGZpeC9zdWJtaXNzaW9uL3NtdHBkJywgJ3Bvc3RmaXgvc210cHMtaGFwcm94eS9zbXRwZCcsICdwb3N0Zml4L3N1Ym1pc3Npb24taGFwcm94eS9zbXRwZCddIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtbG9ncwpwYXR0ZXJuX3N5bnRheDoKICBQT1NURklYX0hPU1ROQU1FOiAnKCV7SE9TVE5BTUV9fHVua25vd24pJwogIFBPU1RGSVhfQ09NTUFORDogJyhBVVRIfFNUQVJUVExTfENPTk5FQ1R8RUhMT3xIRUxPfFJDUFQpJwogIFBPU1RGSVhfQUNUSU9OOiAnZGlzY2FyZHxkdW5ub3xmaWx0ZXJ8aG9sZHxpZ25vcmV8aW5mb3xwcmVwZW5kfHJlZGlyZWN0fHJlcGxhY2V8cmVqZWN0fHdhcm4nCiAgUkVMQVk6ICcoPzole0hPU1ROQU1FOnJlbW90ZV9ob3N0fSg/OlxbJXtJUDpyZW1vdGVfYWRkcn1cXSg/OjpbMC05XSsoLlswLTldKyk/KT8pPyknCmRlc2NyaXB0aW9uOiAiUGFyc2UgcG9zdGZpeCBsb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHBhdHRlcm46ICdsb3N0IGNvbm5lY3Rpb24gYWZ0ZXIgJXtEQVRBOnNtdHBfcmVzcG9uc2V9IGZyb20gJXtSRUxBWX0nCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZV9lbmgKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHBhdHRlcm46ICd3YXJuaW5nOiAle1BPU1RGSVhfSE9TVE5BTUU6cmVtb3RlX2hvc3R9XFsle0lQOnJlbW90ZV9hZGRyfVxdOiBTQVNMICgoP2kpTE9HSU58UExBSU58KD86Q1JBTXxESUdFU1QpLU1ENSkgYXV0aGVudGljYXRpb24gZmFpbGVkOiV7R1JFRURZREFUQTptZXNzYWdlX2ZhaWx1cmV9JwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGVfZW5oCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgLSBncm9rOgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBwYXR0ZXJuOiAnTk9RVUVVRTogJXtQT1NURklYX0FDVElPTjphY3Rpb259OiAle0RBVEE6Y29tbWFuZH0gZnJvbSAle1JFTEFZfTogJXtHUkVFRFlEQVRBOnJlYXNvbn0nCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBhY3Rpb24KICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmFjdGlvbiIgICAgICAgIApzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBwb3N0Zml4CiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAgIC0gbWV0YTogc291cmNlX2hvc3RuYW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9ob3N0IgogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogcG9zdGZpeAoK", "description": "Parse postfix logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/postscreen-logs": { "path": "parsers/s01-parse/crowdsecurity/postscreen-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "5ee035d47824573e19f9a1d378d8882cf3efa72f6443e2243f915d6b38b4b957", "deprecated": false }, "0.2": { "digest": "4a738f39e310daafeabf599f9bdbee013178aae5a1ca9da4f4985ae1626a0e21", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBpbiBbJ3Bvc3RmaXgvcG9zdHNjcmVlbicsICdoYXByb3h5L3Bvc3RzY3JlZW4nXSIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0c2NyZWVuLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVFNDUkVFTl9QUkVHUkVFVDogJ1BSRUdSRUVUJwogIFBPU1RTQ1JFRU5fUFJFR1JFRVRfVElNRV9BVFRFTVBUOiAnXGQrLlxkKycKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0c2NyZWVuIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJyV7UE9TVFNDUkVFTl9QUkVHUkVFVDpwcmVncmVldH0gJXtJTlQ6Y291bnR9IGFmdGVyICV7UE9TVFNDUkVFTl9QUkVHUkVFVF9USU1FX0FUVEVNUFQ6dGltZV9hdHRlbXB0fSBmcm9tIFxbJXtJUDpyZW1vdGVfYWRkcn1cXTole0lOVDpwb3J0fTogJXtHUkVFRFlEQVRBOm1lc3NhZ2VfYXR0ZW1wdH0nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RzY3JlZW4KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBwcmVncmVldAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5wcmVncmVldCIKCgo=", "description": "Parse postscreen logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/proftpd-logs": { "path": "parsers/s01-parse/crowdsecurity/proftpd-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "f00e26a5fd74f57bab31f930d23cca9c2ede7cc480cb34c7a6aef5a87baf0ca0", "deprecated": false }, "0.2": { "digest": "9921d4752e7337533472031d1495f9c4e4f870a558ea48f303e95e96a31f7f13", "deprecated": false } }, "long_description": "RlRQIChbUHJvRlRQRF0oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvUHJvRlRQRCkpIHdpbGwgbW9zdGx5IHBhcnNlIGF1dGhlbnRpY2F0aW9uIGZhaWwu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHByb2Z0cGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHByb2Z0cGQgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdwcm9mdHBkJyIKI3dlIHNob3VsZCB1c2UgdGhlIHNhbWUgcGF0dGVybiBmb3IgIm5vcm1hbCIgYW5kIHBsZXNrIGxvZ3MsIGJ1dCBkdWUgdG8gYW4gaXNzdWUgaW4gZ3Jva2t5IGhhbmRsaW5nICgpLCB3ZSBjYW5ub3QgOigKcGF0dGVybl9zeW50YXg6CiAgUFJPRlRQRF9BVVRIX0ZBSUw6ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJUE9SSE9TVDpob3N0bmFtZX0gcHJvZnRwZFxbJXtEQVRBfVxdICV7SVBPUkhPU1Q6aG9zdG5hbWV9IFwoJXtJUE9SSE9TVH1cWyV7SVA6c291cmNlX2lwfVxdXCk6IFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0gXChMb2dpbiBmYWlsZWRcKTogSW5jb3JyZWN0IHBhc3N3b3JkJwogIFBST0ZUUERfQkFEX1VTRVI6ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJUE9SSE9TVDpob3N0bmFtZX0gcHJvZnRwZFxbJXtEQVRBfVxdICV7SVBPUkhPU1Q6aG9zdG5hbWV9IFwoJXtJUE9SSE9TVH1cWyV7SVA6c291cmNlX2lwfVxdXCk6IFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX06IG5vIHN1Y2ggdXNlciBmb3VuZCBmcm9tICV7SVBPUkhPU1R9IFxbJXtJUE9SSE9TVH1cXSB0byAle0lQT1JIT1NUfTole0RBVEE6cG9ydH0nCiAgUFJPRlRQRF9BVVRIX0ZBSUxfUExFU0s6ICcle1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9ICV7SVBPUkhPU1Q6aG9zdG5hbWV9IHByb2Z0cGRcWyV7REFUQX1cXTogJXtJUE9SSE9TVDpob3N0bmFtZX0gXCgle0lQT1JIT1NUfVxbJXtJUDpzb3VyY2VfaXB9XF1cKSAtIFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0gXChMb2dpbiBmYWlsZWRcKTogSW5jb3JyZWN0IHBhc3N3b3JkJwogIFBST0ZUUERfQkFEX1VTRVJfUExFU0s6ICcle1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9ICV7SVBPUkhPU1Q6aG9zdG5hbWV9IHByb2Z0cGRcWyV7REFUQX1cXTogJXtJUE9SSE9TVDpob3N0bmFtZX0gXCgle0lQT1JIT1NUfVxbJXtJUDpzb3VyY2VfaXB9XF1cKSAtIFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX06IG5vIHN1Y2ggdXNlciBmb3VuZCBmcm9tICV7SVBPUkhPU1R9IFxbJXtJUE9SSE9TVH1cXSB0byAle0lQT1JIT1NUfTole0RBVEE6cG9ydH0nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7UFJPRlRQRF9BVVRIX0ZBSUx9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7UFJPRlRQRF9CQURfVVNFUn0iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtQUk9GVFBEX0FVVEhfRkFJTF9QTEVTS30iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtQUk9GVFBEX0JBRF9VU0VSX1BMRVNLfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcCA=", "description": "Parse proftpd logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/smb-logs": { "path": "parsers/s01-parse/crowdsecurity/smb-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "a68bdf79455bda0a84ffaa109752b682266ea0e050d04c260a965a0dbac0fb27", "deprecated": false }, "0.2": { "digest": "d2b661f9ef78d245d6fb08ad02689b244ffa2edf9d89c7f4b9bfddc9a04d0a7b", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NtYicKZGVzY3JpcHRpb246ICJQYXJzZSBTTUIgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgU01CX0JBRF9QQVNTV09SRDogIkF1dGg6JXtHUkVFRFlEQVRBfSB1c2VyIFxcWyV7REFUQTpzbWJfZG9tYWlufVxcXVxcXFxcXFsle0RBVEE6dXNlcn1cXF0le0dSRUVEWURBVEF9IHN0YXR1cyBcXFtOVF9TVEFUVVNfV1JPTkdfUEFTU1dPUkRcXF0le0dSRUVEWURBVEF9IHJlbW90ZSBob3N0IFxcW2lwdjQ6JXtJUDppcF9zb3VyY2V9Igpub2RlczoKIC0gZ3JvazoKICAgIG5hbWU6ICJTTUJfQVVUSF9GQUlMIgogICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBzbWJfYmFkX3VzZXIKIC0gZ3JvazoKICAgIG5hbWU6ICJTTUJfQkFEX1BBU1NXT1JEIgogICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBzbWJfYmFkX3Bhc3N3b3JkCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHNtYl9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5pcF9zb3VyY2UiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIg==", "description": "Parse SMB logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/sshd-logs": { "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml", "stage": "s01-parse", "version": "2.0", "versions": { "0.1": { "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93", "deprecated": false }, "0.2": { "digest": "6251a150d0d0dfe5b3942fd700c4e7b631393a2a4f1d949137ddba0b75d2dc6d", "deprecated": false }, "0.3": { "digest": "b57b59915825de330b1c0ecf19961fbc033f7784e4670a09f739d84839e2bc81", "deprecated": false }, "0.4": { "digest": "a8a89934a9524f43b9b51d1e62fd67af1834f9c7dfa1c36bc2bfdf9158d5966e", "deprecated": false }, "0.5": { "digest": "18525728a1985eeac9107bc0fc2583622bf597dd256230689f3e788e992e0410", "deprecated": false }, "0.6": { "digest": "5294aa1660260d1bd11520e80dc6f578208679e36456c10f143b3eb28d209fd4", "deprecated": false }, "0.7": { "digest": "ad96d89f89e69fe3b9a0c70b7d643d4965cb893f719722d09957c38e89c31a8d", "deprecated": false }, "0.8": { "digest": "de14c443378bf69c5c44533bb5d19f32c8b099c7365ac35c35f4c873c22103a3", "deprecated": false }, "0.9": { "digest": "b728744d1244fe26d5445ea1e0460014538ea1cba0c8bd6b6ebcaf46d3b9b765", "deprecated": false }, "1.0": { "digest": "5603517aa38c9a1deacc993e34ab4adc4047133e51a804ba7cfa782bd973e821", "deprecated": false }, "1.1": { "digest": "bbf71af714985e63a01fa70b0d9485e74dfedf77100750523fabce59e8b6b5eb", "deprecated": false }, "1.2": { "digest": "63cca80e6f4a02bde8ecb2877c3361c78410643dd66e1059e4ddf7f400fdf916", "deprecated": false }, "1.3": { "digest": "36fa6247f3739ed4127e4fdae8a60c314e892a5106cb1b37181ad4fc1e054751", "deprecated": false }, "1.4": { "digest": "2bed97f303d5df2bf1852864d5265281cd1d73db39a2679b9e94bb6e5542e348", "deprecated": false }, "1.5": { "digest": "dd39640ed9ac34409d45261d343c88adbd5a4ee3c8f81c1a7dac77a23539e41e", "deprecated": false }, "1.6": { "digest": "31dadf77665bee1d89ea9d407bd58ad6911753c8a642794277cffd6adf46bbf7", "deprecated": false }, "1.7": { "digest": "162dd1da5beb8e52d093dc6b3a417ac2c80004b5b4576bbed9b590896fca3f15", "deprecated": false }, "1.8": { "digest": "95d30ef78866c26d2c6235fcd302eb50a67a84fcea031742aed4a5afd4d2b942", "deprecated": false }, "1.9": { "digest": "251f05b5398ce5958e6686c392804112b90ffb2b9d5f717052639471983e20d3", "deprecated": false }, "2.0": { "digest": "85cc308adad1051bca9575f4adbda27a0f176bf3d3ffc8893e3657ad2a38bfd2", "deprecated": false } }, "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiBjbG9zZWQgYnkgKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKICAjZm9sbG93aW5nOiBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvMTIwMSAtIHNvbWUgc2Nhbm5lcnMgYmVoYXZlIGRpZmZlcmVudGx5IGFuZCB0cmlnZ2VyIHRoaXMgb25lCiAgU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVJfQUxUOiAnRGlzY29ubmVjdGVkIGZyb20gKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0RJU0NfUFJFQVVUSCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0JBRF9WRVJTSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfQkFOTkVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IGV4dHJhX2xvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9iYW5uZXIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1VTRVJfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOiAKICAgICAgbmFtZTogIlNTSERfQVVUSF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBzc2gKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfY2xpZW50X2lwIgo=", "description": "Parse openSSH logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/suricata-logs": { "path": "parsers/s01-parse/crowdsecurity/suricata-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "8d2c360a278360d24fd5882646c89cea866ba21db80f1b02732b53f57469ee73", "deprecated": false }, "0.2": { "digest": "6b768c66d6d2fb86d7707bac122e819300fbf8a635f466af8f9eda373741b38d", "deprecated": false }, "0.3": { "digest": "8ef8604a888c2242252759267ea353f3b0f00a5bf927ad0d740a177fd6e3b4ce", "deprecated": false }, "0.4": { "digest": "245dc731e0b563f998c2b5815a70330a3648158c0dfd8f2de26d945518cfee44", "deprecated": false }, "0.5": { "digest": "c52782b7b3b37eec48359f37420555be73334dc5fc535cbf55b96e8a7d175506", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgbG9ncyBwYXJzZXIKClRoaXMgcGFyc2VyIHN1cHBvcnRzIGJvdGggZm9ybWF0cyA6CiAtIHRoZSBKU09OIGBldmUuanNvbmAgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZXZlbG9nc2ApCiAtIHRoZSB0ZXh0IGBmYXN0LmxvZ2AgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZmFzdGxvZ3NgKQoKVGhlIHBhcnNlciBvbmx5IHBhcnNlcyBsb2dzIHRoYXQgYXJlIGBhbGVydHNgLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VyaWNhdGEtZmFzdGxvZ3MnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWZhc3Rsb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugc3VyaWNhdGEgZmFzdC5sb2ciCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX01BUktFUjogJ1xbXCpcKlxdJwogIFNVUklDQVRBX0RBVEU6ICcle0RBVEVfVVM6ZGF0ZX0tJXtUSU1FOnRpbWV9JwogIFNVUklDQVRBX1JVTEVfSUQ6ICdcWyV7TlVNQkVSOnN1cmljYXRhX3J1bGVfc2V2ZXJpdHl9OiV7TlVNQkVSOnJ1bGVfaWR9OiV7TlVNQkVSOnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9yZXZ9XF0nCmdyb2s6IAogIHBhdHRlcm46ICcle1NVUklDQVRBX0RBVEV9ICAle1NVUklDQVRBX01BUktFUn0gJXtTVVJJQ0FUQV9SVUxFX0lEfSAle0RBVEE6c3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlfSAle1NVUklDQVRBX01BUktFUn0gXFtDbGFzc2lmaWNhdGlvbjogJXtEQVRBOnN1cmljYXRhX2NsYXNzaWZpY2F0aW9ufVxdIFxbUHJpb3JpdHk6ICV7TlVNQkVSOnN1cmljYXRhX3ByaW9yaXR5fVxdIFx7JXtEQVRBOnByb3RvfVx9ICV7SVA6c291cmNlX2lwfTole05VTUJFUjpzb3VyY2VfcG9ydH0gXC0+ICV7SVA6ZGVzdF9pcH06JXtOVU1CRVI6ZGVzdF9wb3J0fScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHN1cmljYXRhCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHN1cmljYXRhX2FsZXJ0CiAgLSBtZXRhOiBzdWJfbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydF9mYXN0X2xvZwogICAgICAjd2UgYnVpbGQgYmFjayBSRkMzMzM5IGZvcm1hdAogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnN1cmljYXRhX3RpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlICsgJyAnICsgZXZ0LlBhcnNlZC50aW1lCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUKICAtIG1ldGE6IHN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9pZAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlX2lkCiAgLSBtZXRhOiBzdXJpY2F0YV9ydWxlX3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6IHwKICBldnQuUGFyc2VkLnByb2dyYW0gPT0gInN1cmljYXRhLWV2ZWxvZ3MiICYmIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50X3R5cGUiKSA9PSAiYWxlcnQiCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtZXZlbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHN1cmljYXRhIGV2ZS5qc29uIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX0VWRV9UUzogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7U1VSSUNBVEFfRVZFX1RTOnRpbWV9XCsle0lOVH0nCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInRpbWVzdGFtcCIpCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogc3VyaWNhdGEKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc3VyaWNhdGFfYWxlcnQKICAtIG1ldGE6IHN1Yl9sb2dfdHlwZQogICAgdmFsdWU6IHN1cmljYXRhX2FsZXJ0X2V2ZV9qc29uCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWUgKyAnWicKICAtIHRhcmdldDogZXZ0Lk1ldGEuc3VyaWNhdGFfZmxvd19pZAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZmxvd19pZCIpCiAgLSB0YXJnZXQ6IGV2dC5NZXRhLnNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAic3JjX2lwIikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5kZXN0X2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJkZXN0X2lwIikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5kZXN0X3BvcnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImRlc3RfcG9ydCIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQucHJvdG8KICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInByb3RvIikKICAtIHRhcmdldDogZXZ0Lk1ldGEuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX2lkCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhbGVydC5zaWduYXR1cmVfaWQiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9yZXYKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnJldiIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhbGVydC5zaWduYXR1cmUiKQogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9ydWxlX3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhbGVydC5zZXZlcml0eSIpCgoK", "description": "Parse suricata fast.log", "author": "crowdsecurity", "labels": null }, "crowdsecurity/synology-dsm-logs": { "path": "parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "d3ef07ad8fc314f8617c2e4dc852da0c887e6c9a9cd68dc8bafbd5e66673400b", "deprecated": false }, "0.2": { "digest": "8815fe3b21d0001fb2d42843e1d239e7cc6a763153162236c3c4155aef26a190", "deprecated": false } }, "long_description": "IyMgU3lub2xvZ3kgRFNNIHdlYiBhdXRoZW50aWNhdGlvbiBwYXJzZXIKCkEgcGFyc2VyIGZvciBTeW5vbG9neSBEU00gd2ViIGF1dGhlbnRpY2F0aW9uIChmYWlsZWQpIGxvZ3MuClRob3NlIGxvZ3MgYXJlIHVzdWFsbHkgcHJlc2VudCBpbiBgL3Zhci9sb2cvYXV0aC5sb2dgLgoK", "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3lub3NjZ2lfU1lOTy5BUEkuQXV0aF83X2xvZ2luJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9zeW5vbG9neS1kc20tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFN5bm9sb2d5IERTTSB3ZWIgYXV0aCBsb2dzIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKZm9ybWF0OiAyLjAKcGF0dGVybl9zeW50YXg6CiAgVElNRVNUQU1QOiAnJXtZRUFSfS0le01PTlRITlVNfS0le01PTlRIREFZfVQle0hPVVJ9OiV7TUlOVVRFfTole1NFQ09ORH0rJXtJU084NjAxX1RJTUVaT05FfScKIyBUaGUgSVAgZ3JvayBwYXR0ZXJuIHRoYXQgc2hpcHMgd2l0aCBjcm93ZHNlYyBpcyBidWdneSBhbmQgZG9lcyBub3QgY2FwdHVyZSB0aGUgbGFzdCBkaWdpdCBvZiBhbiBJUCBpZiBpdCBpcyB0aGUgbGFzdCB0aGluZyBpdCBtYXRjaGVzLCBhbmQgdGhlIGxhc3Qgb2N0ZXQgc3RhcnRzIHdpdGggYSAyCiMgaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMvaXNzdWVzLzkzOAogIElQdjRfV09SS0FST1VORDogJyg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pJwogIElQX1dPUktBUk9VTkQ6ICcoPzole0lQVjZ9fCV7SVB2NF9XT1JLQVJPVU5EfSknCiAgQVVUSF9MT0dfRkFJTDogJ3BhbV91bml4XCh3ZWJ1aTphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0wIGV1aWQ9MCB0dHk9IHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3JjX2lwfScKZ3JvazoKICBwYXR0ZXJuOiAiJXtBVVRIX0xPR19GQUlMfSIKICBhcHBseV9vbjogbWVzc2FnZQogIHN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBzeW5vbG9neS1kc21fZmFpbGVkX2F1dGgKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc3lub2xvZ3ktZHNtX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogc3lub2xvZ3ktZHNtCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNyY19pcCIK", "description": "Parse Synology DSM web auth logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/syslog-logs": { "path": "parsers/s00-raw/crowdsecurity/syslog-logs.yaml", "stage": "s00-raw", "version": "0.8", "versions": { "0.1": { "digest": "44e8cfbf528dcd70c6cc329df1b963f6861668796c706cc79050b0907a85540e", "deprecated": false }, "0.2": { "digest": "a80dffe6371664eea6ad42af1d386a9447e25a5917f1f489959fcb34ce37f363", "deprecated": false }, "0.3": { "digest": "3a284fc04e777a9e8d7606f2fcc09e092ec2ae45103d249d30ebb6eda8fea65a", "deprecated": false }, "0.4": { "digest": "74898d3d78b329435253d376376290d57422919618b411e7b1c3c249ac6efecd", "deprecated": false }, "0.5": { "digest": "08fa391d35558900669e1b0d0f6b8373d32053d8138355785b6b07e830675ff7", "deprecated": false }, "0.6": { "digest": "9f4da801bd0c193d4e24b56c465e081a7df8c17cd8b4340b1d4950c8220196f2", "deprecated": false }, "0.7": { "digest": "8d15b6ab76aea4f785a05f31ba84a92e96c1cd3a2644e7a63d98feebd16e1995", "deprecated": false }, "0.8": { "digest": "d637382a9f927a4d8101cfc8d42b39cd83d1327e074cc5c48c0a8827fedec6d5", "deprecated": false } }, "long_description": "IyBTeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgZ2VuZXJpYyBsaW51eCBzeXNsb2cgcGFyc2VyIHdpdGggdGltZS1zdXBwb3J0LgpBZGQgYGRhdGFzb3VyY2VfdHlwZWAgYW5kIGBkYXRhc291cmNlX3BhdGhgIHNvdXJjZSBhbmQgZGF0YXNvdXJjZSB0eXBlIGluIHRoZSBgTWV0YWDCoG9iamVjdC4K", "content": "I0lmIGl0J3Mgc3lzbG9nLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBwcm9nbmFtZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKcGF0dGVybl9zeW50YXg6CiAgUkFXX1NZU0xPR19QUkVGSVg6ICdePCV7TlVNQkVSOnN0dWZmMX0+JXtOVU1CRVI6c3R1ZmYyfSAle1NZU0xPR0JBU0UyfSAle0RBVEE6cHJvZ3JhbX0gJXtOVU1CRVI6cGlkfScKICBSQVdfU1lTTE9HX01FVEE6ICdcW21ldGEgc2VxdWVuY2VJZD0iJXtOT1REUVVPVEU6c2VxX2lkfSJcXScKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncwpub2RlczoKICAtIGdyb2s6CiAgICAgICN0aGlzIGlzIGEgbmFtZWQgcmVndWxhciBleHByZXNzaW9uLiBncm9rIHBhdHRlcm5zIGNhbiBiZSBrZXB0IGludG8gc2VwYXJhdGUgZmlsZXMgZm9yIHJlYWRhYmlsaXR5CiAgICAgIHBhdHRlcm46ICJeJXtTWVNMT0dMSU5FfSIgCiAgICAgICNUaGlzIGlzIHRoZSBmaWVsZCBvZiB0aGUgYEV2ZW50YCB0byB3aGljaCB0aGUgcmVnZXhwIHNob3VsZCBiZSBhcHBsaWVkCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwogIC0gZ3JvazoKICAgICAgI2Egc2Vjb25kIHBhdHRlcm4gZm9yIHVucGFyc2VkIHN5c2xvZyBsaW5lcywgYXMgc2F3IGluIG9wbnNlbnNlCiAgICAgIHBhdHRlcm46ICcle1JBV19TWVNMT0dfUFJFRklYfSAtICV7UkFXX1NZU0xPR19NRVRBfSAle0dSRUVEWURBVEE6bWVzc2FnZX0nCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwojaWYgdGhlIG5vZGUgd2FzIHN1Y2Nlc3NmdWxsLCBzdGF0aWNzIHdpbGwgYmUgYXBwbGllZC4Kc3RhdGljczoKICAtIG1ldGE6IG1hY2hpbmUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQubG9nc291cmNlCiAgLSBwYXJzZWQ6ICJsb2dzb3VyY2UiCiAgICB2YWx1ZTogInN5c2xvZyIKIyBzeXNsb2cgZGF0ZSBjYW4gYmUgaW4gdHdvIGRpZmZlcmVudCBmaWVsZHMgKG9uZSBvZiBodGUgYXNzaWdubWVudCB3aWxsIGZhaWwpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA4NjAxCiAgLSBtZXRhOiBkYXRhc291cmNlX3BhdGgKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlNyYwogIC0gbWV0YTogZGF0YXNvdXJjZV90eXBlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5Nb2R1bGUKLS0tCiNpZiBpdCdzIG5vdCBzeXNsb2csIHRoZSB0eXBlIGlzIHRoZSBwcm9nbmFtZQpmaWx0ZXI6ICJldnQuTGluZS5MYWJlbHMudHlwZSAhPSAnc3lzbG9nJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbm9uLXN5c2xvZwojZGVidWc6IHRydWUKc3RhdGljczoKICAtIHBhcnNlZDogbWVzc2FnZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuUmF3CiAgLSBwYXJzZWQ6IHByb2dyYW0KICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLkxhYmVscy50eXBlCiAgLSBtZXRhOiBkYXRhc291cmNlX3BhdGgKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlNyYwogIC0gbWV0YTogZGF0YXNvdXJjZV90eXBlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5Nb2R1bGUKCg==", "author": "crowdsecurity", "labels": null }, "crowdsecurity/sysmon-logs": { "path": "parsers/s01-parse/crowdsecurity/sysmon-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "6a349cea36ce2cb571d545767c4eab9279179ef7d26f01644e2b746ea68638f1", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIFtzeXNtb25dKGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3N5c2ludGVybmFscy9kb3dubG9hZHMvc3lzbW9uKSBldmVudHM=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnTWljcm9zb2Z0LVdpbmRvd3MtU3lzbW9uL09wZXJhdGlvbmFsJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNtb24KZGVzY3JpcHRpb246ICJQYXJzZSBzeXNtb24gZXZlbnRzIgpub2RlczoKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogRmlsZVZlcnNpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRmlsZVZlcnNpb24nXSIpCiAgICAgIC0gcGFyc2VkOiBEZXNjcmlwdGlvbgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXNjcmlwdGlvbiddIikKICAgICAgLSBwYXJzZWQ6IENvbXBhbnkKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ29tcGFueSddIikKICAgICAgLSBwYXJzZWQ6IE9yaWdpbmFsRmlsZU5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nT3JpZ2luYWxGaWxlTmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENvbW1hbmRMaW5lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbW1hbmRMaW5lJ10iKQogICAgICAtIHBhcnNlZDogQ3VycmVudERpcmVjdG9yeQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDdXJyZW50RGlyZWN0b3J5J10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogTG9nb25HdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0xvZ29uR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IExvZ29uSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nTG9nb25JZCddIikKICAgICAgLSBwYXJzZWQ6IFRlcm1pbmFsU2Vzc2lvbklkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Rlcm1pbmFsU2Vzc2lvbklkJ10iKQogICAgICAtIHBhcnNlZDogSW50ZWdyaXR5TGV2ZWwKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW50ZWdyaXR5TGV2ZWwnXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogUGFyZW50UHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50UHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQYXJlbnRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogUGFyZW50SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQYXJlbnRDb21tYW5kTGluZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQYXJlbnRDb21tYW5kTGluZSddIikKICAgICAgLSBwYXJzZWQ6IFBhcmVudFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50VXNlciddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUHJvY2Vzc0NyZWF0aW9uCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMicKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFRhcmdldEZpbGVuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1RhcmdldEZpbGVuYW1lJ10iKQogICAgICAtIHBhcnNlZDogQ3JlYXRpb25VdGNUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NyZWF0aW9uVXRjVGltZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IENyZWF0aW9uVGltZUNoYW5nZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICczJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1VzZXInXSIpCiAgICAgIC0gcGFyc2VkOiBQcm90b2NvbAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb3RvY29sJ10iKQogICAgICAtIHBhcnNlZDogSW5pdGlhdGVkCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW5pdGlhdGVkJ10iKQogICAgICAtIHBhcnNlZDogU291cmNlSXNJcHY2CiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlSXNJcHY2J10iKQogICAgICAtIHBhcnNlZDogU291cmNlSXAKICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VJcCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUhvc3RuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlSG9zdG5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBTb3VyY2VQb3J0CiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlUG9ydCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVBvcnROYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlUG9ydE5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBEZXN0aW5hdGlvbklzSXB2NgogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uSXNJcHY2J10iKQogICAgICAtIHBhcnNlZDogRGVzdGluYXRpb25JcAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uSXAnXSIpCiAgICAgIC0gcGFyc2VkOiBEZXN0aW5hdGlvbkhvc3RuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGVzdGluYXRpb25Ib3N0bmFtZSddIikKICAgICAgLSBwYXJzZWQ6IERlc3RpbmF0aW9uUG9ydAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uUG9ydCddIikKICAgICAgLSBwYXJzZWQ6IERlc3RpbmF0aW9uUG9ydE5hbWUKICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXN0aW5hdGlvblBvcnROYW1lJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBOZXR3b3JrQ29ubmVjdGlvbgogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzQnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogU3RhdGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU3RhdGUnXSIpCiAgICAgIC0gcGFyc2VkOiBWZXJzaW9uCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVmVyc2lvbiddIikKICAgICAgLSBwYXJzZWQ6IFNjaGVtYVZlcnNpb24KICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTY2hlbWFWZXJzaW9uJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBTeXNtb25TZXJ2aWNlU3RhdGVDaGFuZ2VkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUHJvY2Vzc1Rlcm1pbmF0ZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICc2JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEltYWdlTG9hZGVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlTG9hZGVkJ10iKQogICAgICAtIHBhcnNlZDogSGFzaGVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0hhc2hlcyddIikKICAgICAgLSBwYXJzZWQ6IFNpZ25lZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTaWduZWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTaWduYXR1cmUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU2lnbmF0dXJlJ10iKQogICAgICAtIHBhcnNlZDogU2lnbmF0dXJlU3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NpZ25hdHVyZVN0YXR1cyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogRHJpdmVyTG9hZGVkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNycKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlTG9hZGVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlTG9hZGVkJ10iKQogICAgICAtIHBhcnNlZDogSGFzaGVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0hhc2hlcyddIikKICAgICAgLSBwYXJzZWQ6IFNpZ25lZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTaWduZWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTaWduYXR1cmUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU2lnbmF0dXJlJ10iKQogICAgICAtIHBhcnNlZDogU2lnbmF0dXJlU3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NpZ25hdHVyZVN0YXR1cyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogSW1hZ2VMb2FkZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICc4JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZVByb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogU291cmNlUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZVByb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZUltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0UHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBOZXdUaHJlYWRJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdOZXdUaHJlYWRJZCddIikKICAgICAgLSBwYXJzZWQ6IFN0YXJ0QWRkcmVzcwogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTdGFydEFkZHJlc3MnXSIpCiAgICAgIC0gcGFyc2VkOiBTdGFydE1vZHVsZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTdGFydE1vZHVsZSddIikKICAgICAgLSBwYXJzZWQ6IFN0YXJ0RnVuY3Rpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU3RhcnRGdW5jdGlvbiddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogQ3JlYXRlUmVtb3RlVGhyZWFkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnOScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IERldmljZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXZpY2UnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFJhd0FjY2Vzc1JlYWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxMCcKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBTb3VyY2VQcm9jZXNzR1VJRAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VQcm9jZXNzR1VJRCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTb3VyY2VUaHJlYWRJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VUaHJlYWRJZCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZUltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0UHJvY2Vzc0dVSUQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0dVSUQnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBHcmFudGVkQWNjZXNzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0dyYW50ZWRBY2Nlc3MnXSIpCiAgICAgIC0gcGFyc2VkOiBDYWxsVHJhY2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ2FsbFRyYWNlJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBQcm9jZXNzQWNjZXNzCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTEnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRGaWxlbmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRGaWxlbmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IEZpbGVDcmVhdGUKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxMicKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBFdmVudFR5cGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRXZlbnRUeXBlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRPYmplY3QKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0T2JqZWN0J10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBSZWdpc3RyeUNyZWF0ZU9yRGVsCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTMnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogRXZlbnRUeXBlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0V2ZW50VHlwZSddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0T2JqZWN0CiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1RhcmdldE9iamVjdCddIikKICAgICAgLSBwYXJzZWQ6IERldGFpbHMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGV0YWlscyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUmVnaXN0cnlTZXRWYWx1ZQogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzE0JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEV2ZW50VHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudFR5cGUnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IFRhcmdldE9iamVjdAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRPYmplY3QnXSIpCiAgICAgIC0gcGFyc2VkOiBOZXdOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J05ld05hbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFJlZ2lzdHJ5UmVuYW1lCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTUnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRGaWxlbmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRGaWxlbmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IEZpbGVDcmVhdGVTdHJlYW1IYXNoCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTYnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogQ29uZmlndXJhdGlvbkZpbGVIYXNoCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbmZpZ3VyYXRpb25GaWxlSGFzaCddIikKICAgICAgLSBwYXJzZWQ6IENvbmZpZ3VyYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ29uZmlndXJhdGlvbiddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogU3lzbW9uQ29uZmlnQ2hhbmdlCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTcnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQaXBlTmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQaXBlTmFtZSddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUGlwZUNyZWF0ZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxOCcKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IFBpcGVOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1BpcGVOYW1lJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBQaXBlQ29ubmVjdGVkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTknCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogRXZlbnRUeXBlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0V2ZW50VHlwZSddIikKICAgICAgLSBwYXJzZWQ6IE9wZXJhdGlvbgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdPcGVyYXRpb24nXSIpCiAgICAgIC0gcGFyc2VkOiBVc2VyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1VzZXInXSIpCiAgICAgIC0gcGFyc2VkOiBFdmVudE5hbWVzcGFjZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudE5hbWVzcGFjZSddIikKICAgICAgLSBwYXJzZWQ6IE5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nTmFtZSddIikKICAgICAgLSBwYXJzZWQ6IFF1ZXJ5CiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5J10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBXbWlFdmVudEZpbHRlcgogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzIwJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEV2ZW50VHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudFR5cGUnXSIpCiAgICAgIC0gcGFyc2VkOiBPcGVyYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nT3BlcmF0aW9uJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogVHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUeXBlJ10iKQogICAgICAtIHBhcnNlZDogTmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdOYW1lJ10iKQogICAgICAtIHBhcnNlZDogRGVzdGluYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGVzdGluYXRpb24nXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFdtaUV2ZW50Q29uc3VtZXIKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcyMScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBFdmVudFR5cGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRXZlbnRUeXBlJ10iKQogICAgICAtIHBhcnNlZDogT3BlcmF0aW9uCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J09wZXJhdGlvbiddIikKICAgICAgLSBwYXJzZWQ6IFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVXNlciddIikKICAgICAgLSBwYXJzZWQ6IENvbnN1bWVyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbnN1bWVyJ10iKQogICAgICAtIHBhcnNlZDogRmlsdGVyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ZpbHRlciddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogV21pRXZlbnRDb25zdW1lclRvRmlsdGVyCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMjInCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogUXVlcnlOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5TmFtZSddIikKICAgICAgLSBwYXJzZWQ6IFF1ZXJ5U3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5U3RhdHVzJ10iKQogICAgICAtIHBhcnNlZDogUXVlcnlSZXN1bHRzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5UmVzdWx0cyddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBETlNFdmVudAogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzIzJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVXNlciddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0RmlsZW5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0RmlsZW5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogSXNFeGVjdXRhYmxlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0lzRXhlY3V0YWJsZSddIikKICAgICAgLSBwYXJzZWQ6IEFyY2hpdmVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0FyY2hpdmVkJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBGaWxlRGVsZXRlCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMjQnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBTZXNzaW9uCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Nlc3Npb24nXSIpCiAgICAgIC0gcGFyc2VkOiBDbGllbnRJbmZvCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NsaWVudEluZm8nXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogSXNFeGVjdXRhYmxlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0lzRXhlY3V0YWJsZSddIikKICAgICAgLSBwYXJzZWQ6IEFyY2hpdmVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0FyY2hpdmVkJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBDbGlwYm9hcmRDaGFuZ2UKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcyMjUnCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBTeXNtb25JbnRlcm5hbEVycm9yCgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHN5c21vbgogIC0gbWV0YTogUnVsZU5hbWUKICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdSdWxlTmFtZSddIik=", "description": "Parse sysmon events", "author": "crowdsecurity", "labels": null }, "crowdsecurity/tcpdump-logs": { "path": "parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "e51892c14d137cc4f12d2203c851a953e743f262561c48ff6108bd4222fff254", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHRjcGR1bXAgbG9ncy4KClRvIG1ha2UgdGhpcyBwYXJzZXIgcmVsZXZhbnQsIHlvdSBzaG91bGQgaGF2ZSBhZGQgdGNwZHVtcCBjb21tYW5kIHRoYXQgbG9nIHRjcCBzY2FuIDoKCkFuIGV4YW1wbGU6CmBgYGJhc2gKY2F0IDw8RU9GID4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS90Y3BkdW1wLnNlcnZpY2UKW1VuaXRdCkRlc2NyaXB0aW9uPVRDUERVTVAKCltTZXJ2aWNlXQpUeXBlPXNpbXBsZQpVc2VyPXJvb3QKRXhlY1N0YXJ0PS9iaW4vc2ggLWMgJ3RjcGR1bXAgLWwgLW4gLWkgZXRoMCAidGNwW3RjcGZsYWdzXSAmICh0Y3Atc3luKSAhPSAwIiA+PiAvdmFyL2xvZy90Y3BkdW1wLm91dCcKUmVzdGFydD1vbi1mYWlsdXJlCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApzeXN0ZW1jdGwgZW5hYmxlIHRjcGR1bXAuc2VydmljZQpzZXJ2aWNlIHRjcGR1bXAgc3RhcnQKYGBgCgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndGNwZHVtcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGNwZHVtcC1sb2dzCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIlBhcnNlIHRjcGR1bXAgcmF3IGxvZ3MiCmdyb2s6CiAgbmFtZTogIlRDUERVTVBfT1VUUFVUIgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdGNwX3N5bgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiBkZXN0X2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRlc3RfaXAiCiAgICAtIG1ldGE6IGRlc3RfcG9ydAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCiAgICAtIHBhcnNlZDogIm5ld19jb25uZWN0aW9uIgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50Y3BmbGFncyBjb250YWlucyAnUycgPyAndHJ1ZScgOiAnZmFsc2UnIg==", "description": "Parse tcpdump raw logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/thehive-logs": { "path": "parsers/s01-parse/crowdsecurity/thehive-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "777997fbca7b59c7cd67a890e298ff8cbc648013a8e9db484ec1754318b3e389", "deprecated": false } }, "long_description": "VGhlaGl2ZSBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4KClJlZmVyZW5jZToKaHR0cHM6Ly9kb2NzLnN0cmFuZ2ViZWUuY29tL3RoZWhpdmUvc2V0dXAv", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVGhlaGl2ZSBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3RoZWhpdmUnIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcW2luZm9cXSBvLnQucy5BY2Nlc3NMb2dGaWx0ZXIgXFsuKlxdICV7SVA6c291cmNlX2lwfSBQT1NUIC9hcGkvdjEvbG9naW4gdG9vayAle0lOVH1tcyBhbmQgcmV0dXJuZWQgNDAxICV7SU5UfSBieXRlcycKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogdGhlaGl2ZV9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICB2YWx1ZTogdG90bw==", "description": "Parse Thehive logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/traefik-logs": { "path": "parsers/s01-parse/crowdsecurity/traefik-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "3dcf2e166ad138a69d009bfd364e30dee50debc5ed882ed9d8bbf52f2509c600", "deprecated": false }, "0.2": { "digest": "a461c760c7a669f5c7aab35587c65f0b08b145002ff77f4907e0b94d997b32c8", "deprecated": false }, "0.3": { "digest": "e7691b4dddb010d87945c12753ce6e5c9da4d069694227000b0cc6cdf66f4810", "deprecated": false }, "0.4": { "digest": "36eed0ae5e3fdf0a59538f0af2262311cadc81d7d5c9fba9051cf69c41cd3533", "deprecated": false }, "0.5": { "digest": "5b2ad9def31d7314a701a8f3be0f7e80e15a036dc0d13ab2bd45cf04eb30a121", "deprecated": false } }, "long_description": "PiBDby1hdXRob3JlZCB3aXRoIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCgpUaGlzIHRyYWVmaWsgcGFyc2VyIHN1cHBvcnRzIGFjY2VzcyBsb2dzIGluIHRoZSBDb21tb24gTG9nIEZvcm1hdCAoW2RlZmluZWQgaGVyZSBmb3IgVHJhZWZpa10oaHR0cHM6Ly9kb2MudHJhZWZpay5pby90cmFlZmlrL29ic2VydmFiaWxpdHkvYWNjZXNzLWxvZ3MvI2Zvcm1hdCkpIGFuZCBKU09OIGZvcm1hdHMuCg==", "content": "IyBjby1hdXRob3JlZCB3aXRoIGdtZWxvZGllIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCm5hbWU6IGNyb3dkc2VjdXJpdHkvdHJhZWZpay1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVHJhZWZpayBhY2Nlc3MgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ3RyYWVmaWsnIgojZGVidWc6IHRydWUKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFRSQUVGSUtfUk9VVEVSOiAnKCV7VVNFUn1AJXtVUklIT1NUfXxcLSknCiAgVFJBRUZJS19TRVJWRVJfVVJMOiAnKCV7VVJJfXxcLSknCiAgTlVNQkVSX01JTlVTOiAnWzAtOS1dKycKICBOR0lOWEFDQ0VTUzI6ICcle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSAtICV7TkdVU0VSOnJlbW90ZV91c2VyfSBcWyV7SFRUUERBVEU6dGltZV9sb2NhbH1cXSAiJXtXT1JEOnZlcmJ9ICV7REFUQTpyZXF1ZXN0fSBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0iICV7TlVNQkVSX01JTlVTOnN0YXR1c30gJXtOVU1CRVJfTUlOVVM6Ym9keV9ieXRlc19zZW50fSAiJXtOT1REUVVPVEU6aHR0cF9yZWZlcmVyfSIgIiV7Tk9URFFVT1RFOmh0dHBfdXNlcl9hZ2VudH0iJwpub2RlczoKICAtIGdyb2s6ICMgQ0xGIHBhcnNlcgogICAgICBwYXR0ZXJuOiAnJXtOR0lOWEFDQ0VTUzJ9ICV7TlVNQkVSOm51bWJlcl9vZl9yZXF1ZXN0c19yZWNlaXZlZF9zaW5jZV90cmFlZmlrX3N0YXJ0ZWR9ICIle1RSQUVGSUtfUk9VVEVSOnRyYWVmaWtfcm91dGVyX25hbWV9IiAiJXtUUkFFRklLX1NFUlZFUl9VUkw6dHJhZWZpa19zZXJ2ZXJfdXJsfSIgJXtOVU1CRVI6cmVxdWVzdF9kdXJhdGlvbl9pbl9tc31tcycKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogIC0gZ3JvazoKICAgIG5vZGVzOgogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJDbGllbnRBZGRyIikKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6ZGVzdF9hZGRyfScKICAgICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIkNsaWVudEFkZHIiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtJUE9SSE9TVDpyZXF1ZXN0X2FkZHJ9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiUmVxdWVzdEFkZHIiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtVU0VSTkFNRTpzZXJ2aWNlX2FkZHJ9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiU2VydmljZUFkZHIiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtVU0VSTkFNRTpodHRwX3VzZXJfYWdlbnR9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicmVxdWVzdF9Vc2VyLUFnZW50IikKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJEb3duc3RyZWFtQ29udGVudFNpemUiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtOVU1CRVI6cmVxdWVzdF9kdXJhdGlvbl9pbl9tc30nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJEdXJhdGlvbiIpCiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1RSQUVGSUtfUk9VVEVSOnRyYWVmaWtfcm91dGVyX25hbWV9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiUm91dGVyTmFtZSIpCiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0dSRUVEWURBVEE6dGltZV9sb2NhbH0nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJ0aW1lIikKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7R1JFRURZREFUQTp2ZXJifScKICAgICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIlJlcXVlc3RNZXRob2QiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtHUkVFRFlEQVRBOnJlcXVlc3R9JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiUmVxdWVzdFBhdGgiKQogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259JwogICAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiUmVxdWVzdFByb3RvY29sIikKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7TlVNQkVSOnN0YXR1c30nCiAgICAgICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJEb3duc3RyZWFtU3RhdHVzIikKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX3VzZXIiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRpbWVfbG9jYWwiCiAgLSBtZXRhOiB0cmFlZmlrX3JvdXRlcl9uYW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50cmFlZmlrX3JvdXRlcl9uYW1lIgo=", "description": "Parse Traefik access logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/unifi-logs": { "path": "parsers/s00-raw/crowdsecurity/unifi-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "fd8bfd95085177fec395efdddf00161bcf490a2d156aabcea5fc1c2cae6f3f17", "deprecated": false } }, "long_description": "IyBVbmlmaSBzeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgcGFyc2VyIGZvciBzeXNsb2cgbG9ncyByZWNlaXZlZCBmcm9tIGFuIFVuaWZpIGRldmljZS4KClRob3NlIGxvZ3MgYXJlIHNsaWd0aGx5IG5vbi1jb25mb3JtYW50IHRvIHRoZSBzeXNsb2cgc3RhbmRhcmQsIGhlbmNlIHRoZSBuZWVkIGZvciBhIGN1c3RvbSBwYXJzZXIuCgojIyBFeGFtcGxlIGNvbmZpZ3VyYXRpb24KCkFzIGNyb3dkc2VjIGRvZXMgbm90IHJ1biBlYXNpbHkgZGlyZWN0bHkgb24gYW4gVURNLCB5b3UnbGwgbGlrZWx5IHdhbnQgdG8gc2V0dXAgc3lzbG9nIGV4cG9ydCBvbiB5b3VyIFVETSwgYW5kIHVzZSB0aGUgZm9sbG93aW5nIGFjcXVpc2l0aW9uIGNvbmZpZzoKCmBgYApzb3VyY2U6IHN5c2xvZwpsaXN0ZW5fYWRkcjogMC4wLjAuMApsaXN0ZW5fcG9ydDogNDI0MgpsYWJlbHM6CiB0eXBlOiB1bmlmaQpgYGA=", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLnR5cGUgPT0gJ3VuaWZpJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFNZU0xPR0JBU0VfVU5JRkk6ICcoPzole1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9fCV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wODYwMX0pICg/OiV7U1lTTE9HRkFDSUxJVFl9ICk/JXtEQVRBOmxvZ3NvdXJjZX0rKD86ICV7U1lTTE9HUFJPR306fCknCiAgU1lTTE9HTElORV9VTklGSTogJyV7U1lTTE9HQkFTRV9VTklGSX0gJXtHUkVFRFlEQVRBOm1lc3NhZ2V9JwpuYW1lOiBjcm93ZHNlY3VyaXR5L3VuaWZpLWxvZ3MKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiXiV7U1lTTE9HTElORV9VTklGSX0iCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwpzdGF0aWNzOgogIC0gbWV0YTogbWFjaGluZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5sb2dzb3VyY2UKICAtIHBhcnNlZDogImxvZ3NvdXJjZSIKICAgIHZhbHVlOiAic3lzbG9nIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wODYwMQogIC0gbWV0YTogZGF0YXNvdXJjZV9wYXRoCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5TcmMKICAtIG1ldGE6IGRhdGFzb3VyY2VfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTW9kdWxl", "author": "crowdsecurity", "labels": null }, "crowdsecurity/vsftpd-logs": { "path": "parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "39d986c6005d2b96b8941a71ee81c4af35bd22b1094685a8b7f7fbc00e1b4f7f", "deprecated": false }, "0.2": { "digest": "a06ecb5ef08f47fd4e0d70abfa1c78a8570488c8741d660614d97354c17cc4cc", "deprecated": false } }, "long_description": "RlRQIChbdnNmdHBkXShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9Wc2Z0cGQpKSBhdXRoZW50aWNhdGlvbiBmYWlsIHBhcnNlci4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHZzZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVlNGVFBEIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndnNmdHBkJyIKI2RlYnVnOiB0cnVlCnBhdHRlcm5fc3ludGF4OgogIEZUUF9BVVRIX0ZBSUw6ICcle0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRkFJTCBMT0dJTjogQ2xpZW50ICIoOjpmZmZmOik/JXtJUDpzb3VyY2VfaXB9IicKICBGVFBfREVOSUVEX1VTRVI6ICcle0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRlRQIHJlc3BvbnNlOiBDbGllbnQgIig6OmZmZmY6KT8le0lQOnNvdXJjZV9pcH0iLCAiNTMwIFBlcm1pc3Npb24gZGVuaWVkLiInCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7RlRQX0FVVEhfRkFJTH0iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtGVFBfREVOSUVEX1VTRVJ9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBwcm9ncmFtCiAgICAgIHZhbHVlOiB2c2Z0cGQKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse VSFTPD logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/whitelists": { "path": "parsers/s02-enrich/crowdsecurity/whitelists.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "f51f41270a7ff9900d9c815beccc3ded36a1c377a6e21dd19f9d8209623789b1", "deprecated": false }, "0.2": { "digest": "326da7ad71aee690bf71c5a392ac6dbd028f502e617a8b8ed7a5c5554ecaf72c", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHdoaXRlbGlzdCB0byBhdm9pZCBiYW5uaW5nIHlvdXJzZWxmLgoKIyMjIHdoaXRlbGlzdGVkIGlwczoKIC0gMTI3LjAuMC4xCiAtIDo6MQoKIyMjIHdoaXRlbGlzdGVkIHJhbmdlczoKIC0gMTkyLjE2OC4wLjAvMTYKIC0gMTAuMC4wLjAvOAogLSAxNzIuMTYuMC4wLzEyCg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS93aGl0ZWxpc3RzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIHByaXZhdGUgaXB2NCBhZGRyZXNzZXMiCndoaXRlbGlzdDoKICByZWFzb246ICJwcml2YXRlIGlwdjQvaXB2NiBpcC9yYW5nZXMiCiAgaXA6IAogICAgLSAiMTI3LjAuMC4xIgogICAgLSAiOjoxIgogIGNpZHI6CiAgICAtICIxOTIuMTY4LjAuMC8xNiIKICAgIC0gIjEwLjAuMC4wLzgiCiAgICAtICIxNzIuMTYuMC4wLzEyIgogICMgZXhwcmVzc2lvbjoKICAjICAgLSAiJ2Zvby5jb20nIGluIGV2dC5NZXRhLnNvdXJjZV9pcC5yZXZlcnNlIiAKCg==", "description": "Whitelist events from private ipv4 addresses", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-auth": { "path": "parsers/s01-parse/crowdsecurity/windows-auth.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "deprecated": false }, "0.2": { "digest": "c0e604a0512e61cdd102c9ebc9267c3e546712f05b75a912695808a45e08dc51", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHdpbmRvd3MgYXV0aCBldmVudHMgcmVhZCBmcm9tIHRoZSBldmVudHMgbG9nLgoKT25seSBhY2NlcHRzIGV2ZW50cyB3aXRoIGZyb20gdGhlIFNlY3VyaXR5IGNoYW5uZWwgd2l0aCBJRCA0NjI1Lg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLkNoYW5uZWwgPT0gJ1NlY3VyaXR5JyAmJiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzQ2MjUnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYXV0aApkZXNjcmlwdGlvbjogIlBhcnNlIHdpbmRvd3MgYXV0aGVudGljYXRpb24gZmFpbHVyZSBldmVudHMgKGlkIDQ2MjUpIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSXBBZGRyZXNzJ10iKQogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRVc2VyTmFtZSddIikKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHdpbmRvd3NfZmFpbGVkX2F1dGg=", "description": "Parse windows authentication failure events (id 4625)", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-firewall-logs": { "path": "parsers/s01-parse/crowdsecurity/windows-firewall-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "a093e7fccc9ca714c70284b7f2898a1e2c785b565fbdc63778960c07306ecf7f", "deprecated": false }, "0.2": { "digest": "44779151d40327fa5b2a882165dac19c71f47a75aa994dda0ff9190b7417ef5f", "deprecated": false } }, "long_description": "CkEgcGFyc2VyIGZvciB3aW5kb3dzIGZpcmV3YWxsIGxvZ3MuCgpUaGlzIG9ubHkgaGFuZGxlcyBsb2dzIHRoYXQgY29udGFpbnMgYm90aCBgRFJPUGAgYW5kIGBSRUNFSVZFYCB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMgZm9yIG91dGdvaW5nIHRyYWZmaWMgb3IgbG9nZ2luZyBmb3Igc3VjY2Vzc2Z1bCBjb25uZWN0aW9ucy4KCllvdSBuZWVkIHRvIGVuYWJsZSBsb2dnaW5nIGZvciBkcm9wcGVkIHBhY2tldHMgKG9mZiBieSBkZWZhdWx0KTogaHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi93aW5kb3dzLWZpcmV3YWxsL2NvbmZpZ3VyZS10aGUtd2luZG93cy1maXJld2FsbC1sb2cKCkZvcm1hdCBpczoKYGBgCiNGaWVsZHM6IGRhdGUgdGltZSBhY3Rpb24gcHJvdG9jb2wgc3JjLWlwIGRzdC1pcCBzcmMtcG9ydCBkc3QtcG9ydCBzaXplIHRjcGZsYWdzIHRjcHN5biB0Y3BhY2sgdGNwd2luIGljbXB0eXBlIGljbXBjb2RlIGluZm8gcGF0aCBwaWQKMjAyMi0wMS0zMSAxMjoyNDo1MSBEUk9QIFRDUCAxOTIuMTY4LjkuMTYzIDE5Mi4xNjguOS4yMTIgNjM2MTkgNDQ1IDY0IFMgMTAzMTM2NTg1NSAwIDY1NTM1IC0gLSAtIFJFQ0VJVkUgNApgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnd2luZG93cy1maXJld2FsbCcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnIERST1AgVENQICcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnIFJFQ0VJVkUgJyIKbmFtZTogY3Jvd2RzZWN1cml0eS93aW5kb3dzLWZpcmV3YWxsLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSB3aW5kb3dzIGZpcmV3YWxsIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAiJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRlfSBEUk9QIFRDUCAle0lQOnNyY19pcH0gJXtJUDpkc3RfaXB9ICV7SU5UOnNyY19wb3J0fSAle0lOVDpkc3RfcG9ydH0gJXtJTlQ6c2l6ZX0gJXtXT1JEOmZsYWdzfSAle0lOVDp0Y3BzeW59ICV7SU5UOnRjcGFja30gJXtJTlQ6d2luZG93fSAtIC0gLSBSRUNFSVZFKCAle0lOVDpwaWR9KT8iIAogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogaXB0YWJsZXNfZHJvcAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3JjX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQoK", "description": "Parse windows firewall drop logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-logs": { "path": "parsers/s00-raw/crowdsecurity/windows-logs.yaml", "stage": "s00-raw", "version": "0.4", "versions": { "0.1": { "digest": "f51a9f48a321f6935c44515ee8ec312d7771a6ced5bf63d9ab8dede2a3b77e9d", "deprecated": false }, "0.2": { "digest": "65d086df4579e371213259dffdf4ff22b27a107a4200327b0b86b5605fed4d43", "deprecated": false }, "0.3": { "digest": "686608f2d4fb9813b41bd8a1d8683a0a2ee69ff453b6dfd2905e27e1d38634d2", "deprecated": false }, "0.4": { "digest": "800aad4d3be5717d2c389a774462b54eb8ccd2f23755e328fb7d8865f426fa67", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTW9kdWxlID09ICd3aW5ldmVudGxvZyciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtZXZlbnRsb2cKc3RhdGljczoKICAtIG1ldGE6IGRhdGFzb3VyY2VfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuU3JjCiAgLSBtZXRhOiBkYXRhc291cmNlX3R5cGUKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLk1vZHVsZQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgI1dlIG5lZWQgWE1MR2V0QXR0cmlidXRlVmFsdWUgYmVjYXVzZSBldHJlZSBkb2VzIG5vdCBzdXBwb3J0IGdldHRpbmcgYW4gYXR0cmlidXRlIHZhbHVlIChvciBhdCBsZWFzdCwgaSBkaWRuJ3QgbWFuYWdlIHRvIG1ha2UgdGhlIGNvcnJlY3QgcXVlcnkpCiAgICBleHByZXNzaW9uOiBYTUxHZXRBdHRyaWJ1dGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvU3lzdGVtWzFdL1RpbWVDcmVhdGVkIiwgIlN5c3RlbVRpbWUiKQogIC0gcGFyc2VkOiBDaGFubmVsCiAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9DaGFubmVsIikKICAtIHBhcnNlZDogRXZlbnRJRAogICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9TeXN0ZW1bMV0vRXZlbnRJRCIpCiAgLSBwYXJzZWQ6IFNvdXJjZQogICAgZXhwcmVzc2lvbjogWE1MR2V0QXR0cmlidXRlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9Qcm92aWRlciIsICJOYW1lIikKICAtIHBhcnNlZDogQ29tcHV0ZXIKICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvU3lzdGVtWzFdL0NvbXB1dGVyIikKICAtIHBhcnNlZDogVXNlclNJRAogICAgZXhwcmVzc2lvbjogWE1MR2V0QXR0cmlidXRlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9TZWN1cml0eSIsICJVc2VySUQiKQogIC0gcGFyc2VkOiBwcm9ncmFtCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5MYWJlbHMudHlwZQotLS0KZmlsdGVyOiAiZXZ0LkxpbmUuTW9kdWxlICE9ICd3aW5ldmVudGxvZyciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3Mtbm9uLWV2ZW50bG9nCnN0YXRpY3M6CiAgLSBwYXJzZWQ6IG1lc3NhZ2UKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlJhdwogIC0gcGFyc2VkOiBwcm9ncmFtCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5MYWJlbHMudHlwZQogIC0gbWV0YTogZGF0YXNvdXJjZV9wYXRoCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5TcmMKICAtIG1ldGE6IGRhdGFzb3VyY2VfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTW9kdWxlCgo=", "author": "crowdsecurity", "labels": null }, "firewallservices/lemonldap-ng": { "path": "parsers/s01-parse/firewallservices/lemonldap-ng.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "c83b26a572bdb7ea16dcc004729dff7977aa5293466fba834bb7e2d740526ec1", "deprecated": false } }, "long_description": "UGFyc2VzIExlbW9ubGRhcDo6TkcgbG9ncyBhbmQgZGV0ZWN0cyBmYWlsZWQgYXV0aGVudGljYXRpb24uIE9ubHkgd29ya2luZyBpZiB1c2luZyBhbiBMREFQIG9yIEFEIGF1dGhlbnRpY2F0aW9uIGJhY2tlbmQgZm9yIG5vdy4K", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIGluIFsnTExORycsJ2xlbW9ubGRhcC1uZyddIgpuYW1lOiBmaXJld2FsbC1zZXJ2aWNlcy9sZW1vbmxkYXAtbmctbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIExlbW9ubGRhcDo6TkcgbG9ncyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46IChcW3dhcm5cXXxMZW1vbmxkYXA6Ok5HIDopICV7VVNFUk5BTUU6dXNlcn0gd2FzIG5vdCBmb3VuZCBpbiBMREFQIGRpcmVjdG9yeSBcKCV7SVA6c3JjX2lwfVwpCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAoXFt3YXJuXF18TGVtb25sZGFwOjpORyA6KSBCYWQgcGFzc3dvcmQgZm9yICV7VVNFUk5BTUU6dXNlcn0gXCgle0lQOnNyY19pcH1cKQogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGxsbmcKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGxsbmdfYXV0aF9mYWlsCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNyY19pcCIK", "description": "Parse Lemonldap::NG logs", "author": "firewallservices", "labels": null }, "firewallservices/pf-logs": { "path": "parsers/s01-parse/firewallservices/pf-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "2c0bd0180b9e018fea93d65782840ddd6927c1992072734b68cd03b9877d6529", "deprecated": false }, "0.2": { "digest": "51ce3d1dcda6976e95bffc259e7476b2d1e0dfeb3898c4575739622102780279", "deprecated": false } }, "long_description": "VGhpcyB3aWxsIHBhcnNlIHlvdXIgcGFja2V0IGZpbHRlciBsb2dzLiBUZXN0ZWQgd2l0aCBQZlNlbnNlLCBzZW5kaW5nIGl0cyBsb2cgdG8gYSByZW1vdGUgc3lzbG9nIHNlcnZlciwgd2hlcmUgY3Jvd2RzZWMgY2FuIHBhcnNlIHRoZW0uCg==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdmaWx0ZXJsb2cnIG9yIGV2dC5QYXJzZWQubWVzc2FnZSBtYXRjaGVzICdeZmlsdGVybG9nOiciCm5hbWU6IGZpcmV3YWxsc2VydmljZXMvcGYtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHBhY2tldCBmaWx0ZXIgbG9ncyIKZm9ybWF0OiAyLjAKcGF0dGVybl9zeW50YXg6CiAgUEZfVURQX0RBVEE6ICcle0lOVDpzcmNfcG9ydH0sJXtJTlQ6ZHN0X3BvcnR9LCV7SU5UOmRhdGFfbGVuZ3RofScKICBQRl9UQ1BfREFUQTogJyV7UEZfVURQX0RBVEF9LCV7V09SRDp0Y3BfZmxhZ3N9LCV7SU5UOnNlcXVlbmNlX251bWJlcn0sJXtJTlQ6YWNrX251bWJlcn0sJXtJTlQ6dGNwX3dpbmRvd30sJXtEQVRBOnVyZ19kYXRhfSwle0RBVEE6dGNwX29wdGlvbnN9JwogIFBGX1BST1RPQ09MX0RBVEE6ICcoJXtQRl9UQ1BfREFUQX18JXtQRl9VRFBfREFUQX0pJwogIFBGX0lQX0RBVEE6ICcle0lOVDpsZW5ndGh9LCV7SVA6c3JjX2lwfSwle0lQOmRzdF9pcH0sJwogIFBGX0lQdjRfREFUQTogJyV7QkFTRTE2TlVNOmlwNF90b3N9LCwle0lOVDppcDRfdHRsfSwle0lOVDppcDRfaWR9LCV7SU5UOmlwNF9vZmZzZXR9LCV7V09SRDppcDRfZmxhZ3N9LCV7SU5UOmlwNF9wcm90b19pZH0sJXtXT1JEOmlwNF9wcm90b30sJwogIFBGX0lQdjZfREFUQTogJyV7QkFTRTE2TlVNOmlwNl9jbGFzc30sJXtEQVRBOmlwNl9mbG93X2xhYmVsfSwle0lOVDppcDZfaG9wX2xpbWl0fSwle1dPUkQ6aXA2X3Byb3RvfSwle0lOVDppcDZfcHJvdG9faWR9LCcKICBQRl9JUF9TUEVDSUZJQ19EQVRBOiAnKCV7UEZfSVB2NF9EQVRBfXwle1BGX0lQdjZfREFUQX0pJwogIFBGX0xPR19EQVRBOiAnJXtJTlQ6cnVsZX0sKCV7SU5UOnN1Yl9ydWxlfSk/LCwle0lOVDp0cmFja2VyfSwle0RBVEE6aWZhY2V9LCV7V09SRDpyZWFzb259LCV7V09SRDphY3Rpb259LCV7V09SRDpkaXJlY3Rpb259LCV7SU5UOmlwX3Zlcn0sJwogIFBGX0ZJTFRFUkxPRzogJyV7UEZfTE9HX0RBVEF9JXtQRl9JUF9TUEVDSUZJQ19EQVRBfSV7UEZfSVBfREFUQX0le1BGX1BST1RPQ09MX0RBVEF9Jwpncm9rOgogIHBhdHRlcm46ICIle1BGX0ZJTFRFUkxPR30iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogcGYKLS0tCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwZicgYW5kIGV2dC5QYXJzZWQuYWN0aW9uID09ICdibG9jayciCm5hbWU6IGZpcmV3YWxsc2VydmljZXMvcGYtbG9ncy1kcm9wCmRlc2NyaXB0aW9uOiAiSWRlbnRpZnkgZHJvcHBlZCBwYWNrZXRzIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiB0Y3AKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogcGZfZHJvcAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCg==", "description": "Parse packet filter logs", "author": "firewallservices", "labels": null }, "firewallservices/zimbra-logs": { "path": "parsers/s01-parse/firewallservices/zimbra-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "f01fc443e18d03cc336c4a8a6cbf7afc47e0faba7b07129f58f802415fc8a394", "deprecated": false } }, "long_description": "WmltYnJhIGZhaWxlZCBhdXRoZW50aWNhdGlvbiBwYXJzZXIuIFRvIHVzZSBpdCwgeW91IHNob3VsZCBhZGQgYW4gYWNxdWlzaXRpb24gbGlrZQpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAgLSAvb3B0L3ppbWJyYS9sb2cvbWFpbGJveC5sb2cKbGFiZWxzOgogIHR5cGU6IHppbWJyYQpgYGAKTm90ZSB0aGF0IGlmIHlvdSBydW4gWmltYnJhIG9uIHNldmVyYWwgc2VydmVycyA6Ci0gQWNxdWlzaXRpb24gc2hvdWxkIGJlIGRvbmUgb24gdGhlIG1haWxib3ggc2VydmVycwotIFlvdSBzaG91bGQgc2V0IHppbWJyYU1haWxUcnVzdGVkSVAgdG8gdGhlIGxpc3Qgb2YgSVAgb2YgeW91ciBaaW1icmEgcHJveHkgdG8gZW5zdXJlIHRoZSBvcmlnaW5hbCBjbGllbnQgSVAgd2lsbCBhcHBlYXIgaW4gdGhlIGxvZ3MuIEZvciBleGFtcGxlOgpgYGBiYXNoCnptcHJvdiBtY2YgK3ppbWJyYU1haWxUcnVzdGVkSVAgMTAuMzAuMS4xMwpgYGAK", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ3ppbWJyYSciCm9uc3VjY2VzczogbmV4dF9zdGFnZQojZGVidWc6IHRydWUKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy96aW1icmEtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHppbWJyYSBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lX2xvY2FsfTpbMC05XSssLiole1dPUkQ6cHJvdG99Oi8vJXtIT1NUTkFNRTpzZXJ2ZXJ9OiV7SU5UOnBvcnR9L3NlcnZpY2UvYWRtaW4vc29hcC8oQXV0aFJlcXVlc3QpP1xdIFxbLipvaXA9JXtJUDpzcmNfaXB9LipcXSBTb2FwRW5naW5lIC0gaGFuZGxlciBleGNlcHRpb246IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCBmb3IgXFsle05HVVNFUjp1c2VyfVxdJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZV9sb2NhbH06WzAtOV0rLC4qJXtXT1JEOnByb3RvfTovLyV7SE9TVE5BTUU6c2VydmVyfTole0lOVDpwb3J0fS9zZXJ2aWNlL2FkbWluL3NvYXAvKEF1dGhSZXF1ZXN0KT9cXSBcWy4qbmFtZT0le05HVVNFUjp1c2VyfS4qb2lwPSV7SVA6c3JjX2lwfS4qXF0gU29hcEVuZ2luZSAtIGhhbmRsZXIgZXhjZXB0aW9uJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZV9sb2NhbH06WzAtOV0rLC4qXFsuKm9pcD0le0lQOnNyY19pcH0uKlxdIGltYXAgLSBhdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIFxbJXtOR1VTRVI6dXNlcn1cXScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiB6aW1icmEKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogemltYnJhX2F1dGhfZmFpbAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIgo=", "description": "Parse zimbra authentication failures", "author": "firewallservices", "labels": null }, "fulljackz/proxmox-logs": { "path": "parsers/s01-parse/fulljackz/proxmox-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "889e85448093d9acb0a65e625eeb3e889e2bc2d7a43c3877a7f047d63f7fab28", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgoKQSBzaW1wbGUgcGFyc2VyIGZvciBQcm94bW94IFZFIFdlYiBpbnRlcmZhY2UuClByb3htb3ggVkUgaXMgbGlzdGVuaW5nIG9uIHBvcnQgODAwNi90Y3AgYW5kIHdyaXRlIHNzaCBmYWlscyBpbnRvIHN5c2xvZyAKCiMgTG9ncwoKICAtIEVycm9yCgpgYGAKSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQpKYW4gIDQgMTc6MzQ6MjIgaHlwZXJ2aXNvciBwdmVkYWVtb25bMzQ4Mzc0NF06IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IHJob3N0PTo6ZmZmZjoxNzIuMjEuMTAuMiB1c2VyPXJvb3RAcGFtIG1zZz1BdXRoZW50aWNhdGlvbiBmYWlsdXJlCmBgYAoKPiBJbiB0aGUgZmlyc3Qgc3RyaW5nLCB0aGUgdXNlciBkb2VzIG5vdCBleGlzdC4KPiBJbiB0aGUgc2Vjb25kIHVzZXIgZXhpc3RzIGJ1dCBhdXRoIGZhaWwuCgogIC0gU3VjY2VzcwoKYGBgCkphbiAgNCAxNzozNDoyNyBoeXBlcnZpc29yIHB2ZWRhZW1vblsyODkxODI1XTogPHJvb3RAcGFtPiBzdWNjZXNzZnVsIGF1dGggZm9yIHVzZXIgJ3Jvb3RAcGFtJwpgYGAKCiMgVG8gYmUgZG9uZQoKICAtID8KCiMgRXhwbGFpbiBvdXRwdXQKCiAgLSBQcm94bW94LWxvZ3MgcGFyc2VyIGlzIHVzZWQgb25seSBmb3IgYXV0aGVudGljYXRpb24gZmFpbHVyZXMuCgpgYGAKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjAxIGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA3IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM0ODM3NDRdOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj1yb290QHBhbSBtc2c9QXV0aGVudGljYXRpb24gZmFpbHVyZQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzI4OTE4MjVdOiA8cm9vdEBwYW0+IHN1Y2Nlc3NmdWwgYXV0aCBmb3IgdXNlciAncm9vdEBwYW0nCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5S0IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKCeKUlC0tLS0tLS0tIHBhcnNlciBmYWlsdXJlIPCflLQKCmxpbmU6IEphbiAgNCAxNzozNDowOCBoeXBlcnZpc29yIHB2ZWRhZW1vblszNjYzMzM5XTogYXV0aGVudGljYXRpb24gZmFpbHVyZTsgcmhvc3Q9OjpmZmZmOjE3Mi4yMS4xMC4yIHVzZXI9dG9vckBwYW0gbXNnPW5vIHN1Y2ggdXNlciAoJ3Rvb3JAcGFtJykKCeKUnCBzMDAtcmF3Cgl8CeKUlCDwn5+iIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MgKGZpcnN0X3BhcnNlcikKCeKUnCBzMDEtcGFyc2UKCXwJ4pSUIPCfn6IgZnVsbGphY2t6L3Byb3htb3gtbG9ncyAoKzgpCgnilJwtLS0tLS0tLSBwYXJzZXIgc3VjY2VzcyDwn5+iCgnilJwgU2NlbmFyaW9zCgkJ4pSUIPCfn6IgZnVsbGphY2t6L3Byb3htb3gtYmYKCmxpbmU6IEphbiAgNCAxNzozNDoxMSBoeXBlcnZpc29yIHB2ZWRhZW1vblsyODkxODI1XTogPHJvb3RAcGFtPiBzdWNjZXNzZnVsIGF1dGggZm9yIHVzZXIgJ3Jvb3RAcGFtJwoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+UtCBmdWxsamFja3ovcHJveG1veC1sb2dzCgnilJQtLS0tLS0tLSBwYXJzZXIgZmFpbHVyZSDwn5S0CgpsaW5lOiBKYW4gIDQgMTc6MzQ6MTIgaHlwZXJ2aXNvciBwdmVkYWVtb25bMzQ4Mzc0NF06IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IHJob3N0PTo6ZmZmZjoxNzIuMjEuMTAuMiB1c2VyPXJvb3RAcGFtIG1zZz1BdXRoZW50aWNhdGlvbiBmYWlsdXJlCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5+iIGZ1bGxqYWNrei9wcm94bW94LWxvZ3MgKCs4KQoJ4pScLS0tLS0tLS0gcGFyc2VyIHN1Y2Nlc3Mg8J+fogoJ4pScIFNjZW5hcmlvcwoJCeKUlCDwn5+iIGZ1bGxqYWNrei9wcm94bW94LWJmCgpsaW5lOiBKYW4gIDQgMTc6MzQ6MTMgaHlwZXJ2aXNvciBwdmVkYWVtb25bMjg5MTgyNV06IDxyb290QHBhbT4gc3VjY2Vzc2Z1bCBhdXRoIGZvciB1c2VyICdyb290QHBhbScKCeKUnCBzMDAtcmF3Cgl8CeKUlCDwn5+iIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MgKGZpcnN0X3BhcnNlcikKCeKUnCBzMDEtcGFyc2UKCXwJ4pSUIPCflLQgZnVsbGphY2t6L3Byb3htb3gtbG9ncwoJ4pSULS0tLS0tLS0gcGFyc2VyIGZhaWx1cmUg8J+UtAoKbGluZTogSmFuICA0IDE3OjM0OjAyIGh5cGVydmlzb3IgcHZlZGFlbW9uWzM0ODM3NDRdOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj1yb290QHBhbSBtc2c9QXV0aGVudGljYXRpb24gZmFpbHVyZQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjAzIGh5cGVydmlzb3IgcHZlZGFlbW9uWzI4OTE4MjVdOiA8cm9vdEBwYW0+IHN1Y2Nlc3NmdWwgYXV0aCBmb3IgdXNlciAncm9vdEBwYW0nCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5S0IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKCeKUlC0tLS0tLS0tIHBhcnNlciBmYWlsdXJlIPCflLQKYGBgIAo=", "content": "I2RlYnVnOiB0cnVlCm5hbWU6IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwcm94bW94IGxvZ3MgZm9yIGJydXRlZm9yY2UgYXR0ZW1wdHMiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncHZlZGFlbW9uJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFBWRV9BVVRIX0ZBSUw6ICdhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD0le0lQOmNsaWVudF9pcH0gdXNlcj0le1VTRVJOQU1FOnNvdXJjZV91c2VyfUAle1dPUkQ6cmVhbG19IG1zZz1BdXRoZW50aWNhdGlvbiBmYWlsdXJlJwogIFBWRV9OT1NVX1VTRVI6ICdhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD0le0lQOmNsaWVudF9pcH0gdXNlcj0le1VTRVJOQU1FOnNvdXJjZV91c2VyfUAle1dPUkQ6cmVhbG19IG1zZz1ubyBzdWNoIHVzZXInCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIlBWRV9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB2ZV9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlBWRV9OT1NVX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB2ZV9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV91c2VyIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBwdmVkYWVtb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNsaWVudF9pcCIK", "description": "Parse proxmox logs for bruteforce attempts", "author": "fulljackz", "labels": null }, "fulljackz/pureftpd-logs": { "path": "parsers/s01-parse/fulljackz/pureftpd-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "db21a9c06ffb7dbcdd420b62b51e5c13333dcc48556faae3fb49c65058b16737", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgoKQSBzaW1wbGUgcGFyc2VyIGZvciBQdXJlZnRwZC4KCiMgTG9ncwoKICAtIEVycm9yCgpgYGAKSmFuICA3IDE0OjE5OjM1IGZ0cGNkciBwdXJlLWZ0cGQ6ICg/QDE3Mi4yMS4xMC4yKSBbV0FSTklOR10gQXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyIFtyb290XQpKYW4gIDcgMTQ6MTk6MzYgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtXQVJOSU5HXSBBdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgW3Jvb3RdCmBgYAoKICAtIFN1Y2Nlc3MKCmBgYApKYW4gIDcgMTQ6MjA6MDYgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtJTkZPXSB1c2VyQHRlc3QuY29tIGlzIG5vdyBsb2dnZWQgaW4KYGBgCgojIFRvIGJlIGRvbmUKCiAgLSA/CgojIEV4cGxhaW4gb3V0cHV0CgogIC0gUHVyZWZ0cGQtbG9ncyBwYXJzZXIgaXMgdXNlZCBvbmx5IGZvciBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcy4KCmBgYApsaW5lOiBKYW4gIDcgMTQ6MjA6MDEgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtXQVJOSU5HXSBBdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgW3Jvb3RdCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5+iIGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzICgrNikKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHVyZWZ0cGQtYmYKCmxpbmU6IEphbiAgNyAxNDoyMDowNiBmdHBjZHIgcHVyZS1mdHBkOiAoP0AxNzIuMjEuMTAuMikgW0lORk9dIHVzZXJAdGVzdC5jb20gaXMgbm93IGxvZ2dlZCBpbgoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+UtCBmdWxsamFja3ovcHVyZWZ0cGQtbG9ncwoJ4pSULS0tLS0tLS0gcGFyc2VyIGZhaWx1cmUg8J+UtAoKbGluZTogSmFuICA3IDE0OjE5OjMxIGZ0cGNkciBwdXJlLWZ0cGQ6ICg/QDE3Mi4yMS4xMC4yKSBbV0FSTklOR10gQXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyIFtyb290XQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHVyZWZ0cGQtbG9ncyAoKzYpCgnilJwtLS0tLS0tLSBwYXJzZXIgc3VjY2VzcyDwn5+iCgnilJwgU2NlbmFyaW9zCgkJ4pSUIPCfn6IgZnVsbGphY2t6L3B1cmVmdHBkLWJmCmBgYCAK", "content": "I2RlYnVnOiB0cnVlCm5hbWU6IGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgcHVyZWZ0cGQgbG9ncyBmb3IgYnJ1dGVmb3JjZSBhdHRlbXB0cyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdwdXJlLWZ0cGQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKcGF0dGVybl9zeW50YXg6CiAgUEZUUERfQVVUSF9GQUlMOiAnXCg/QCV7SVA6Y2xpZW50X2lwfVwpIFxbV0FSTklOR1xdIEF1dGhlbnRpY2F0aW9uIGZhaWxlZCBmb3IgdXNlciBcWyV7V09SRDp1c2VyfVxdJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJQRlRQRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHBmdHBkX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciIKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogcHVyZWZ0cGQKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNsaWVudF9pcCIK", "description": "Parse pureftpd logs for bruteforce attempts", "author": "fulljackz", "labels": null }, "hitech95/nginx-mail-logs": { "path": "parsers/s01-parse/hitech95/nginx-mail-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "52e65aa1d01faed9b6c45508c1c13a75b0c7228ac734490baa43ae2d0976f392", "deprecated": false } }, "long_description": "IyMgTmdpbnggRW1haWwgUHJveHkgcGFyc2VyCkEgZ2VuZXJpYyBwYXJzZXIgZm9yIGBuZ3hfbWFpbF9jb3JlYCBtb2R1bGU6CiAtIERldGVjdCBuZXcgc2Vzc2lvbgogLSBEZXRlY3QgYXV0aCBmYWlsdXJlcyB3aGVuIHVzaW5nIGBuZ3hfbWFpbF9hdXRoX2h0dHBfbW9kdWxlYAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbmdpbngvKi5sb2cKbGFiZWxzOgogIHR5cGU6IG5naW54CmBgYA==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGhpdGVjaDk1L25naW54LW1haWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE5naW54IE1haWwgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7TkdJTlhFUlJUSU1FOnRpbWV9IFxbJXtMT0dMRVZFTDpsb2dsZXZlbH1cXSAle05PTk5FR0lOVDpwaWR9IyV7Tk9OTkVHSU5UOnRpZH06IChcKiV7Tk9OTkVHSU5UOmNpZH0gKT9jbGllbnQgJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn06JXtQT1NJTlQ6cmVtb3RlX3BvcnR9IGNvbm5lY3RlZCB0byAle0lQT1JIT1NUOmRlc3RfaXB9OiV7UE9TSU5UOmRlc3RfcG9ydH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6ICJtYWlsX25ld19zZXNzaW9uIgogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtOR0lOWEVSUlRJTUU6dGltZX0gXFsle0xPR0xFVkVMOmxvZ2xldmVsfVxdICV7Tk9OTkVHSU5UOnBpZH0jJXtOT05ORUdJTlQ6dGlkfTogKFwqJXtOT05ORUdJTlQ6Y2lkfSApPyV7R1JFRURZREFUQTptZXNzYWdlfSwgY2xpZW50OiAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSwgc2VydmVyOiAle0lQT1JIT1NUOmRlc3RfaXB9OiV7UE9TSU5UOmRlc3RfcG9ydH0oLCBsb2dpbjogIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSIpPygsIHVwc3RyZWFtOiAle0lQT1JIT1NUOnByb3h5X2lwfTole1BPU0lOVDpwcm94eV9wb3J0fSk/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdjbGllbnQgJyIKICAgIHN0YXRpY3M6CiAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQogICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6ICJtYWlsX2F1dGgiCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ2xvZ2dlZCBpbiciCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX3N1Y2Nlc3MiCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdsb2dpbiBmYWlsZWQnIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgTUFJTF9IVFRQX0FVVEg6ICdjbGllbnQgbG9naW4gZmFpbGVkOiAiJXtOT19ET1VCTEVfUVVPVEU6YXV0aF9yZXN1bHR9IiB3aGlsZScKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7TUFJTF9IVFRQX0FVVEh9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogYXV0aF9yZXN1bHQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hdXRoX3Jlc3VsdAojIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IG1haWwKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBtZXRhOiBkZXN0X2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogIC0gbWV0YTogZGVzdF9wb3J0CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCg==", "description": "Parse Nginx Mail logs", "author": "hitech95", "labels": null }, "jusabatier/apereo-cas-audit-logs": { "path": "parsers/s01-parse/jusabatier/apereo-cas-audit-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "af0a0f7f973f2e7234b8b1866c3f4182e0b8945eedcf2dee2d0556a5aab87b6c", "deprecated": false }, "0.2": { "digest": "a8c04c2fd8c3c0980a0aec849bcc044c1140ca971a03cf606742228a584a49fa", "deprecated": false } }, "long_description": "VXNlIEFwZXJlbyBDQVMgYXVkaXQgbG9ncyA6IGh0dHBzOi8vYXBlcmVvLmdpdGh1Yi5pby9jYXMvNi40LngvYXVkaXRzL0F1ZGl0cy1GaWxlLmh0bWwKCk5lZWQgdG8gOiAKKiBhdGl2YXRlIGBjYXMuYXVkaXQuc2xmNGoudXNlLXNpbmdsZS1saW5lPXRydWVgIGluIENBUyBjb25maWd1cmF0aW9uCiogYWRkIGNhc19hdWRpdC5sb2cgZ2VuZXJhdGVkIGZpbGUgdG8gQ3Jvd2RTZWMgYXF1aXNpdGlvbnMKClNhbXBsZSBsb2c0aiBjb25maWcgOiAKCmBgYHhtbApbLi4uXQogICAgICAgIDxSb2xsaW5nRmlsZSBuYW1lPSJhdWRpdGxvZ2ZpbGUiIGZpbGVOYW1lPSIke2Jhc2VEaXJ9L2Nhc19hdWRpdC5sb2ciIGFwcGVuZD0idHJ1ZSIKICAgICAgICAgICAgICAgICAgICAgZmlsZVBhdHRlcm49IiR7YmFzZURpcn0vY2FzX2F1ZGl0LSVke3l5eXktTU0tZGQtSEh9LSVpLmxvZyI+CiAgICAgICAgICAgIDxQYXR0ZXJuTGF5b3V0IHBhdHRlcm49IiVkICVwIFslY10gLSAlbSVuIi8+CiAgICAgICAgICAgIDxQb2xpY2llcz4KICAgICAgICAgICAgICAgIDxPblN0YXJ0dXBUcmlnZ2VyaW5nUG9saWN5IC8+CiAgICAgICAgICAgICAgICA8U2l6ZUJhc2VkVHJpZ2dlcmluZ1BvbGljeSBzaXplPSIxMCBNQiIvPgogICAgICAgICAgICAgICAgPFRpbWVCYXNlZFRyaWdnZXJpbmdQb2xpY3kgLz4KICAgICAgICAgICAgPC9Qb2xpY2llcz4KICAgICAgICA8L1JvbGxpbmdGaWxlPgoKICAgICAgICA8Q2FzQXBwZW5kZXIgbmFtZT0iY2FzQXVkaXQiPgogICAgICAgICAgICA8QXBwZW5kZXJSZWYgcmVmPSJhdWRpdGxvZ2ZpbGUiIC8+CiAgICAgICAgPC9DYXNBcHBlbmRlcj4KWy4uLl0KICAgICAgICA8QXN5bmNMb2dnZXIgbmFtZT0ib3JnLmFwZXJlby5pbnNwZWt0ci5hdWRpdC5zdXBwb3J0IiBsZXZlbD0iaW5mbyIgaW5jbHVkZUxvY2F0aW9uPSJ0cnVlIiA+CiAgICAgICAgICAgIDxBcHBlbmRlclJlZiByZWY9ImNhc0F1ZGl0Ii8+CiAgICAgICAgPC9Bc3luY0xvZ2dlcj4KWy4uLl0KYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2NhcyciCm5hbWU6IGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1hdWRpdC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgYXBlcmVvIENBUyBBdWRpdHMgbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU0VDT05EX1dPUktBUk9VTkQ6ICcoPzpbMC01XT9bMC05XXw2MCk/JwogIFRJTUVTVEFNUF9XT1JLQVJPVU5EOiAnJXtZRUFSfS0le01PTlRITlVNfS0le01PTlRIREFZfVtUIF0le0hPVVJ9Oj8le01JTlVURX0oPzo6PyV7U0VDT05EX1dPUktBUk9VTkR9KT8le0lTTzg2MDFfVElNRVpPTkV9PycKICBDQVNfQVVUSF9GQUlMOiAnXiV7VElNRVNUQU1QX1dPUktBUk9VTkQ6dGltZX0oPzosXGQrKT8gJXtMT0dMRVZFTDpsb2dsZXZlbH0gXFsle0RBVEE6dGhyZWFkbmFtZX1cXSAtICguKilcfENBU1x8KC4qKVx8QVVUSEVOVElDQVRJT05fRkFJTEVEXHwle1VTRVJOQU1FOmNhc19pbnZhbGlkX3VzZXJ9XHwle0lQX1dPUktBUk9VTkQ6Y2FzX2NsaWVudF9pcH1cfCguKikkJwpub2RlczoKICAtIGdyb2s6IAogICAgICBuYW1lOiAiQ0FTX0FVVEhfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogY2FzX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuY2FzX2ludmFsaWRfdXNlciIKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBjYXMKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNhc19jbGllbnRfaXAiCg==", "description": "Parse apereo CAS Audits logs", "author": "jusabatier", "labels": null }, "lourys/pterodactyl-wings-logs": { "path": "parsers/s01-parse/lourys/pterodactyl-wings-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "cf8d159aaa3091b95c9bfe97ef942a2742c65b303c101c2822d5bcfefabda19b", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBwdGVyb2RhY3R5bCB3aW5ncyBsb2dzIChwYXJzZSBvbmx5IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBsb2dzIGZvciB0aGUgbW9tZW50KS4=", "content": "bmFtZTogbG91cnlzL3B0ZXJvZGFjdHlsLXdpbmdzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBQdGVyb2RhY3R5bCB3aW5ncyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3B0ZXJvZGFjdHlsJyIKZGVidWc6IGZhbHNlCm9uc3VjY2VzczogbmV4dF9zdGFnZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeV0FSTjogXFsle0RBVEE6dGltZX1cXSBmYWlsZWQgdG8gdmFsaWRhdGUgdXNlciBjcmVkZW50aWFscyBcKGludmFsaWQgZm9ybWF0XCkgaXA9JXtJUE9SSE9TVDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSBzdWJzeXN0ZW09c2Z0cCB1c2VybmFtZT0le1VTRVJOQU1FOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB0ZXJvZGFjdGx5X3dpbmdzX2ludmFsaWRfZm9ybWF0CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXldBUk46IFxbJXtEQVRBOnRpbWV9XF0gZmFpbGVkIHRvIHZhbGlkYXRlIHVzZXIgY3JlZGVudGlhbHMgXChpbnZhbGlkIHVzZXJuYW1lIG9yIHBhc3N3b3JkXCkgaXA9JXtJUE9SSE9TVDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSBzdWJzeXN0ZW09c2Z0cCB1c2VybmFtZT0le1VTRVJOQU1FOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB0ZXJvZGFjdGx5X3dpbmdzX2ludmFsaWRfdXNlcm5hbWVfb3JfcGFzc3dvcmQKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogcHRlcm9kYWN0eWwKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWU=", "description": "Parse Pterodactyl wings logs", "author": "lourys", "labels": null }, "mstilkerich/bind9-logs": { "path": "parsers/s01-parse/mstilkerich/bind9-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "dac58be63dd386df2c4e46b20ded0b98e66195a102c63d6a7e6cbcb2bfef276c", "deprecated": false } }, "long_description": "VGhpcyBiaW5kOSBwYXJzZXIgc3VwcG9ydHMgbG9ncyBpbiBzZXBhcmF0ZSBiaW5kOSBsb2cgZmlsZXMgYXMgd2VsbCBhcyBzeXNsb2cKZW50cmllcy4gV2hlbiBsb2dnaW5nIHRvIHNlcGFyYXRlIGJpbmQ5IGxvZyBmaWxlcyBkaXJlY3RseSB3aXRoIGJpbmQ5LCB0aGUKYHByaW50LXRpbWVgIHNldHRpbmcgc2hvdWxkIGJlIGVuYWJsZWQsIG90aGVyd2lzZSBubyB0aW1lc3RhbXAgd2lsbCBiZQphdmFpbGFibGUuCgpUaGlzIHBhcnNlciBjdXJyZW50bHkgZGV0ZWN0cyB0aGUgZm9sbG93aW5nIHNlY3VyaXR5IGV2ZW50cyBvZiBiaW5kOToKIC0gWm9uZSB0cmFuc2ZlciByZXF1ZXN0IGRlbmllZCBieSBzZWN1cml0eSBwb2xpY3kKIC0gUXVlcmllcyBkZW5pZWQgYnkgc2VjdXJpdHkgcG9saWN5CgpUbyBjb25maWd1cmUgZGF0YSBhY3F1aXNpdGlvbiBmcm9tIGEgYmluZDkgbG9nIGZpbGUsIHNldCB0aGUgYHR5cGVgIHRvIGBuYW1lZGA6CmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25hbWVkL3NlY3VyaXR5LmxvZwpsYWJlbHM6CiAgdHlwZTogbmFtZWQKYGBgCgpJbnNwaXJlZCBieSBmYWlsMmJhbiBuYW1lZC1yZWZ1c2VkLgo=", "content": "LS0tCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ05BTUVEJyIKZGVidWc6IHRydWUKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIEJJTkQ5X1RJTUVTVEFNUF9EQVRFOiAnJXtNT05USERBWTp0c19kfS0le01PTlRIOnRzX219LSV7WUVBUjp0c195fScKICBCSU5EOV9USU1FU1RBTVBfVElNRU1TOiAnXGR7M30nCiAgQklORDlfVElNRVNUQU1QX1RJTUU6ICcle1RJTUU6dHNfdH1cLiV7QklORDlfVElNRVNUQU1QX1RJTUVNUzp0c19tc30nCiAgQklORDlfVElNRVNUQU1QOiAnJXtCSU5EOV9USU1FU1RBTVBfREFURX0gJXtCSU5EOV9USU1FU1RBTVBfVElNRX0nCiAgIyBjYXRlZ29yaWVzOiBzZWN1cml0eSwgY2xpZW50LCB1cGRhdGUtc2VjdXJpdHksIGV0Yy4KICBCSU5EOV9DQVRFR09SWTogJ1thLXpdKycKICBCSU5EOV9TRVZFUklUWTogJ1thLXpdKycKICBCSU5EOV9QUkVGSVg6ICdeKCV7QklORDlfVElNRVNUQU1QOnRpbWVzdGFtcH0gKT8oJXtCSU5EOV9DQVRFR09SWX06ICk/KCV7QklORDlfU0VWRVJJVFl9OiApP2NsaWVudCBAMHhbMC05YS1mQS1GXSsgJXtJUDpyZW1vdGVfYWRkcn0jJXtQT1NJTlQ6cmVtb3RlX3BvcnR9Lio6ICcKbmFtZTogbXN0aWxrZXJpY2gvYmluZDkKZGVzY3JpcHRpb246ICJQYXJzZSBiaW5kOSBsb2dzIgpub2RlczoKICAjIFdoZW4gbXVsdGlwbGUgZ3JvayBwYXR0ZXJucyBhcmUgc3BlY2lmaWVkLCBvbmx5IHRoZSBmaXJzdCBtYXRjaGluZyBvbmUgaXMgYXBwbGllZAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ14le0JJTkQ5X1BSRUZJWH16b25lIHRyYW5zZmVyIC4qICg/OmRlbmllZHxcKE5PVEFVVEhcKSlccyokJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ14le0JJTkQ5X1BSRUZJWH1iYWQgem9uZSB0cmFuc2ZlciByZXF1ZXN0OiAnJ1xTKy9JTicnOiBub24tYXV0aG9yaXRhdGl2ZSB6b25lICg/OmRlbmllZHxcKE5PVEFVVEhcKSlccyokJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ14le0JJTkQ5X1BSRUZJWH0oPzp2aWV3ICg/OmludGVybmFsfGV4dGVybmFsKTogKT9xdWVyeSg/OiBcKGNhY2hlXCkpPyAuKiAoPzpkZW5pZWR8XChOT1RBVVRIXCkpXHMqJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBiaW5kOQogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBiaW5kOV9kZW5pZWQKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lICAjIGNvbnZlcnQgdGltZSBmb3JtYXQgZm9yIGRhdGVwYXJzZS1lbnJpY2gKICAgIGV4cHJlc3Npb246ICIKICAgICAge0phbjonMDEnLEZlYjonMDInLE1hcjonMDMnLEFwcjonMDQnLE1heTonMDUnLEp1bjonMDYnLEp1bDonMDcnLEF1ZzonMDgnLFNlcDonMDknLE9jdDonMTAnLE5vdjonMTEnLERlYzonMTInfVtldnQuUGFyc2VkLnRzX21dCiAgICAgICsgJy8nICsgZXZ0LlBhcnNlZC50c19kCiAgICAgICsgJy8nICsgZXZ0LlBhcnNlZC50c195CiAgICAgICsgJyAnICsgZXZ0LlBhcnNlZC50c190Igo=", "description": "Parse bind9 logs", "author": "mstilkerich", "labels": null }, "schiz0phr3ne/prowlarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/prowlarr-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "d061ec42abfa9633d082cd0a6a08ceef88b2cc623f316209b96de202d7cc9f3f", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUHJvd2xhcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9Qcm93bGFyci9Qcm93bGFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnUHJvd2xhcnInIgpuYW1lOiBzY2hpejBwaHIzbmUvcHJvd2xhcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFByb3dsYXJyIExvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cW1dhcm5cXSBBdXRoOiBBdXRoLUZhaWx1cmUgaXAgJXtJUDpzb3VyY2VfaXB9IHVzZXJuYW1lICV7REFUQTp1c2VybmFtZX0kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBwcm93bGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24KCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHByb3dsYXJyCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZXN0YW1wIgogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCg==", "description": "Parse Prowlarr Logs", "author": "schiz0phr3ne", "labels": null }, "schiz0phr3ne/radarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/radarr-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "0d9d4cb7e4a592ec3e56e89cb7fe97b22390d011c4b86ac85affd2db491049b0", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUmFkYXJyXShodHRwczovL2dpdGh1Yi5jb20vUmFkYXJyL1JhZGFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnUmFkYXJyJyIKbmFtZTogc2NoaXowcGhyM25lL3JhZGFyci1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgUmFkYXJyIExvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cW1dhcm5cXSBBdXRoOiBBdXRoLUZhaWx1cmUgaXAgJXtJUDpzb3VyY2VfaXB9IHVzZXJuYW1lICV7REFUQTp1c2VybmFtZX0kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiByYWRhcnJfZmFpbGVkX2F1dGhlbnRpY2F0aW9uCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiByYWRhcnIKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUK", "description": "Parse Radarr Logs", "author": "schiz0phr3ne", "labels": null }, "schiz0phr3ne/sonarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/sonarr-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "457e4e03b538b3f3a5ca4aadb3d26c695a6857c7ddbdae5d31dea87c164bdc67", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbU29uYXJyXShodHRwczovL2dpdGh1Yi5jb20vU29uYXJyL1NvbmFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbW9ubyciCm5hbWU6IHNjaGl6MHBocjNuZS9zb25hcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFNvbmFyciBMb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFtXYXJuXF0gQXV0aDogQXV0aC1GYWlsdXJlIGlwICV7SVA6c291cmNlX2lwfSB1c2VybmFtZSAle0RBVEE6dXNlcm5hbWV9JCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc29uYXJyX2ZhaWxlZF9hdXRoZW50aWNhdGlvbgoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogc29uYXJyCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZXN0YW1wIgogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCg==", "description": "Parse Sonarr Logs", "author": "schiz0phr3ne", "labels": null }, "thespad/sshesame-logs": { "path": "parsers/s01-parse/thespad/sshesame-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "7c778f2e6a003de5859de6bbbc91d549c7225c7e4b0b8c229f4e2ce7fecf088a", "deprecated": false }, "0.2": { "digest": "4e0cb478023fc6bed1f04be0d8615f98446c1bb8f16680113af661f1d13ac953", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBwYXJzZXIKCkEgcGFyc2VyIGZvciBbc3NoZXNhbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9qYWtzaS9zc2hlc2FtZS8pIGhvbmV5cG90IGxvZ3MuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc3NoZXNhbWUubG9nCmxhYmVsczoKICB0eXBlOiBzc2hlc2FtZQpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3NoZXNhbWUnIgpuYW1lOiB0aGVzcGFkL3NzaGVzYW1lLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBzc2hlc2FtZSBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBTU0hFU0FNRV9USU1FU1RBTVA6ICcle0RBVEVfWH0gJXtUSU1FfScKICBTU0hFU0FNRV9MT0dJTl9QQVNTV0Q6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIGF1dGhlbnRpY2F0aW9uIGZvciB1c2VyICIle1VTRVJOQU1FOnNzaGVzYW1lX3VzZXJ9IiB3aXRoIHBhc3N3b3JkICIle0dSRUVEWURBVEE6c3NoZXNhbWVfcGFzc3dvcmR9IiBhY2NlcHRlZCcKICBTU0hFU0FNRV9MT0dJTl9QVUJLRVk6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIGF1dGhlbnRpY2F0aW9uIGZvciB1c2VyICIle1VTRVJOQU1FOnNzaGVzYW1lX3VzZXJ9IiB3aXRoIHB1YmxpYyBrZXkgIiV7R1JFRURZREFUQTpzc2hlc2FtZV9wdWJrZXl9IiBhY2NlcHRlZCcKICBTU0hFU0FNRV9DTUQ6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIFxbY2hhbm5lbCBcZCtcXSBjb21tYW5kICIle0dSRUVEWURBVEE6c3NoZXNhbWVfY21kfSIgcmVxdWVzdGVkJwogIFNTSEVTQU1FX0lOUFVUOiAnJXtTU0hFU0FNRV9USU1FU1RBTVA6dGltZXN0YW1wfSBcWyV7SVA6c291cmNlX2lwfTpcZCtcXSBcW2NoYW5uZWwgXGQrXF0gaW5wdXQ6ICIle0dSRUVEWURBVEE6c3NoZXNhbWVfaW5wdXR9IicKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfTE9HSU5fUEFTU1dEIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9sb2dpbgogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfTE9HSU5fUFVCS0VZIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9sb2dpbgogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfQ01EIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9jbWQKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hFU0FNRV9JTlBVVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoZXNhbWVfaW5wdXQKc3RhdGljczoKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaGVzYW1lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgICAtIG1ldGE6IGNvbW1hbmQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZXNhbWVfY21kIgogICAgLSBtZXRhOiBpbnB1dAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hlc2FtZV9pbnB1dCIK", "description": "Parse sshesame logs", "author": "thespad", "labels": null }, "timokoessler/gitlab-logs": { "path": "parsers/s01-parse/timokoessler/gitlab-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "14e3359355433275065f1451beb547ed3b282292af41b02c3121a71395138ac2", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbR2l0TGFiXShodHRwczovL2Fib3V0LmdpdGxhYi5jb20pIExvZ3MuIFRlc3RlZCB3aXRoIHRoZSBPbW5pYnVzIHBhY2thZ2UgdjE0IGFuZCB2MTUuCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGxhYi9naXRsYWItcmFpbHMvcHJvZHVjdGlvbl9qc29uLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0bGFiCmBgYAoKb3IgZm9yIERvY2tlcjoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIG15X2NvbnRhaW5lcl9uYW1lCmxhYmVsczoKICB0eXBlOiBnaXRsYWIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGdpdGxhYiBpbnN0YWxsYXRpb24gbWV0aG9kLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlLg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ0dJVExBQiciCm5hbWU6IHRpbW9rb2Vzc2xlci9naXRsYWItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEdpdExhYiBMb2dzIgpub2RlczoKICAtIGZpbHRlcjogfAogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1ldGhvZCIpID09ICdQT1NUJyAmJgogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInBhdGgiKSBpbiBbJy91c2Vycy9zaWduX2luJywgJy91c2Vycy9hdXRoL2xkYXBtYWluL2NhbGxiYWNrJ10gJiYKICAgICBhbnkoSnNvbkV4dHJhY3RTbGljZShldnQuUGFyc2VkLm1lc3NhZ2UsICJwYXJhbXMiKSwgey5rZXkgPT0gJ3VzZXInICYmIC52YWx1ZS5sb2dpbiAhPSAnJ30pICYmCiAgICAgKEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgJ3N0YXR1cycpID09ICcwJyB8fCBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdhY3Rpb24nKSA9PSAnZmFpbHVyZScpCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6ICJnaXRsYWJfZmFpbGVkX3Bhc3N3b3JkIgogICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogZmlsdGVyKEpzb25FeHRyYWN0U2xpY2UoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicGFyYW1zIiksIHsua2V5ID09ICd1c2VyJyAmJiAudmFsdWUubG9naW4gIT0gJyd9KVswXVsndmFsdWUnXVsnbG9naW4nXQogIC0gZmlsdGVyOiB8CiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAibWV0aG9kIikgPT0gJ1BPU1QnICYmCiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicGF0aCIpID09ICcvdXNlcnMvc2lnbl9pbicgJiYKICAgICBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdwYXJhbXMnKSBjb250YWlucyAnb3RwX2F0dGVtcHQnICYmCiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnc3RhdHVzJykgIT0gJzMwMicKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogImdpdGxhYl9mYWlsZWRfdG90cCIKCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZ2l0bGFiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlbW90ZV9pcCIpCiAgLSBwYXJzZWQ6IHRpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZSIpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAi", "description": "Parse GitLab Logs", "author": "timokoessler", "labels": null }, "timokoessler/mongodb-logs": { "path": "parsers/s01-parse/timokoessler/mongodb-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "1e2e1a5beb799d0d533cfc5fc3a490c1860c55d518c3a3edb77f3c47ebc4c55b", "deprecated": false } }, "long_description": "VGhpcyBpcyBhIHBhcnNlciBmb3IgW01vbmdvREJdKGh0dHBzOi8vd3d3Lm1vbmdvZGIuY29tLykgbG9ncy4gTW9uZ29EQiB2ZXJzaW9uIDQuNCBvciBoaWdoZXIgaXMgcmVxdWlyZWQuCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGRvY2tlciBjb250YWluZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogbW9uZ29kYgpgYGAKCm9yIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL21vbmdvZGIvbW9uZ29kYi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vbmdvZGIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2Uu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ01PTkdPREInIgpuYW1lOiB0aW1va29lc3NsZXIvbW9uZ29kYi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTW9uZ29EQiBsb2dzIgpub2RlczoKICAtIGZpbHRlcjogfAogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImMiKSA9PSAnQUNDRVNTJyAmJgogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1zZyIpID09ICdBdXRoZW50aWNhdGlvbiBmYWlsZWQnCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6ICJtb25nb2RiX2ZhaWxlZF9hdXRoIgogICAgZ3JvazoKICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9JwogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhdHRyLnJlbW90ZSIpCgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IG1vbmdvZGIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBwYXJzZWQ6IHRpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidC4kZGF0ZSIpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgLSBtZXRhOiB1c2VybmFtZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYXR0ci5wcmluY2lwYWxOYW1lIikKICAtIG1ldGE6IGF1dGhlbnRpY2F0aW9uX2RhdGFiYXNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhdHRyLmF1dGhlbnRpY2F0aW9uRGF0YWJhc2UiKQ==", "description": "Parse MongoDB logs", "author": "timokoessler", "labels": null }, "timokoessler/uptime-kuma-logs": { "path": "parsers/s01-parse/timokoessler/uptime-kuma-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "7fe2f059bf9f3a60c6ab262d5ac1efe98812a85fe6c11e4d91b6a25d8e42b4ac", "deprecated": false }, "0.2": { "digest": "2732333702233c0854e833ae830f7ab8ac8aebeaf3decab285f865a00164701c", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbVXB0aW1lIEt1bWFdKGh0dHBzOi8vZ2l0aHViLmNvbS9sb3Vpc2xhbS91cHRpbWUta3VtYSkgTG9ncy4KCioqVXB0aW1lIEt1bWEgdmVyc2lvbiAxLjE1LjAgb3IgaGlnaGVyIGlzIHJlcXVpcmVkLioqCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBEb2NrZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogdXB0aW1lLWt1bWEKYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1VQVElNRS1LVU1BJyIKbmFtZTogdGltb2tvZXNzbGVyL3VwdGltZS1rdW1hLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBVcHRpbWUgS3VtYSBMb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9IFxbQVVUSFxdIFdBUk46IEluY29ycmVjdCB1c2VybmFtZSBvciBwYXNzd29yZCBmb3IgdXNlciAle0RBVEE6dXNlcm5hbWV9XC4gSVA9JXtJUDpzb3VyY2VfaXB9JCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdXB0aW1lX2t1bWFfZmFpbGVkX3Bhc3N3b3JkCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSBcW0FVVEhcXSBXQVJOOiBJbnZhbGlkIHRva2VuIHByb3ZpZGVkIGZvciB1c2VyICV7REFUQTp1c2VybmFtZX1cLiBJUD0le0lQOnNvdXJjZV9pcH0kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB1cHRpbWVfa3VtYV9mYWlsZWRfdG90cAoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdXB0aW1lLWt1bWEKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUK", "description": "Parse Uptime Kuma Logs", "author": "timokoessler", "labels": null } }, "postoverflows": { "crowdsecurity/cdn-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml", "stage": "s01-whitelist", "version": "0.4", "versions": { "0.1": { "digest": "d1cb42fbe9f3bb37f3cfa77ef5c60ec0b17dc3703bffb0d422dc6fe9cc0eb9f5", "deprecated": false }, "0.2": { "digest": "7fb5b1474067c22192cf12effb7d508e316c130900cb00c108c0467d18d9d2c0", "deprecated": false }, "0.3": { "digest": "63c933b81052c7776deb607ed7c115b89e59a88908123e04573853201122a45a", "deprecated": false }, "0.4": { "digest": "626bd74a8f0dcf8e17d74238d08983693f5ac2d32b1a6ccd2d57fff02731eeaa", "deprecated": false } }, "long_description": "IyBDRE5zIHdoaXRlbGlzdAoKQ0ROcyB3aGl0ZWxpc3QgYmFzZWQgb24gZm9sbG93aW5nIGxpc3RzOgoqIGh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2lwcy12NAoKSXQgd2lsbCB3aGl0ZWxpc3Qgb3ZlcmZsb3dzIHRyaWdnZXJlZCBvbiBhbiBJUCBpbiB0aG9zZSBsaXN0cw==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jZG4td2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IENETiBwcm92aWRlcnMiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcHMudHh0JyksIHsgSXBJblJhbmdlKGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgLCMpfSkiCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcDZzLnR4dCcpLCB7IElwSW5SYW5nZShldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQICwjKX0pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vaXBzLXY0CiAgICBkZXN0X2ZpbGU6IGNsb3VkZmxhcmVfaXBzLnR4dAogICAgdHlwZTogc3RyaW5nCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3d3dy5jbG91ZGZsYXJlLmNvbS9pcHMtdjYKICAgIGRlc3RfZmlsZTogY2xvdWRmbGFyZV9pcDZzLnR4dAogICAgdHlwZTogc3RyaW5nCg==", "description": "Whitelist CDN providers", "author": "crowdsecurity", "labels": null }, "crowdsecurity/ipv6_to_range": { "path": "postoverflows/s00-enrich/crowdsecurity/ipv6_to_range.yaml", "stage": "s00-enrich", "version": "0.1", "versions": { "0.1": { "digest": "f22e5224b84175284024f9ca69e0c97327f0e0d86ff3ccfadf4f26257bf22b96", "deprecated": false } }, "long_description": "VGhpcyBwb3N0b3ZlcmZsb3cgY2hlY2sgaWYgdGhlIHJlbWVkaWF0aW9uIGNvbmNlcm4gYW4gSVB2NiBhbmQgaWYgeWVzLCB3aWxsIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhlIGRlY2lzaW9uIHRvIHRoZSBJUHY2IC82NCByYW5nZS4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlICYmIElzSVBWNihldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQKSIKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHY2X3RvX3JhbmdlCmRlc2NyaXB0aW9uOiAiIgpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLlZhbHVlCiAgICBleHByZXNzaW9uOiBJcFRvUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCwgIi82NCIpCiAgLSB0YXJnZXQ6IGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuU2NvcGUKICAgIHZhbHVlOiBSYW5nZQ==", "author": "crowdsecurity", "labels": null }, "crowdsecurity/rdns": { "path": "postoverflows/s00-enrich/crowdsecurity/rdns.yaml", "stage": "s00-enrich", "version": "0.2", "versions": { "0.1": { "digest": "796da42b262fe6574d78a7c7f95f73876d30a07751679a43afd018fc272e490a", "deprecated": false }, "0.2": { "digest": "2b174b379f05edb3aa298b7037f6a85cde06b45893e4152492a51757408d517b", "deprecated": false } }, "long_description": "IyBSZG5zIGVucmljaGVyCgpUaGlzIHdpbGwgdXNlIGByZXZlcnNlX2Ruc2AgbWV0aG9kIHRvIGVucmljaCBhbiBldmVudCB3aXRoIHRoZSByZXZlcnNlIGRucyBvZiB0aGUgSVAgaWYgaXQgZXhpc3RzLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3JkbnMKZGVzY3JpcHRpb246ICJMb29rdXAgdGhlIEROUyBhc3NvY2lhdGVkIHRvIHRoZSBzb3VyY2UgSVAgb25seSBmb3Igb3ZlcmZsb3dzIgpzdGF0aWNzOgogIC0gbWV0aG9kOiByZXZlcnNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUAogIC0gbWV0YTogcmV2ZXJzZV9kbnMKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5yZXZlcnNlX2Rucwo=", "description": "Lookup the DNS associated to the source IP only for overflows", "author": "crowdsecurity", "labels": null }, "crowdsecurity/seo-bots-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml", "stage": "s01-whitelist", "version": "0.4", "versions": { "0.1": { "digest": "6df83947191a61ab73a87fccb3c285563bd9c4b3ef8027558d3510d262776ebe", "deprecated": false }, "0.2": { "digest": "71eccc355bf181addcb1b5681c5fa99e087b23cbd8fed40ade7ff8a3b07488ef", "deprecated": false }, "0.3": { "digest": "43968bb27b6f8cb8420bdcfa997627bce5f19e62fb96299af8c0e1e767ff0582", "deprecated": false }, "0.4": { "digest": "f48b0841cc4cf03fe16f118ea1b5d64f4c1eb07cbacf4647bb0e871b4fd71f8c", "deprecated": false } }, "long_description": "IyBTRU8gQm90cyBXaGl0ZWxpc3QKCkNvbmZpZ3VyYXRpb24gYmFzZWQgb24gYGNyb3dkc2VjdXJpdHkvcmRuc2AgdG8gd2hpdGVsaXN0IGZvbGxvd2luZyBiZW5pZ24gU0VPIGJvdHM6CiogZHVja2R1Y2tCb3QKKiBnb29nbGVib3QKKiB5YW5kZXgKKiBiaW5nCiogYmFpZHUKKiB5YWhvbwoqIHBpbnRlcmVzdAoqIHF3YW50Cg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9zZW8tYm90cy13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZ29vZCBzZWFyY2ggZW5naW5lIGNyYXdsZXJzIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAiZ29vZCBib3RzIChzZWFyY2ggZW5naW5lIGNyYXdsZXJzKSIKICBleHByZXNzaW9uOiAKICAgIC0gImFueShGaWxlKCdyZG5zX3Nlb19ib3RzLnR4dCcpLCB7IGxlbigjKSA+IDAgJiYgZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICN9KSIKICAgIC0gIlJlZ2V4cEluRmlsZShldnQuRW5yaWNoZWQucmV2ZXJzZV9kbnMsICdyZG5zX3Nlb19ib3RzLnJlZ2V4JykiCiAgICAtICJhbnkoRmlsZSgnaXBfc2VvX2JvdHMudHh0JyksIHsgbGVuKCMpID4gMCAmJiBJcEluUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCAsIyl9KSIKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JkbnNfc2VvX2JvdHMudHh0CiAgICBkZXN0X2ZpbGU6IHJkbnNfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmcKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JuZHNfc2VvX2JvdHMucmVnZXgKICAgIGRlc3RfZmlsZTogcmRuc19zZW9fYm90cy5yZWdleAogICAgdHlwZTogcmVnZXhwCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9pcF9zZW9fYm90cy50eHQKICAgIGRlc3RfZmlsZTogaXBfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmc=", "description": "Whitelist good search engine crawlers", "author": "crowdsecurity", "labels": null } }, "scenarios": { "Dominic-Wagner/vaultwarden-bf": { "path": "scenarios/Dominic-Wagner/vaultwarden-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7cfd47daccee7ae3c88be9d772610996114d36be9a4738274ae54509c67e6615", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCB2YXVsdHdhcmRlbiBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyB2YXVsdHdhcmRlbiBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHZhdWx0d2FyZGVuIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsndmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgnLCAndmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgnLCAndmF1bHR3YXJkZW5fZmFpbGVkX3RvdHAnXSIKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogdmF1bHR3YXJkZW4KIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHZhdWx0d2FyZGVuIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBEb21pbmljLVdhZ25lci92YXVsdHdhcmRlbi1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgdmF1bHR3YXJkZW4gdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3ZhdWx0d2FyZGVuX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogc3NoCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect vaultwarden bruteforce", "author": "Dominic-Wagner", "labels": { "remediation": "true", "service": "vaultwarden", "type": "bruteforce" } }, "LePresidente/authelia-bf": { "path": "scenarios/LePresidente/authelia-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6859d59edc2371a1b44babd0623f0f4db16feacb2096450ebc19a6804343bc28", "deprecated": false }, "0.2": { "digest": "444cade77860d8cf730df8ca3ddcf728e2246c4c2c72685fd425dedd7ee26457", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBhdXRoZWxpYSBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBhdXRoZWxpYSBCRiBzY2FuCm5hbWU6IExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBhdXRoZWxpYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2F1dGhlbGlhX2ZhaWxlZF9jbGZfYXV0aCcsICdhdXRoZWxpYV9mYWlsZWRfanNvbl9hdXRoJ10iCiNkZWJ1ZzogdHJ1ZQp0eXBlOiBsZWFreQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAiMjBzIgpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBhdXRoZWxpYQogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBhdXRoZWxpYSB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogIExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgYXV0aGVsaWEgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnYXV0aGVsaWFfZmFpbGVkX2NsZl9hdXRoJywgJ2F1dGhlbGlhX2ZhaWxlZF9qc29uX2F1dGgnXSIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogYXV0aGVsaWEKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl", "description": "Detect authelia bruteforce", "author": "LePresidente", "labels": { "remediation": "true", "service": "authelia", "type": "bruteforce" } }, "LePresidente/emby-bf": { "path": "scenarios/LePresidente/emby-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4465206dcabe80edd026332b3a1aca8feb325fe982fa8fd2b4a38a3970a258b1", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBlbWJ5IGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCBpcA==", "content": "ICMgZW1ieSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9lbWJ5LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGVtYnkgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2VtYnlfZmFpbGVkX2F1dGgnIgpsZWFrc3BlZWQ6IDFtCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBlbWJ5CiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect emby bruteforce", "author": "LePresidente", "labels": { "remediation": "true", "service": "emby", "type": "bruteforce" } }, "LePresidente/gitea-bf": { "path": "scenarios/LePresidente/gitea-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "29eb0131d95219fa3a835a9e33cf38238240e42e8d7b46aa7bf7ed895d2b0b35", "deprecated": false }, "0.2": { "digest": "2ba7cd0dc64eda94f1c094b45f1bffd779a3e773621fddb7506b713320406f54", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBnaXRlYSBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBnaXRlYSBCRiBzY2FuCm5hbWU6IExlUHJlc2lkZW50ZS9naXRlYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBnaXRlYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZ2l0ZWFfZmFpbGVkX2F1dGgnIgojZGVidWc6IHRydWUKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogZ2l0ZWEKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgZ2l0ZWEgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6ICBMZVByZXNpZGVudGUvZ2l0ZWEtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdpdGVhIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZ2l0ZWFfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBnaXRlYQogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect gitea bruteforce", "author": "LePresidente", "labels": { "remediation": "true", "service": "gitea", "type": "bruteforce" } }, "LePresidente/jellyseerr-bf": { "path": "scenarios/LePresidente/jellyseerr-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d21fcd58a65208cd0d37d005e13b3ba242f169ee71a8a8c2b6d4c4011f4d1c98", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBqZWxseXNlZXJyIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAyMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJz", "content": "IyBqZWxseXNlZXJyIEJGIHNjYW4KbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgamVsbHlzZWVyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnamVsbHlzZWVycl9mYWlsZWRfYXV0aCciCiNkZWJ1ZzogdHJ1ZQp0eXBlOiBsZWFreQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAiMjBzIgpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBqZWxseXNlZXJyCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIGplbGx5c2VlcnIgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6ICBMZVByZXNpZGVudGUvamVsbHlzZWVyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgamVsbHlzZWVyciB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2plbGx5c2VlcnJfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBqZWxseXNlZXJyCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect jellyseerr bruteforce", "author": "LePresidente", "labels": { "remediation": "true", "service": "jellyseerr", "type": "bruteforce" } }, "LePresidente/ombi-bf": { "path": "scenarios/LePresidente/ombi-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "20d3c7bf14fa9c1a6b43a00d219c933846d36d7ec8d4306659aaad6a3873a6eb", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBlbWJ5IGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCBpcA==", "content": "IyBlbWJ5IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogTGVQcmVzaWRlbnRlL29tYmktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgT21iaSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnb21iaV9hdXRoX2ZhaWxlZCciCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IG9tYmkKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Ombi bruteforce", "author": "LePresidente", "labels": { "remediation": "true", "service": "ombi", "type": "bruteforce" } }, "baudneo/gotify-bf": { "path": "scenarios/baudneo/gotify-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "584f3cea147a6aca903f87b63d43bade9da0449c23b90efb26de9fa798d06fdb", "deprecated": false } }, "long_description": "QnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGZvciBHb3RpZnkgc2VydmVyLiAKCkxlYWsgc3BlZWQgb2YgMTAgc2Vjb25kcyB3aXRoIGEgY2FwYWNpdHkgb2YgNC4=", "content": "dHlwZTogbGVha3kKbmFtZTogYmF1ZG5lby9nb3RpZnktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgID09ICdnb3RpZnlfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpjYXBhY2l0eTogNApsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogZ290aWZ5CiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect bruteforce", "author": "baudneo", "labels": { "remediation": "true", "service": "gotify", "type": "bruteforce" } }, "baudneo/zoneminder-bf": { "path": "scenarios/baudneo/zoneminder-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "23f8a840d8341ffad8f70b787e7dc5c9ecbab0c3bcc91eaada7dffdc2a4613f7", "deprecated": false } }, "long_description": "QnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGZvciBab25lTWluZGVyLgoKTGVhayBzcGVlZCBvZiAxMCBzZWNvbmRzIHdpdGggYSBjYXBhY2l0eSBvZiA0Lg==", "content": "IyBsb2dpbmcgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBiYXVkbmVvL3pvbmVtaW5kZXItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgWm9uZU1pbmRlciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfc3VidHlwZSA9PSAnem1fYmFkX3Bhc3N3b3JkJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKY2FwYWNpdHk6IDQKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDFtCmxhYmVsczoKIHNlcnZpY2U6IHpvbmVtaW5kZXIKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHVzZXIgZW51bQp0eXBlOiBsZWFreQpuYW1lOiBiYXVkbmVvL3pvbmVtaW5kZXItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgWm9uZU1pbmRlciB1c2VyIGVudW1lcmF0aW9uIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfc3VidHlwZSA9PSAnem1fYmFkX3VzZXInIgpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpkaXN0aW5jdDogImV2dC5NZXRhLnVzZXJuYW1lIgpjYXBhY2l0eTogNApsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogem9uZW1pbmRlcgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect ZoneMinder bruteforce", "author": "baudneo", "labels": { "remediation": "true", "service": "zoneminder", "type": "bruteforce" } }, "crowdsecurity/CVE-2021-4034": { "path": "scenarios/crowdsecurity/CVE-2021-4034.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f08340e4247cfd2c44fb2db26dcb752aacbcfb483dc7da686af8e793b5a32d0f", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjEtNDAzNAoKRGV0ZWN0cyBleHBsb2l0IG9mIENWRS0yMDIxLTQwMzQgYHBrZXhlY2AgdnVsbmVyYWJpbGl0eS4KCjp3YXJuaW5nOiBTbWFydCBhdHRhY2tlcnMgY2FuIGV4cGxvaXQgdGhpcyB2dWxuZXJhYmlsaXR5IHdpdGhvdXQgbGVhdmluZyB0cmFjZXMgaW4gbG9ncwoK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMS00MDM0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDIxLTQwMzQgZXhwbG9pdHMiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ0NWRS0yMDIxLTQwMzQteHBsJwpncm91cGJ5OiBldnQuTWV0YS50YXJnZXRfdXNlcgpibGFja2hvbGU6IDFtCmxhYmVsczoKIHR5cGU6IHByaXZlc2MKc2NvcGU6CiAgdHlwZTogc3lzdGVtX2FjY291bnQKICBleHByZXNzaW9uOiBldnQuTWV0YS50YXJnZXRfdXNlcgo=", "description": "Detect CVE-2021-4034 exploits", "author": "crowdsecurity", "labels": { "type": "privesc" } }, "crowdsecurity/CVE-2022-26134": { "path": "scenarios/crowdsecurity/CVE-2022-26134.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ef1cbb63184361f1fca2b914b436f99bac53b98047da4442bebe58fd65a6dc2d", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMjYxMzQKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0yNjEzNCBSQ0UgdnVsbmVyYWJpbGl0eS4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0yNjEzNApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0yNjEzNCBleHBsb2l0cyIKZmlsdGVyOiAiVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCdAamF2YS5sYW5nLlJ1bnRpbWVAZ2V0UnVudGltZSgpLmV4ZWMoJykiCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect CVE-2022-26134 exploits", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/CVE-2022-35914": { "path": "scenarios/crowdsecurity/CVE-2022-35914.yaml", "version": "0.1", "versions": { "0.1": { "digest": "8dcd25e2e77855c6e8216d2d988af69f93492d49cb9bd68009149124de555b61", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMzU5MTQKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0zNTkxNCBSQ0UgdnVsbmVyYWJpbGl0eS4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vZ2l0aHViLmNvbS9nbHBpLXByb2plY3QvZ2xwaS9zZWN1cml0eS9hZHZpc29yaWVzL0dIU0EtYzVneC03ODlxLTVwY3IK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0zNTkxNApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0zNTkxNCBleHBsb2l0cyIKZmlsdGVyOiAiVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL3ZlbmRvci9odG1sYXdlZC9odG1sYXdlZC9odG1MYXdlZFRlc3QucGhwJykiCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect CVE-2022-35914 exploits", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/CVE-2022-37042": { "path": "scenarios/crowdsecurity/CVE-2022-37042.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a359e07196179abadd5c81f4599a539f693a647cca4b744d3a0ef43e6d49496d", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMzcwNDIKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0zNzA0MiBSQ0UgdnVsbmVyYWJpbGl0eS4K", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0zNzA0MgpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0zNzA0MiBleHBsb2l0cyIKZmlsdGVyOiB8CiAgICAoCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zIFVwcGVyKCcvc2VydmljZS9leHRlbnNpb24vYmFja3VwL21ib3hpbXBvcnQ/YWNjb3VudC1uYW1lPWFkbWluJm93PTImbm8tc3dpdGNoPTEmYXBwZW5kPTEnKSB8fAogICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL3NlcnZpY2UvZXh0ZW5zaW9uL2JhY2t1cC9tYm94aW1wb3J0P2FjY291bnQtbmFtZT1hZG1pbiZhY2NvdW50LXN0YXR1cz0xJm93PWNtZCcpIAogICAgKQogICAgYW5kIGV2dC5NZXRhLmh0dHBfc3RhdHVzIHN0YXJ0c1dpdGggKCc0MCcpIGFuZAogICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF92ZXJiKSA9PSAnUE9TVCcKCgpibGFja2hvbGU6IDJtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect CVE-2022-37042 exploits", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/CVE-2022-40684": { "path": "scenarios/crowdsecurity/CVE-2022-40684.yaml", "version": "0.2", "versions": { "0.1": { "digest": "3966ffd8e0b1b6d00ac99759955f676f39a5d350d0d2de4117c1293dd17617bb", "deprecated": false }, "0.2": { "digest": "49e7ee3c7afd08b249c0429abb9a74de76a9bdef56f803bc802425cca7d45027", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDA2ODQKCkRldGVjdHMgRm9ydGlPcywgRm9ydGlQcm94eSwgYW5kIEZvcnRpU3dpdGNoTWFuYWdlciBhdXRoZW50aWNhdGlvbiBieXBhc3MgKENWRS0yMDIyLTQwNjg0KSB2dWxuZXJhYmlsaXR5Lgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2ZvcnRpbmV0LWN2ZS0yMDIyLTQwNjg0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIyLTQwNjg0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSBhbmQgCiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBzdGFydHNXaXRoIFVwcGVyKCcvYXBpL3YyL2NtZGIvc3lzdGVtL2FkbWluLycpIGFuZCBMb3dlcihldnQuUGFyc2VkLmh0dHBfdXNlcl9hZ2VudCkgPT0gJ3JlcG9ydCBydW5uZXInCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect cve-2022-40684 exploitation attempts", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/CVE-2022-41082": { "path": "scenarios/crowdsecurity/CVE-2022-41082.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4c1c2f9955b07527a943b5bb756bd1a3ac85d20ac1c32e5a4087c3e59840d53d", "deprecated": false }, "0.2": { "digest": "429111e4d5cbbbfaaaee02eee6d646d0f75878c12ab24cd10ece4fd133b45eff", "deprecated": false }, "0.3": { "digest": "fb8dac201728cb4b366fe199d523ec01423dd7487e76854e38e89216ba7f717d", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00MTA4MgpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00MTA4MiBleHBsb2l0cyIKZmlsdGVyOiB8CiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zIFVwcGVyKCcvYXV0b2Rpc2NvdmVyL2F1dG9kaXNjb3Zlci5qc29uJykgJiYKICAgIFVwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigncG93ZXJzaGVsbCcpCgpibGFja2hvbGU6IDFtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect CVE-2022-41082 exploits", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/CVE-2022-42889": { "path": "scenarios/crowdsecurity/CVE-2022-42889.yaml", "version": "0.2", "versions": { "0.1": { "digest": "0efbd6a607d22683331a3e4ee96a78cedc3a071dd80f302df10158628eef36d9", "deprecated": false }, "0.2": { "digest": "7358ad76095b008ebdf384cfbda11f1f5977f3e41acaad6f83fd779fdddd656a", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDI4ODkKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi00Mjg4OSAoVGV4dDRTaGVsbCkgUkNFIHZ1bG5lcmFiaWxpdHkuCgoKUmVmZXJlbmNlOiBodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5Cg==", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00Mjg4OQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00Mjg4OSBleHBsb2l0cyAoVGV4dDRTaGVsbCkiCmZpbHRlcjogfAogIFVwcGVyKFBhdGhVbmVzY2FwZShldnQuTWV0YS5odHRwX3BhdGgpKSBjb250YWlucyBVcHBlcignJHtzY3JpcHQ6amF2YXNjcmlwdDpqYXZhLmxhbmcuUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYygnKQogIG9yCiAgVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCcke3NjcmlwdDpqczpqYXZhLmxhbmcuUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYygnKQogIG9yCiAgVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCcke3VybDpVVEYtODonKSAKICBvcgogIFVwcGVyKFBhdGhVbmVzY2FwZShldnQuTWV0YS5odHRwX3BhdGgpKSBjb250YWlucyBVcHBlcignJHtkbnM6YWRkcmVzc3wnKSAKYmxhY2tob2xlOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect CVE-2022-42889 exploits (Text4Shell)", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "path": "scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml", "version": "0.4", "versions": { "0.1": { "digest": "7ee4024160a62e888d7db882eb4ed100de915716b91be09cef64390381babfb9", "deprecated": false }, "0.2": { "digest": "578cd7121a0cf424affcb435c57d6a03d00569258e5b066459b9f87fe02bfacc", "deprecated": false }, "0.3": { "digest": "16e1244697e41f006b1bfb7a4bd957d22d18b75f4dba94812a9dfc4a7135808d", "deprecated": false }, "0.4": { "digest": "587688aca2067e8c8fba50f796ba0502e955696d4d545edf70b9b5162b0cf944", "deprecated": false } }, "long_description": "U2NlbmFyaW8gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiAibG9nNGoiIENWRS0yMDIxLTQ0MjI4LgoKOndhcm5pbmc6IENyb3dkc2VjIGlzIG5vdCBhIFdBRiBhbmQsIGFzIHN1Y2gsIGJ5cGFzcyB0byB0aG9zZSBzaWduYXR1cmVzIGFyZSBsaWtlbHkgOndhcm5pbmc6CgoKCgoK", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9hcGFjaGVfbG9nNGoyX2N2ZS0yMDIxLTQ0MjI4CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIxLTQ0MjI4IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAoCiAgICBhbnkoRmlsZSgibG9nNGoyX2N2ZV8yMDIxXzQ0MjI4LnR4dCIpLCB7IFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoIyl9KQogIG9yCiAgICBhbnkoRmlsZSgibG9nNGoyX2N2ZV8yMDIxXzQ0MjI4LnR4dCIpLCB7IFVwcGVyKGV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50KSBjb250YWlucyBVcHBlcigjKX0pCiAgb3IKICAgIGFueShGaWxlKCJsb2c0ajJfY3ZlXzIwMjFfNDQyMjgudHh0IiksIHsgVXBwZXIoZXZ0LlBhcnNlZC5odHRwX3JlZmVyZXIpIGNvbnRhaW5zIFVwcGVyKCMpfSkgIAogICkKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2xvZzRqMl9jdmVfMjAyMV80NDIyOC50eHQKICAgIGRlc3RfZmlsZTogbG9nNGoyX2N2ZV8yMDIxXzQ0MjI4LnR4dAogICAgdHlwZTogc3RyaW5nCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect cve-2021-44228 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/asterisk_bf": { "path": "scenarios/crowdsecurity/asterisk_bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ce783ad467c8ca271aa023c57ff56305ba2b5f15c7cb6a7ca2079225437eabc8", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlza19iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBhc3RlcmlzayB1c2VyIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2FzdGVyaXNrX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYXN0ZXJpc2sKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWU=", "description": "Detect asterisk user bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "asterisk", "type": "bruteforce" } }, "crowdsecurity/asterisk_user_enum": { "path": "scenarios/crowdsecurity/asterisk_user_enum.yaml", "version": "0.1", "versions": { "0.1": { "digest": "10fc279bfe68cfc577c4d6a4e76a4101579850556129e62dbebf2b8abaebc0c6", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlza191c2VyX2VudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgYXN0ZXJpc2sgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2FzdGVyaXNrX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGFzdGVyaXNrCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVl", "description": "Detect asterisk user enum bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "asterisk", "type": "bruteforce" } }, "crowdsecurity/ban-defcon-drop_range": { "path": "scenarios/crowdsecurity/ban-defcon-drop_range.yaml", "version": "0.2", "versions": { "0.1": { "digest": "da839847a4a67c1787ea5185e2b25e1e26710ac3b12e7c179a9bdda8a99b2009", "deprecated": false }, "0.2": { "digest": "e1068cba1ce38cc0c3b82b195e91b560e8675ae789c451bbef5c5b4aff1aff02", "deprecated": false } }, "long_description": "QmFucyBhIHJhbmdlIGlmIG1vcmUgdGhhbiA1IGlwcyBmcm9tIHNhaWQgcmFuZ2UgYXJlIGJhbm5lZC4KCkxlYWtzcGVlZCBvZiAxIG1pbnV0ZSwgY2FwYWNpdHkgb2YgNS4K", "content": "I1RBUCBJVCBUV0lDRSA6IGlmIG1vcmUgdGhhbiA1IHVuaXF1ZSBJUHMgb2YgYSByYW5nZSBhcmUgYmVpbmcgYmFubmVkLCBkcm9wIHRoZSByYW5nZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9iYW4tZGVmY29uLWRyb3BfcmFuZ2UKZGVzY3JpcHRpb246ICJCYW4gYSByYW5nZSBpZiBtb3JlIHRoYW4gNSBpcHMgZnJvbSBpdCBhcmUgYmFubmVkIGF0IGEgdGltZSIKI2l0J3MgYW4gb3ZlcmZsb3cgZnJvbSBhIHNjZW5hcmlvIHRoYXQgdHJpZ2dlcmVkIGEgcmVtZWRpYXRpb24gOykKZmlsdGVyOiAiZXZ0LkdldFR5cGUoKSA9PSAnb3ZlcmZsb3cnICYmIGV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpncm91cGJ5OiAiZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5SYW5nZSIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiByZW1lZGlhdGlvbjogdHJ1ZQpzY29wZToKIHR5cGU6IFJhbmdlCgo=", "description": "Ban a range if more than 5 ips from it are banned at a time", "author": "crowdsecurity", "labels": { "remediation": "true" } }, "crowdsecurity/cpanel-bf": { "path": "scenarios/crowdsecurity/cpanel-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "120b1820b330939330df55df5da536cbe0885c9df11a2a0986fe80197be68981", "deprecated": false }, "0.2": { "digest": "25d6094169ab75c028f7d35e0b5bacf9ecf24e46484826c95405966562a2db0c", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIGluIGNwYW5lbCBsb2dpbi4g", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9jcGFuZWwtYmYKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBvbiBjcGFuZWwgbG9naW4iCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX2JmX2xvZyciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICBzZXJ2aWNlOiBjcGFuZWwKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKCg==", "description": "Detect bruteforce on cpanel login", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "cpanel", "type": "bruteforce" } }, "crowdsecurity/cpanel-bf-attempt": { "path": "scenarios/crowdsecurity/cpanel-bf-attempt.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6b7b084a9a5ea68ade56b6bd171cfed65cc661b63b197a0f3cec2aef2fcdaeca", "deprecated": false } }, "long_description": "VHJpZ2dlciBhbGVydHMgd2hlbiB0aGlzIGxpbmUgaXMgbWF0Y2hlZDoKCmBgYGJhc2gKRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGJydXRlIGZvcmNlIGF0dGVtcHQgKHVzZXIgY3NjcGFuZWwpIGhhcyBsb2NrZWQgb3V0IElQIDEuMi4zLjQKYGBg", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2NwYW5lbC1iZi1hdHRlbXB0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJydXRlZm9yY2UgYXR0ZW1wdCBvbiBjcGFuZWwgbG9naW4iCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX2JmX2F0dGVtcHQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogY3BhbmVsCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVlCgo=", "description": "Detect bruteforce attempt on cpanel login", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "cpanel", "type": "bruteforce" } }, "crowdsecurity/dovecot-spam": { "path": "scenarios/crowdsecurity/dovecot-spam.yaml", "version": "0.3", "versions": { "0.1": { "digest": "fc1429f0c8d5b1ba20660ac0725fe0b52bb0382efa746e9bd962d80bdf7c9310", "deprecated": false }, "0.2": { "digest": "e3feff9a377f6b7e72a29910d6ebfee52436163767f876d21b41e2ae2e9618b2", "deprecated": false }, "0.3": { "digest": "c350f1a24a7ff5aed8902691a1bf67b08e963a013dffc3e2500c9db61ad6b62e", "deprecated": false } }, "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIGRvdmVjb3QgKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKLSBhbGxvd3MgZmFpbCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGV2ZXJ5IDYgbWludXRlcyB3aXRoIGEgYnVyc3Qgb2YgMwoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IGVycm9ycyBvbiBkb3ZlY290IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2RvdmVjb3RfbG9ncycgJiYgZXZ0Lk1ldGEuZG92ZWNvdF9sb2dpbl9yZXN1bHQgPT0gJ2F1dGhfZmFpbGVkJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAzCmxlYWtzcGVlZDogIjM2MHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", "description": "detect errors on dovecot", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "scan" } }, "crowdsecurity/endlessh-bf": { "path": "scenarios/crowdsecurity/endlessh-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2113a6f5e8e2d675581e93d4bcf546526d0bd22aaa35ecafdd041d95e3f3422d", "deprecated": false } }, "content": "IyBlbmRsZXNzaCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgU1NIIGJydXRlZm9yY2UgY2F1Z2h0IGJ5IEVuZGxlc3NoIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZW5kbGVzc2hfYWNjZXB0JyIKbGVha3NwZWVkOiAiNW0iCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDEyMG0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBlbmRsZXNzaAogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect SSH bruteforce caught by Endlessh", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "remediation": "true", "service": "endlessh", "type": "bruteforce" } }, "crowdsecurity/exchange-bf": { "path": "scenarios/crowdsecurity/exchange-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7900671abf67cdc000b2dd68d0da35a0960e07f4ac3505fdd4d78f929c29a238", "deprecated": false }, "0.2": { "digest": "8d67052a1fc4e5b48be549165ed6ea47aebaa154960166828fd8b114a6ba5bd0", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9leGNoYW5nZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBleGNoYW5nZSBicnV0ZWZvcmNlIChTTVRQLElNQVAsUE9QMykiCmZpbHRlcjogZXZ0Lk1ldGEuc2VydmljZSA9PSAnZXhjaGFuZ2UnICYmIGV2dC5NZXRhLnN1Yl90eXBlID09ICdhdXRoX2ZhaWwnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBleGNoYW5nZQogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect exchange bruteforce (SMTP,IMAP,POP3)", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "exchange", "type": "bruteforce" } }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "path": "scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml", "version": "0.1", "versions": { "0.1": { "digest": "04def871dad424adf0227232c8b22acab9938901a879dca070b58e2389039326", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIwLTU5MDIgZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKAogICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBtYXRjaGVzIFVwcGVyKCcvdG11aS9sb2dpbi5qc3AvLi47L3RtdWkvW14uXSsuanNwXFw/KGZpbGVOYW1lfGNvbW1hbmR8ZGlyZWN0b3J5UGF0aHx0YWJJZCk9JykKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJy90bXVpL2xvZ2luLmpzcC8lMkUlMkU7L3RtdWkvW14uXSsuanNwXFw/KGZpbGVOYW1lfGNvbW1hbmR8ZGlyZWN0b3J5UGF0aHx0YWJJZCk9JykKICAgICkKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect cve-2020-5902 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/fortinet-cve-2018-13379": { "path": "scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c966840446a481f46237df14963224a106cd15e8b7c72dc903de1ae098dbb58d", "deprecated": false }, "0.2": { "digest": "a7952444f7fc5d039bc415c5e56baa8243badd1bcc4013e8d8e52bc6c2e1a431", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2ZvcnRpbmV0LWN2ZS0yMDE4LTEzMzc5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDE4LTEzMzc5IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoJy9yZW1vdGUvZmd0X2xhbmc/bGFuZz0vLi4vLi4vLi4vLi4vLy8vLy8vLy8vZGV2L2NtZGIvc3NsdnBuX3dlYnNlc3Npb24nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect cve-2018-13379 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/grafana-cve-2021-43798": { "path": "scenarios/crowdsecurity/grafana-cve-2021-43798.yaml", "version": "0.1", "versions": { "0.1": { "digest": "38e2367afa09fce19313601b205c7ef60ff0dcda0d5a5fbfe162d391998727cf", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBDVkUtMjAyMS00Mzc5OAo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2dyYWZhbmEtY3ZlLTIwMjEtNDM3OTgKZGVzY3JpcHRpb246ICJEZXRlY3QgY3ZlLTIwMjEtNDM3OTggZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgbWF0Y2hlcyAnL1BVQkxJQy9QTFVHSU5TL1teL10rLy4uL1suL10rLycKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgJy9QVUJMSUMvUExVR0lOUy9bXi9dKy8lMkUlMkUvWyUyRS9dKy8nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect cve-2021-43798 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/home-assistant-bf": { "path": "scenarios/crowdsecurity/home-assistant-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7e155354a1558caba3896dc0af3ad311db2e4df90ea20d7809c288fd080b0356", "deprecated": false }, "0.2": { "digest": "fb78b93bb62bf525357967eb64cfbca6ca315cec23288bc4e7e2272a82381770", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIEhvbWUgYXNzaXN0YW50IGF1dGhlbnRpY2F0aW9ucy4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBob21lLWFzc2lzdGFudCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2hvbWUtYXNzaXN0YW50LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEhvbWUgQXNzaXN0YW50IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2hvbWUtYXNzaXN0YW50X2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGhvbWUtYXNzaXN0YW50CiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect Home Assistant bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "home-assistant", "type": "bruteforce" } }, "crowdsecurity/http-apiscp-bf": { "path": "scenarios/crowdsecurity/http-apiscp-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c0dec456fded0c14c7c48a918eb30e1ab35892581adb9263572cfa49fddc908e", "deprecated": false }, "0.2": { "digest": "f6f5ed461e46ff730a57ae5bc2ee9187cdca20d0d5e13114fed8e381e384528b", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIGFwaXNDUCBsb2dpbiBwYWdlICcvYXBwcy9sb2dpbicuCgpsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1Cg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWFwaXNjcC1iZgpkZXNjcmlwdGlvbjogImRldGVjdCBhcGlzQ1AgZGFzaGJvYXJkIGJydXRlZm9yY2UiCmRlYnVnOiBmYWxzZQojIHN1Y2Nlc3MgYXV0aCBvbiBhcGlzQ1AgcmV0dXJucyAzMDMKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0Lk1ldGEuaHR0cF9wYXRoIHN0YXJ0c1dpdGggJy9hcHBzL2xvZ2luJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICcyMDAnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "detect apisCP dashboard bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-backdoors-attempts": { "path": "scenarios/crowdsecurity/http-backdoors-attempts.yaml", "version": "0.3", "versions": { "0.1": { "digest": "2eaba549ef284a36349482aa803b201fa8dcbff0f4d1ab2c5127d6b29806bba1", "deprecated": false }, "0.2": { "digest": "388ec8c8f0679601bafa27fdf57fd414312bb2110bff56ef583bb505a1866d8b", "deprecated": false }, "0.3": { "digest": "9eab7252dba254defcc9f90f38874df9f4f323d75aca0c831b9c9567edf9c00f", "deprecated": false } }, "long_description": "RGV0ZWN0IGF0dGVtcHRzIHRvIGFjY2VzcyBjb21tb24gYmFja2Rvb3JzIHN1Y2ggYXMgYzk5LnBocCAuLi4KCiMjIENvbmZpZ3VyYXRpb24KClRoaXMgc2NlbmFyaW8gd2lsbCBiZSB0cmlnZ2VyIGlmIGFuIGF0dGFja2VyIHJlcXVlc3RzIGEgbWluaW11bSBvZiB0d28gZGlmZmVyZW50cyBmaWxlIG9mIFt0aGUgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFja2Rvb3JzLnR4dCkvCgpDb25maWd1cmF0aW9uOgoKYGRpc3RpbmN0YCA6IGBldnQuUGFyc2VkLnJlcXVlc3RgIChIVFRQIHJlcXVlc3QgVVJJKQoKYGxlYWtzcGVlZGAgOiA1IHNlY29uZGVzCgpgZ3JvdXBfYnlgIDogYGV2dC5NZXRhLnNvdXJjZV9pcGAKCgojIyMgRGF0YQoKVGhpcyBzY2VuYXJpbyB1c2UgdGhlIFtmb2xsb3dpbmcgbGlzdCBiYWNrZG9vcnMudHh0XShodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi9iYWNrZG9vcnMudHh0KSBmcm9tIFtkYW5pZWxtaWVzc2xlcl0oaHR0cHM6Ly9naXRodWIuY29tL2RhbmllbG1pZXNzbGVyL1NlY0xpc3RzKQ==", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBjb21tb24gYmFja2Rvb3JzIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiYmFja2Rvb3JzLnR4dCIpLCB7IGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQuZmlsZV9uYW1lCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi9iYWNrZG9vcnMudHh0CiAgICBkZXN0X2ZpbGU6IGJhY2tkb29ycy50eHQKICAgIHR5cGU6IHN0cmluZwpjYXBhY2l0eTogMQpsZWFrc3BlZWQ6IDVzCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICB0eXBlOiBkaXNjb3ZlcnkKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect attempt to common backdoors", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "discovery" } }, "crowdsecurity/http-bad-user-agent": { "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml", "version": "0.7", "versions": { "0.1": { "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08", "deprecated": false }, "0.2": { "digest": "524e2465c1bd817b4d54b37ccb4d2457eec1dad789e21690f51e43469545f426", "deprecated": false }, "0.3": { "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2", "deprecated": false }, "0.4": { "digest": "8dd16e9de043f47f026d2e3c1b53ad4bbc6dd8f8aac3adaf26a7f4bd2bb6e6fd", "deprecated": false }, "0.5": { "digest": "93af1e0f77f0ccc62fdb3bd783a777b091a55e21413fc9cb05ba141608f8942b", "deprecated": false }, "0.6": { "digest": "df3408e39840a2f7d11977d555985f93bc49e4b23a7e84e0e63ebe040c1e512d", "deprecated": false }, "0.7": { "digest": "51360ad64c9672e5d3ba9c1786e6fc380c8752871a977a5dddac0d08551aa66a", "deprecated": false } }, "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgUmVnZXhwSW5GaWxlKGV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50LCAiYmFkX3VzZXJfYWdlbnRzLnJlZ2V4LnR4dCIpJwpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFkX3VzZXJfYWdlbnRzLnJlZ2V4LnR4dAogICAgZGVzdF9maWxlOiBiYWRfdXNlcl9hZ2VudHMucmVnZXgudHh0CiAgICB0eXBlOiByZWdleHAKY2FwYWNpdHk6IDEKbGVha3NwZWVkOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect bad user-agents", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "scan" } }, "crowdsecurity/http-bf-wordpress_bf": { "path": "scenarios/crowdsecurity/http-bf-wordpress_bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "628d9988c1f2448f4ffa5a72fe8aec6e1c1eedd8c838447630cce653bf31cbd9", "deprecated": false }, "0.2": { "digest": "f4074942f2454ffeae226219e0807c63262413986a5b07fc939f4b0835e7bef2", "deprecated": false }, "0.3": { "digest": "b313b926ef3c42c125526c707a761efd02d14f1f6ce577ef602709228427f482", "deprecated": false }, "0.4": { "digest": "09f9a5e176da2971ddbdd07522fb64948500f867d78fc77167bcd494bce079a8", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBsb2dpbiBwYWdlICd3cC1sb2dpbi5waHAnLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogImRldGVjdCB3b3JkcHJlc3MgYnJ1dGVmb3JjZSIKZGVidWc6IGZhbHNlCiMgZmFpbGVkIGF1dGggb24gd3AtbG9naW4ucGhwIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd3cC1sb2dpbi5waHAnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCcgJiYgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzIwMCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "detect wordpress bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "path": "scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d4a3456d8fc2edb27b895967f79053f649b943f043763369d437d5c55591c402", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBBUEkgJ3htbHJwYy5waHAnLgoKKipXYXJuaW5nKio6IFNvbWUgcGx1Z2luIGhlYXZpbHkgcmVseSBvbiB0aGUgeG1scnBjLCBieSBlbmFibGluZyB0aGlzIHNjZW5hcmlvIHlvdSBjb3VsZCBibG9jayB5b3VyIG93biBzZXJ2ZXIuCkJlIHN1cmUgdG8gY2hlY2sgdGhlIHNvdXJjZSBvZiB0aGUgY2FsbHMgb24gdGhlIFhNTFJQQyBBUEkgYmVmb3JlIGVuYWJsaW5nIHRoaXMuCgpsZWFrc3BlZWQgb2YgMm0sIGNhcGFjaXR5IG9mIDUK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZl94bWxycGMKZGVzY3JpcHRpb246ICJkZXRlY3Qgd29yZHByZXNzIGJydXRlZm9yY2Ugb24geG1scnBjIgpkZWJ1ZzogZmFsc2UKIyBYTUxSUEMgYWx3YXlzIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd4bWxycGMucGhwJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAybQpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "detect wordpress bruteforce on xmlrpc", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-crawl-non_statics": { "path": "scenarios/crowdsecurity/http-crawl-non_statics.yaml", "version": "0.3", "versions": { "0.1": { "digest": "86265749b84641e86e7e8ea3c1df53a1cabd1e0e04b6f93853db5d0687913cc7", "deprecated": false }, "0.2": { "digest": "41fb957dfc8e2bb4ae76f2a64a5a25e169e5a0e7e53f42c432e84bec933657ca", "deprecated": false }, "0.3": { "digest": "f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c", "deprecated": false } }, "long_description": "RGV0ZWN0IGNyYXdsIChodHRwIEdFVC9IRUFEKSBvbiBub24tc3RhdGljIChqcGcsY3NzLGpzLGV0Yy4pIGh0dHAgcGFnZXMgZnJvbSBhIHNpbmdsZSBpcC4KCkxlYWtzcGVlZCBvZiAwLjVzLCBjYXBhY2l0eSBvZiA0MAo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWNyYXdsLW5vbl9zdGF0aWNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgY3Jhd2wgZnJvbSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZScgJiYgZXZ0LlBhcnNlZC52ZXJiIGluIFsnR0VUJywgJ0hFQUQnXSIKZGlzdGluY3Q6ICJldnQuUGFyc2VkLmZpbGVfbmFtZSIKbGVha3NwZWVkOiAwLjVzCmNhcGFjaXR5OiA0MAojZGVidWc6IHRydWUKI3RoaXMgbGltaXRzIHRoZSBtZW1vcnkgY2FjaGUgKGFuZCBldmVudF9zZXF1ZW5jZXMgaW4gb3V0cHV0KSB0byBmaXZlIGV2ZW50cwpjYWNoZV9zaXplOiA1Cmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAgKyAnLycgKyBldnQuUGFyc2VkLnRhcmdldF9mcWRuIgpibGFja2hvbGU6IDFtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IGNyYXdsCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect aggressive crawl from single ip", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "crawl" } }, "crowdsecurity/http-cve-2021-41773": { "path": "scenarios/crowdsecurity/http-cve-2021-41773.yaml", "version": "0.1", "versions": { "0.1": { "digest": "297eff27011c942a75937838e09c60c80f9dfdbfcb18b358b666777b4d1e89aa", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCmRlc2NyaXB0aW9uOiAiY3ZlLTIwMjEtNDE3NzMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8uJTJFLy4lMkUvIgogICAgICBvcgogICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lMkUlMkUvJTJFJTJFIikKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "cve-2021-41773", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "scan" } }, "crowdsecurity/http-cve-2021-42013": { "path": "scenarios/crowdsecurity/http-cve-2021-42013.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5f7e21b44bc4284dde1cde1610109a06a0c986777f48c2f00e08db9e2f156459", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKI3RoaXMgaXMgZ2V0dGluZyBmdW5ueSwgaXQncyB0aGUgdGhpcmQgcGF0Y2ggb24gdG9wIG9mIGN2ZS0yMDIxLTQxNzczCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUtMjAyMS00MjAxMwpkZXNjcmlwdGlvbjogImN2ZS0yMDIxLTQyMDEzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lJTMyJTY1JSUzMiU2NS8iCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IHNjYW4KICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "cve-2021-42013", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "scan" } }, "crowdsecurity/http-generic-bf": { "path": "scenarios/crowdsecurity/http-generic-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "aaaf0209fe77be79d8d61a50e73e5da6807e8f13eb7d9832e705553770f6d376", "deprecated": false }, "0.2": { "digest": "ea9e2e43794d162a6bb6a560b940b7a2c73e55436de6555a96ac2edfadbe5d8d", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGh0dHAgYmFzaWMgYXV0aC4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBodHRwIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBiZgogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgR2VuZXJpYyA0MDEgQXV0aG9yaXphdGlvbiBFcnJvcnMKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IExlUHJlc2lkZW50ZS9odHRwLWdlbmVyaWMtNDAxLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdlbmVyaWMgNDAxIEF1dGhvcml6YXRpb24gZXJyb3IgYnJ1dGUgZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCcgJiYgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwMSciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogYmYKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect generic http brute force", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bf" } }, "crowdsecurity/http-magento-bf": { "path": "scenarios/crowdsecurity/http-magento-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a77e4cb9a813ac8bad557138f3b20abaa67d8210768fcb350fb3efcc58c1dfc1", "deprecated": false }, "0.2": { "digest": "98091fa975da7753f9b52ae6e028f9fef0dc46cb93575533a5a04ba824cda8f0", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIE1hZ2VudG8gQWRtaW4gcGFnZS4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUKCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tYmYKZGVidWc6IGZhbHNlCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IE1hZ2VudG8gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ0FETUlOX0xPR0lOX0ZBSUxFRCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCiBhcHBsaWNhdGlvbjogbWFnZW50bwo=", "description": "detect Magento bruteforce", "author": "crowdsecurity", "labels": { "application": "magento", "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-magento-ccs": { "path": "scenarios/crowdsecurity/http-magento-ccs.yaml", "version": "0.2", "versions": { "0.1": { "digest": "bf2bc42b888e36b62144129dd2d61e7b1aac6a4d1926c3ebbfe8453d15c3f6f3", "deprecated": false }, "0.2": { "digest": "07dc5f21d5c4bcf6863c3ce57c4490a8a74c13d2c11ff32e73e419b768478468", "deprecated": false } }, "long_description": "RGV0ZWN0cyBjcmVkaXQgY2FyZCBzdHVmZmluZyBvbiBNYWdlbnRvIHdlYnNpdGUuCgpNb3JlIHRoYW4gMyBwYXltZW50cyBmYWlsZWQgZnJvbSBhIHNhbWUgSVAgaW4gbGVzcyB0aGFuIDMwIHNlY29uZGVzIHdpbGwgdHJpZ2dlciB0aGlzIHNjZW5hcmlvLgo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzCmRlYnVnOiBmYWxzZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjcmVkaXQgY2FyZCBzdHVmZmluZyBmcm9tIGEgc2luZ2xlIElQIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnUEFZTUVOVF9GQUlMRUQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDMKbGVha3NwZWVkOiAzMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQogYXBwbGljYXRpb246IG1hZ2VudG8K", "description": "Detect credit card stuffing from a single IP", "author": "crowdsecurity", "labels": { "application": "magento", "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-magento-ccs-by-as": { "path": "scenarios/crowdsecurity/http-magento-ccs-by-as.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6e585961ae092036eb9a506c311d331c3cbd59eccdf642cae86b424c39ad730a", "deprecated": false }, "0.2": { "digest": "f65c1ddfabf04040ce288ff53a5d63db45e0db5995d43c86bd868243e3d3c099", "deprecated": false } }, "long_description": "RGV0ZWN0cyBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBieSBBUyBvbiBNYWdlbnRvIHdlYnNpdGUuCgoKTW9yZSB0aGFuIDEwIHBheW1lbnRzIGZhaWxlZCBpbiB0aGUgc2FtZSBBUyBpbiBsZXNzIHRoYW4gMzBzZWNvbmRlcyB3aWxsIHRyaWdnZXIgdGhpcyBzY2VuYXJpby4K", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWFzCmRlYnVnOiBmYWxzZQpkZXNjcmlwdGlvbjogIkRldGVjdCBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBmcm9tIHNhbWUgQVMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdQQVlNRU5UX0ZBSUxFRCcgYW5kIGV2dC5NZXRhLkFTTk51bWJlciAhPSAnJyAiCmdyb3VwYnk6IGV2dC5NZXRhLkFTTk51bWJlcgpkaXN0aW5jdDogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAxMApsZWFrc3BlZWQ6IDMwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCiBhcHBsaWNhdGlvbjogbWFnZW50bwo=", "description": "Detect distributed credit card stuffing from same AS", "author": "crowdsecurity", "labels": { "application": "magento", "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-magento-ccs-by-country": { "path": "scenarios/crowdsecurity/http-magento-ccs-by-country.yaml", "version": "0.2", "versions": { "0.1": { "digest": "be8ae3f56024ef1be29104fa72a84e0178b2330f2e873b170cef782b1d3d6bc0", "deprecated": false }, "0.2": { "digest": "fa29d5fb5f1f420753717485319e5c85fe39c977b5525ccc895a7b24f15a598c", "deprecated": false } }, "long_description": "RGV0ZWN0cyBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBieSBjb3VudHJ5IG9uIE1hZ2VudG8gd2Vic2l0ZS4KCk1vcmUgdGhhbiAxMCBwYXltZW50cyBmYWlsZWQgaW4gdGhlIHNhbWUgY291bnRyeSBpbiBsZXNzIHRoYW4gMzBzZWNvbmRlcyB3aWxsIHRyaWdnZXIgdGhpcyBzY2VuYXJpby4KCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWNvdW50cnkKZGVidWc6IGZhbHNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGRpc3RyaWJ1dGVkIGNyZWRpdCBjYXJkIHN0dWZmaW5nIGZyb20gc2FtZSBjb3VudHJ5IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnUEFZTUVOVF9GQUlMRUQnIGFuZCBldnQuTWV0YS5Jc29Db2RlICE9ICcnICIKZ3JvdXBieTogZXZ0Lk1ldGEuSXNvQ29kZQpkaXN0aW5jdDogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAxMApsZWFrc3BlZWQ6IDMwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCiBhcHBsaWNhdGlvbjogbWFnZW50bwo=", "description": "Detect distributed credit card stuffing from same country", "author": "crowdsecurity", "labels": { "application": "magento", "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-open-proxy": { "path": "scenarios/crowdsecurity/http-open-proxy.yaml", "version": "0.3", "versions": { "0.1": { "digest": "994b9d17d915f47f4ee5f10b2d8b9b7c72b5c93e64f75f3dc1313bf3b5c2613f", "deprecated": false }, "0.2": { "digest": "1c3b55ed813bbac8f8c0d9067d0ae3b7d6fe6b1d437d57ac4c3288c1f38b5ea2", "deprecated": false }, "0.3": { "digest": "e6629c2cdb8f06a1f10561079d926ae42b8d90f680541bb30355714675f0412a", "deprecated": false } }, "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW55IElQIG1ha2luZyBhIGBDT05ORUNUYCBIVFRQIHJlcXVlc3Qgd2hpY2ggcmV0dXJucyBhIDQwMCBzdGF0dXMgY29kZS4KVGhpcyBpcyBhIHRyaWdnZXIgYnVja2V0LCBzbyBvbmx5IG9uZSByZXF1ZXN0IGlzIGVub3VnaCB0byB0cmlnZ2VyIHRoZSBzY2VuYXJpby4=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtb3Blbi1wcm94eQpkZXNjcmlwdGlvbjogIkRldGVjdCBzY2FuIGZvciBvcGVuIHByb3h5IgojYXBhY2hlIHJldHVybnMgNDA1LCBuZ2lueCA0MDAKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDAnLCc0MDUnXSAmJiAoZXZ0LlBhcnNlZC52ZXJiID09ICdDT05ORUNUJyB8fCBldnQuUGFyc2VkLnJlcXVlc3QgbWF0Y2hlcyAnXmh0dHBbc10/Oi8vJykiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect scan for open proxy", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-path-traversal-probing": { "path": "scenarios/crowdsecurity/http-path-traversal-probing.yaml", "version": "0.2", "versions": { "0.1": { "digest": "3f00b0aa00448549a0a9635fdd86d8135503078c7087c1f5e4af11d49e7c2ee1", "deprecated": false }, "0.2": { "digest": "b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499", "deprecated": false } }, "long_description": "VGhlIGh0dHAgcGF0aCB0cmF2ZXJzYWwgcHJvYmluZyBzY2VuYXJpbyBhaW1zIGF0IGRldGVjdGluZywgd2l0aCB2ZXJ5IGxpdHRsZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLCBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nIGF0dGVtcHRzLgoKUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHMgd2lsbCBiZSBkZXRlY3RlZCB3aXRoIHRoZSBwcmVzZW5jZSBvZiBzcGVjaWZpYyBwYXRoIG1hbmlwdWxhdGlvbiBwYXR0ZXJucyBpbiB0aGUgVVJJIG9yIHRoZSBgR0VUYCBwYXJhbWV0ZXIgc3VjaCBhcyBgLi4vYCAsIGAlMkZldGMlMkZwYXNzd2RgIC4uLgoKOndhcm5pbmc6IFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4=", "content": "IyBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtcGF0aC10cmF2ZXJzYWwtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBwYXRoIHRyYXZlcnNhbCBhdHRlbXB0IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCdodHRwX3BhdGhfdHJhdmVyc2FsLnR4dCcpLHtldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgI30pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvcGF0aF90cmF2ZXJzYWwudHh0CiAgICBkZXN0X2ZpbGU6IGh0dHBfcGF0aF90cmF2ZXJzYWwudHh0CiAgICB0eXBlOiBzdHJpbmcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6ICJldnQuTWV0YS5odHRwX3BhdGgiCmNhcGFjaXR5OiAzCnJlcHJvY2VzczogdHJ1ZQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDJtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect path traversal attempt", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-probing": { "path": "scenarios/crowdsecurity/http-probing.yaml", "version": "0.2", "versions": { "0.1": { "digest": "580a3bcbb3756b8da7717c88708305791f39ef17c1e5c3041a1dd54b7293f57a", "deprecated": false }, "0.2": { "digest": "c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25", "deprecated": false } }, "long_description": "VGFrZSByZW1lZGlhdGlvbiBhZ2FpbnN0IGEgc2luZ2xlIElQIHRoYXQgcmVxdWlyZXMgbXVsdGlwbGUgZGlmZmVyZW50IChodHRwIHBhdGgpIHBhZ2VzIHRoYXQgZW5kIHVwIGluIDQwNC80MDMvNDAwLgoKTGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMTAuCg==", "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgc2l0ZSBzY2FubmluZy9wcm9iaW5nIGZyb20gYSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMycsICc0MDAnXSAmJiBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArICcvJyArIGV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMTAKcmVwcm9jZXNzOiB0cnVlCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect site scanning/probing from a single ip", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/http-sensitive-files": { "path": "scenarios/crowdsecurity/http-sensitive-files.yaml", "version": "0.2", "versions": { "0.1": { "digest": "9ed53c09709b6e9f11b52e204c8155e9a6b9db9de25686c6b1909a9c59740c5f", "deprecated": false }, "0.2": { "digest": "3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555", "deprecated": false } }, "long_description": "IyBIVFRQIFNlbnNpdGl2ZSBmaWxlcwoKRGV0ZWN0IHRlbnRhdGl2ZSBvZiBkYW5nZXJvdXMgZmlsZSBzY2FubmluZyBzdWNoIGFzIGxvZ3MgZmlsZSwgZGF0YWJhc2UgYmFja3VwLCB6aXAgYXJjaGl2ZSBldGMgLi4uCgojIyMgUnVsZQpNb3JlIHRoYW4gMyBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzIGluIFt0aGlzIGxpc3RdKGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NlbnNpdGl2ZV9kYXRhLnR4dCk=", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzICgubG9nLCAuZGIgLi4pIG9yIGZvbGRlcnMgKC5naXQpIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgic2Vuc2l0aXZlX2RhdGEudHh0IiksIHsgZXZ0LlBhcnNlZC5yZXF1ZXN0IGVuZHNXaXRoICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQucmVxdWVzdApkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc2Vuc2l0aXZlX2RhdGEudHh0CiAgICBkZXN0X2ZpbGU6IHNlbnNpdGl2ZV9kYXRhLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiA0CmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "discovery" } }, "crowdsecurity/http-sqli-probing": { "path": "scenarios/crowdsecurity/http-sqli-probing.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f3388a2016f9a7fc48a31a357b21c8e65093b8031fc7b120ee2f020de16be246", "deprecated": false }, "0.2": { "digest": "87683f8a569090e52fbcc6ca2ffe139658950d6a05f9d611fd13e90ab875cdb1", "deprecated": false } }, "long_description": "VGhlIGh0dHAgc3FsaSBwcm9iaW5nIHNjZW5hcmlvIGFpbXMgYXQgZGV0ZWN0aW5nLCB3aXRoIHZlcnkgbGl0dGxlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMsIFNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cy4KClNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFNRTC1yZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQpIGlzIHBpY2tlZCBzcGVjaWZpY2FsbHkgdG8gbGltaXQgZmFsc2UgcG9zaXRpdmVzLgpGdXJ0aGVybW9yZSwgYSBgZGlzdGluY3RgIGRpcmVjdGl2ZSBpcyBwcmVzZW50IG9uIHRoZSBnZXQgcGFyYW1ldGVycyB0aGVtc2VsdmVzIHRvIHJlZHVjZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLgoKWW91IGNhbiB0ZXN0IHRoZSBiZWhhdmlvciBvZiB0aGUgc2NlbmFyaW8gYnkgbGF1bmNoaW5nIHRoZSBleGNlbGxlbnQgW3NxbG1hcF0oaHR0cHM6Ly9zcWxtYXAub3JnKSBvbiBvbmUgb2YgeW91ciBwYWdlcy4KCioqV0FSTklORyoqIFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYsIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEEgbW90aXZhdGVkIGF0dGFja2VyIHdpdGgga25vd2xlZGdlIG9mIGNyb3dkc2VjIHdpbGwgYmUgYWJsZSB0byBieXBhc3MgaXQuIEl0IGlzIG1vc3RseSBtZWFudCB0byBiZSBhIHdheSB0byBkZXRlY3QgZ2VuZXJpYyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgc3VjaCBhcyBwZXJmb3JtZWQgYnkgb3Blbi1zb3VyY2Ugb3IgY29tbWVyY2lhbCBzY2FubmVycy4KCg==", "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iYmluZy1kZXRlY3Rpb24KZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHNxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICB0eXBlOiBzdHJpbmcKZGVzY3JpcHRpb246ICJBIHNjZW5hcmlvIHRoYXQgZGV0ZWN0cyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgd2l0aCBtaW5pbWFsIGZhbHNlIHBvc2l0aXZlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBhbnkoRmlsZSgnc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDEwCmxlYWtzcGVlZDogMXMKYmxhY2tob2xlOiA1bQojbG93IGZhbHNlIHBvc2l0aXZlcyBhcHByb2FjaCA6IHdlIHJlcXVpcmUgZGlzdGluY3QgcGF5bG9hZHMgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IHNxbGlfcHJvYmluZwogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "A scenario that detects SQL injection probing with minimal false positives", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "sqli_probing" } }, "crowdsecurity/http-wordpress_user-enum": { "path": "scenarios/crowdsecurity/http-wordpress_user-enum.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b3d23b71ecb4434773e907675a1c117a97acaeeb18a9d57062bded417f18b646", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwcm9iaW5nIHRvIGVudW1lcmF0ZSB3b3JkcHJlc3MgYXV0aG9ycyA6IGAvP2F1dGhvcj1YWGAKCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUKCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc191c2VyLWVudW0KZGVzY3JpcHRpb246ICJkZXRlY3Qgd29yZHByZXNzIHByb2JpbmcgOiBhdXRob3JzIGVudW1lcmF0aW9uIgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgVXBwZXIoZXZ0LlBhcnNlZC5odHRwX2FyZ3MpIGNvbnRhaW5zICdBVVRIT1I9JyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "detect wordpress probing : authors enumeration", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-wordpress_wpconfig": { "path": "scenarios/crowdsecurity/http-wordpress_wpconfig.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ff3876c1f9828052ba633264920100aa49402ab3e41a9cb73d28853d248a6d98", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwcm9iaW5nIHRvIGZpbmQgYWx0ZXJuYXRlIHdwLWNvbmZpZyBmaWxlLCBzdWNoIGFzIGRvbmUgYnkgd3BzY2FuLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc193cGNvbmZpZwpkZXNjcmlwdGlvbjogImRldGVjdCB3b3JkcHJlc3MgcHJvYmluZyA6IHZhcmlhdGlvbnMgYXJvdW5kIHdwLWNvbmZpZy5waHAgYnkgd3BzY2FuIgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3dwLWNvbmZpZy5waHAnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5QYXJzZWQuZmlsZV9uYW1lCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "detect wordpress probing : variations around wp-config.php by wpscan", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bruteforce" } }, "crowdsecurity/http-xss-probing": { "path": "scenarios/crowdsecurity/http-xss-probing.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8d6f0d6f9dc48f8f5ad561a2cdb315e499539b3575f259e0d6cf5850ef1efc9e", "deprecated": false }, "0.2": { "digest": "1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076", "deprecated": false } }, "long_description": "VGhlIGh0dHAgWFNTIHByb2Jpbmcgc2NlbmFyaW8gYWltcyBhdCBkZXRlY3RpbmcsIHdpdGggdmVyeSBsaXR0bGUgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcywgWFNTIHByb2JpbmcgYXR0ZW1wdHMuCgpYU1MgcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFhTUyByZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIveHNzX3Byb2JlX3BhdHRlcm5zLnR4dCkgaXMgcGlja2VkIHNwZWNpZmljYWxseSB0byBsaW1pdCBmYWxzZSBwb3NpdGl2ZXMuCkZ1cnRoZXJtb3JlLCBhIGBkaXN0aW5jdGAgZGlyZWN0aXZlIGlzIHByZXNlbnQgb24gdGhlIGdldCBwYXJhbWV0ZXJzIHRoZW1zZWx2ZXMgdG8gcmVkdWNlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMuCgoKKipXQVJOSU5HKiogVGhpcyBzY2VuYXJpbyBpcyBfbm90XyBhIFdBRiwgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4gQSBtb3RpdmF0ZWQgYXR0YWNrZXIgd2l0aCBrbm93bGVkZ2Ugb2YgY3Jvd2RzZWMgd2lsbCBiZSBhYmxlIHRvIGJ5cGFzcyBpdC4gSXQgaXMgbW9zdGx5IG1lYW50IHRvIGJlIGEgd2F5IHRvIGRldGVjdCBnZW5lcmljIFhTUyBwcm9iaW5nLgo=", "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JiaW5nCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi94c3NfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHhzc19wcm9iZV9wYXR0ZXJucy50eHQKICAgIHR5cGU6IHN0cmluZwpkZXNjcmlwdGlvbjogIkEgc2NlbmFyaW8gdGhhdCBkZXRlY3RzIFhTUyBwcm9iaW5nIHdpdGggbWluaW1hbCBmYWxzZSBwb3NpdGl2ZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgYW55KEZpbGUoJ3hzc19wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxcwpibGFja2hvbGU6IDVtCiNsb3cgZmFsc2UgcG9zaXRpdmVzIGFwcHJvYWNoIDogd2UgcmVxdWlyZSBkaXN0aW5jdCBwYXlsb2FkcyB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgdHlwZTogeHNzX3Byb2JpbmcKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "A scenario that detects XSS probing with minimal false positives", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "xss_probing" } }, "crowdsecurity/iptables-scan-multi_ports": { "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml", "version": "0.1", "versions": { "0.1": { "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUKCg==", "description": "ban IPs that are scanning us", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "tcp", "type": "scan" } }, "crowdsecurity/jira_cve-2021-26086": { "path": "scenarios/crowdsecurity/jira_cve-2021-26086.yaml", "version": "0.1", "versions": { "0.1": { "digest": "1c3631aaa5818cb3af51e6ca6d4fe270eeb362d1ea0dd3fa19c735f3671253d5", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9qaXJhX2N2ZS0yMDIxLTI2MDg2CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEF0bGFzc2lhbiBKaXJhIENWRS0yMDIxLTI2MDg2IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiamlyYV9jdmVfMjAyMS0yNjA4Ni50eHQiKSwge1VwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoIyl9KQpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvamlyYV9jdmVfMjAyMS0yNjA4Ni50eHQKICAgIGRlc3RfZmlsZTogamlyYV9jdmVfMjAyMS0yNjA4Ni50eHQKICAgIHR5cGU6IHN0cmluZwpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Atlassian Jira CVE-2021-26086 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/litespeed-admin-bf": { "path": "scenarios/crowdsecurity/litespeed-admin-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cf7a11ef6d75de569bdd3e0d62a805a7793102e57911a1a6256327da64aed692", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGxpdGVzcGVlZCBhZG1pbiBVSS4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtYWRtaW4tYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBhZ2FpbnN0IGxpdGVzcGVlZCBhZG1pbiBVSSIKZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEuc3ViX3R5cGUgPT0gJ2xpdGVzcGVlZF9hZG1pbl9hdXRoX2ZhaWwnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDFtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IGJmCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect bruteforce against litespeed admin UI", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "bf" } }, "crowdsecurity/mariadb-bf": { "path": "scenarios/crowdsecurity/mariadb-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c6daa770b5ac5f153e6b5bc0c2eb8e50f90373e1802bea40724ebe6037a15ab4", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIG1hcmlhZGIgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQo=", "content": "IyBtYXJpYWRiIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBtYXJpYWRiIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21hcmlhZGJfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogbWFyaWFkYgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect mariadb bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "mariadb", "type": "bruteforce" } }, "crowdsecurity/modsecurity": { "path": "scenarios/crowdsecurity/modsecurity.yaml", "version": "0.4", "versions": { "0.1": { "digest": "447c63986f53a743d08fc16677d7f5427ed4b7efca6a0d73c47991d83582e0d0", "deprecated": false }, "0.2": { "digest": "45c2a35d4ee071e66197aa2381b0c066a18d17fe6b8aee7b0e83efb21512cdbc", "deprecated": false }, "0.3": { "digest": "91e21cd506aa43e1895be93fa3e93dbad64403edafe9ae1e87f2519689ec3f66", "deprecated": false }, "0.4": { "digest": "2e2f2591a614514acf033702c5588335136050925f88f36fb9da0bc129f30039", "deprecated": false } }, "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW4gSVAgdGhhdCB0cmlnZ2VyIGEgbW9kc2VjdXJpdHkgcnVsZSB3aXRoIGEgYENSSVRJQ0FMYCBzZXZlcml0eS4K", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIldlYiBleHBsb2l0YXRpb24gdmlhIG1vZHNlY3VyaXR5IgojbW9kc2VjIGZvciBuZ2lueCBvbmx5IGxvZ3MgdGhlIG51bWVyaWNhbCB2YWx1ZSBvZiB0aGUgc2V2ZXJpdHkKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnbW9kc2VjdXJpdHknICYmIChldnQuUGFyc2VkLnJ1bGVzZXZlcml0eSA9PSAnQ1JJVElDQUwnIHx8IGV2dC5QYXJzZWQucnVsZXNldmVyaXR5ID09ICcyJykKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogd2ViX2F0dGFjawogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNjb3BlOiBpcAo=", "description": "Web exploitation via modsecurity", "author": "crowdsecurity", "labels": { "remediation": "true", "scope": "ip", "service": "http", "type": "web_attack" } }, "crowdsecurity/mssql-bf": { "path": "scenarios/crowdsecurity/mssql-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "be8f99681f224e5176015815d11bf01b0e0012ceb24bbb264786f503d9146d81", "deprecated": false } }, "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L21zc3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1zc3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21zc3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IG1zc3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect mssql bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "mssql", "type": "bruteforce" } }, "crowdsecurity/mysql-bf": { "path": "scenarios/crowdsecurity/mysql-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3783ff9de7b6d19697ee121314b20b21b8c765b279a9caacc70d3c75f4ebd455", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIG15c3FsIGF1dGhlbnRpY2F0aW9ucy4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG15c3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ215c3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IG15c3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect mysql bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "mysql", "type": "bruteforce" } }, "crowdsecurity/naxsi-exploit-vpatch": { "path": "scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml", "version": "0.1", "versions": { "0.1": { "digest": "908ceeb2d7f5607a114a872847df34662e4c80ed07338a55f125a56985f0d095", "deprecated": false } }, "long_description": "RGV0ZWN0cyBuYXhzaSBibG9ja2VkIHJlcXVlc3RzIG9uIGN1c3RvbSAoPjk5OTkpIHJ1bGVzLgoKVHJpZ2dlcnMgb24gZmlyc3QgcmVxdWVzdC4K", "content": "IyBuYXhzaSB2cGF0Y2ggcnVsZXMgZGV0ZWN0aW9uCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9uYXhzaS1leHBsb2l0LXZwYXRjaAojIGlkIGlzIGJpZ2dlciB0aGFuIDlrLCBjdXN0b20gcnVsZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdXN0b20gYmxhY2tsaXN0IHRyaWdnZXJlZCBpbiBuYXhzaSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3dhZl9uYXhzaS1sb2cnICYmIGxlbihldnQuUGFyc2VkLm5heHNpX2lkKSA+IDQiCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect custom blacklist triggered in naxsi", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "http", "type": "scan" } }, "crowdsecurity/nextcloud-bf": { "path": "scenarios/crowdsecurity/nextcloud-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4a6b24a95d286e48aec8eb59fa5fc17686a724be3c7860df538a7eafdb613f97", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIFtOZXh0Y2xvdWRdKGh0dHBzOi8vbmV4dGNsb3VkLmNvbSkgaW5zdGFuY2UuCgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCg==", "content": "LS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvbmV4dGNsb3VkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IE5leHRjbG91ZCBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ25leHRjbG91ZF9mYWlsZWRfYXV0aCcsICduZXh0Y2xvdWRfYnJ1dGVmb3JjZV9hdHRlbXB0J10iCmxlYWtzcGVlZDogIjFtIgpjYXBhY2l0eTogNQojIGlmIHdlIGhhdmUgYnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGVuYWJsZWQgaW4gbmV4dGNsb3VkLCB0aGUgc2FtZSBsb2dpbiBhdHRlbXB0CiMgY2FuIGxvZyAjIGJvdGggbG9naW4gZmFpbHVyZSBhbmQgYnJ1dGVmb3JjZSBhdHRlbXB0IGF0IHRoZSBzYW1lIHRpbWUsIHNvCiMga2VlcCB0aGVtIGluIHNlcGVyYXRlIGJ1Y2tldHMKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwICsgJy0tJyArIGV2dC5NZXRhLmxvZ190eXBlCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBuZXh0Y2xvdWQKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvbmV4dGNsb3VkLWJmX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBOZXh0Y2xvdWQgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICduZXh0Y2xvdWRfZmFpbGVkX2F1dGgnIgpsZWFrc3BlZWQ6ICIxbSIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpibGFja2hvbGU6IDVtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogbmV4dGNsb3VkCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Nextcloud bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "nextcloud", "type": "bruteforce" } }, "crowdsecurity/nginx-req-limit-exceeded": { "path": "scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7e6fa2b7386d763b570025b3144c8790f68463f7c5739d8f527c9f80f15c15ce", "deprecated": false } }, "long_description": "RGV0ZWN0cyBJUHMgd2hpY2ggdmlvbGF0ZSBuZ2lueCdzIHVzZXIgc2V0IHJlcXVlc3QgbGltaXQuCgpJUCBpcyBiYW5uZWQgaWYgaXQgdmlvbGF0ZXMgbmdpbngncyB1c2VyIHNldCByZXF1ZXN0IGxpbWl0IG1vcmUgdGhhbiA1IHRpbWVzIGluIGEgbWludXRlLg==", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtcmVxLWxpbWl0LWV4Y2VlZGVkCmRlc2NyaXB0aW9uOiAiRGV0ZWN0cyBJUHMgd2hpY2ggdmlvbGF0ZSBuZ2lueCdzIHVzZXIgc2V0IHJlcXVlc3QgbGltaXQuIgpmaWx0ZXI6IGV2dC5NZXRhLnN1Yl90eXBlID09ICdyZXFfbGltaXRfZXhjZWVkZWQnCmxlYWtzcGVlZDogIjYwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogbmdpbngKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detects IPs which violate nginx's user set request limit.", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "nginx", "type": "bruteforce" } }, "crowdsecurity/odoo-bf_user-enum": { "path": "scenarios/crowdsecurity/odoo-bf_user-enum.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ece8333dbfb283c4b696c2963ede3636175306d65151a26bbb2ecdcd19455e53", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBvZG9vIGF1dGhlbnRpY2F0aW9ucyBhbmQgdXNlciBlbnVtOgoKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBmcm9tIHNhbWUgSVAKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2Vy", "content": "IyBPZG9vIHdlYiBhdXRoIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvb2Rvby1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9kb28gd2ViIGludGVyZmFjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb2Rvb19mYWlsZWRfYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBvZG9vCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBPZG9vIHdlYiBhdXRoIHVzZXJfZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L29kb29fdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9kb28gdXNlciBlbnVtIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdvZG9vX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBvZG9vCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect bruteforce on odoo web interface", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "odoo", "type": "bruteforce" } }, "crowdsecurity/opnsense-gui-bf": { "path": "scenarios/crowdsecurity/opnsense-gui-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "15f0d4f03f1e18a8cd5d95467a13e86ebfd717354f53ba02b4d165e6537965bf", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIHBvcnRhbCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKRGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIHRoZSBPUE5TZW5zZSB3ZWIgcG9ydGFsIDoKIC0gbW9yZSB0aGFuIDUgYXR0ZW1wdHMKIC0gMTAgc2Vjb25kcyBiZXR3ZWVuIGVhY2gKCgo=", "content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLXdlYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBvcG5zZW5zZS1ndWktYXV0aAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect bruteforce on opnsense web interface", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "opnsense-gui-auth", "type": "bruteforce" } }, "crowdsecurity/pgsql-bf": { "path": "scenarios/crowdsecurity/pgsql-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d2b7d3aa914ba9204f320e15301207c0fb5ea54aae57481bcbcd410cd81629bd", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIHBvc3RncmVzcWwgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQo=", "content": "IyBwZ3NxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3Bnc3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFBnU1FMIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3Bnc3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHBnc3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect PgSQL bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "pgsql", "type": "bruteforce" } }, "crowdsecurity/postfix-spam": { "path": "scenarios/crowdsecurity/postfix-spam.yaml", "version": "0.2", "versions": { "0.1": { "digest": "03876677d3fe37bdc9ad584cb015e3f0b648266450b2b494a40e1863d5a64d8a", "deprecated": false }, "0.2": { "digest": "b36d95dc5ba9cb45c8cbb1a3d37bd19d929ed387f3d7ec386b4e9e041d0bbd8e", "deprecated": false } }, "long_description": "Q29udGFpbnMgbXVsdGlwbGUgc2NlbmFyaW9zOgoKLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbTogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdCAobGVha3NwZWVkIG9mIDEwcyB3aXRoIGEgY2FwYWNpdHkgb2YgNSkKLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tcmJsOiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0IChjYXBhY2l0eSBvZiAwKQoK", "content": "IyBwb3N0Zml4IHNwYW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlX2VuaCA9PSAnc3BhbS1hdHRlbXB0JyB8fCBldnQuTWV0YS5sb2dfdHlwZSA9PSAncG9zdGZpeCcgJiYgZXZ0Lk1ldGEuYWN0aW9uID09ICdyZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKIHNlcnZpY2U6IHBvc3RmaXgKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHBvc3RmaXggc3BhbQp0eXBlOiB0cmlnZ2VyCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdHNjcmVlbi1yYmwKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ3Bvc3RzY3JlZW4nICYmIGV2dC5NZXRhLnByZWdyZWV0ID09ICdQUkVHUkVFVCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1NwYW1taW5nCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogZmFsc2UKbGFiZWxzOgogc2VydmljZTogcG9zdHNjcmVlbgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCg==", "description": "Detect spammers", "author": "crowdsecurity", "references": [ "https://en.wikipedia.org/wiki/Spamming" ], "labels": { "remediation": "true", "service": "postfix", "type": "bruteforce" } }, "crowdsecurity/proftpd-bf": { "path": "scenarios/crowdsecurity/proftpd-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f241fba9f1ffeb3cdf376bb7cfee0ecf804ba5d8709cfb5defbc973a11c751a5", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwcm9mdHBkIGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXI=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHByb2Z0cGQgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2Z0cF9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IGZ0cAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCg==", "description": "Detect proftpd bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "ftp", "type": "bruteforce" } }, "crowdsecurity/proftpd-bf_user-enum": { "path": "scenarios/crowdsecurity/proftpd-bf_user-enum.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7e3b3f8d050805afce54785fe1e9eba40a6a040faf9e19e8ba40d466c3b14814", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBwcm9mdHBkIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBmdHAKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl", "description": "Detect proftpd user enum bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "ftp", "type": "bruteforce" } }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "path": "scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml", "version": "0.2", "versions": { "0.1": { "digest": "bab1d5aa6ee0f6677d73c70438324006f4ed0780de90891a8586030319dc1d08", "deprecated": false }, "0.2": { "digest": "9226dd76fd3e818b3a6d4a1770437e1a41a2014e082cde2a788244b50fb83889", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3B1bHNlLXNlY3VyZS1zc2x2cG4tY3ZlLTIwMTktMTE1MTAKZGVzY3JpcHRpb246ICJEZXRlY3QgY3ZlLTIwMTktMTE1MTAgZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgbWF0Y2hlcyBVcHBlcignL2RhbmEtbmEvLi4vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvLi4vLi4vLi4vLi4vLi4vLi4vLi4vW14/XStcXD8vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvJykKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJy9kYW5hLW5hLyUyRSUyRS9kYW5hL2h0bWw1YWNjL2d1YWNhbW9sZS8lMkUlMkUvJTJFJTJFLyUyRSUyRS8lMkUlMkUvJTJFJTJFLyUyRSUyRS8lMkUlMkUvW14/XStcXD8vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvJykpCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect cve-2019-11510 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/smb-bf": { "path": "scenarios/crowdsecurity/smb-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ee7fea38f0a67bde1aae3979cf0579da03da5adf4e69826f12a82c74b812e9d6", "deprecated": false } }, "long_description": "dHJhY2tzIGZhaWxlZCBzYW1iYSBhdXRoZW50aWNhdGlvbnMuCg==", "content": "IyBzbWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NtYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbWIgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc21iX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHNtYgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=", "description": "Detect smb bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "smb", "type": "bruteforce" } }, "crowdsecurity/spring4shell_cve-2022-22965": { "path": "scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b16993a7d1fe816230f0fef23e11736019a67a7fa64c5a5cc25e15589764cdcf", "deprecated": false }, "0.2": { "digest": "4e03166936f61abd0711167960b06bff7dbffb37b0642ab2a6cba6eb9da9ee98", "deprecated": false } }, "long_description": "RGV0ZWN0IHByb2JpbmcgZm9yIGN2ZS0yMDIyLTIyOTY1IGFrYSAnc3ByaW5nNHNoZWxsJy4KCkFzIHVzdWFsLCBzbWFydCBhdHRhY2tlcnMgbWlnaHQgYnlwYXNzIHRoZSBzaWduYXR1cmUuIFRoZSBwYXR0ZXJuIGl0c2VsZiBpcyBpbnNwaXJlZCBieSA6CiAtIFtTcHJpbmcgRnJhbWV3b3JrIFJDRSAoQ1ZFLTIwMjItMjI5NjUpIE5tYXAgKE5TRSkgQ2hlY2tlcl0oaHR0cHM6Ly9naXRodWIuY29tL2FsdDNreC9DVkUtMjAyMi0yMjk2NSkKIC0gW1JhbmRvcmldKGh0dHBzOi8vdHdpdHRlci5jb20vUmFuZG9yaUF0dGFjay9zdGF0dXMvMTUwOTI5ODQ5MDEwNjU5MzI4MykKIC0gW1phcCBEZXRlY3Rpb25dKGh0dHBzOi8vd3d3LnphcHJveHkub3JnL2Jsb2cvMjAyMi0wNC0wNC1zcHJpbmc0c2hlbGwtZGV0ZWN0aW9uLXdpdGgtemFwLykKCg==", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3NwcmluZzRzaGVsbF9jdmUtMjAyMi0yMjk2NQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdmUtMjAyMi0yMjk2NSBwcm9iaW5nIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgJ0NMQVNTLk1PRFVMRS5DTEFTU0xPQURFUi4nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect cve-2022-22965 probing", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/ssh-bf": { "path": "scenarios/crowdsecurity/ssh-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==", "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHNzaAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBzc2gKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=", "description": "Detect ssh bruteforce", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "remediation": "true", "service": "ssh", "type": "bruteforce" } }, "crowdsecurity/ssh-slow-bf": { "path": "scenarios/crowdsecurity/ssh-slow-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "1b910bf7af59dab8dfbba8a735aafb3e4871d1237b29d56f53d7c0eece0381cf", "deprecated": false }, "0.2": { "digest": "48665e6f7f4f0af7a47c7e81b0550c86f111e79c0a80d90290e560846beb4008", "deprecated": false } }, "long_description": "RGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwIG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCiAK", "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogc3NoCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBzc2ggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoLXNsb3ctYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiA2MHMKY2FwYWNpdHk6IDEwCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogc3NoCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQoK", "description": "Detect slow ssh bruteforce", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "remediation": "true", "service": "ssh", "type": "bruteforce" } }, "crowdsecurity/suricata-alerts": { "path": "scenarios/crowdsecurity/suricata-alerts.yaml", "version": "0.3", "versions": { "0.1": { "digest": "dca94f89e6df928e3d8924f9e1a012bf9c20bb9f8370c6e2c588d93da4e02e27", "deprecated": false }, "0.2": { "digest": "5ac0f4c98c5b01ac2114ecc41a27be942201f687ad242b00e73c571ef6ac98d3", "deprecated": false }, "0.3": { "digest": "ccef8952af2cb7931773dfee72eb8f7f65c476b7c5d4c8b5bfd3553b301992ac", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgc2NlbmFyaW9zCgpBdXRvbWF0aWNhbGx5IHJlYWN0IHRvIGhpZ2ggc2V2ZXJpdHkgYWxlcnRzIGdlbmVyYXRlZCBieSB5b3VyIFN1cmljYXRhIDoKIC0gdHJpZ2dlciBiYW4gb24gKk1ham9yKiAoc2V2ZXJpdHk6MSkgcnVsZXMKIC0gdHJpZ2dlciBiYW4gb24gPjIgKipkaXN0aW5jdCoqIHJ1bGVzIG9mIHNldmVyaXR5IDIKCgo=", "content": "IyBmb3IgbWF4ICgxKSBwcmlvcml0eSA6IGtpbGwgb24gc2lnaHQKdHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLW1ham9yLXNldmVyaXR5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXQgYXR0ZW1wdHMgdmlhIGVtZXJnaW5nIHRocmVhdCBydWxlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3N1cmljYXRhX2FsZXJ0JyAmJiBldnQuUGFyc2VkLnByb3RvID09ICdUQ1AnICYmIGV2dC5NZXRhLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkgPT0gJzEnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogc3VyaWNhdGEKIHR5cGU6IGV4cGxvaXQKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIGZvciBsb3dlciAoMikgcHJpb3JpdHkgOiB3YWl0IGZvciA+PTMgZGlmZmVyZW50IHNpZ25hdHVyZXMgYmVpbmcgdHJpZ2dlcmVkCiMgd2UgaW50ZW50aW9uYWxseSBhdm9pZCBzY2VuYXJpb3Mgb24gcHJpb3JpdHkgMyBhbmQgc3VjaCB0aGF0IGFyZSB0b28gc2Vuc2l0aXZlIHRvIGZhbHNlIHBvc2l0aXZlcwp0eXBlOiBsZWFreQpjYXBhY2l0eTogMgpsZWFrc3BlZWQ6IDIwcwpkaXN0aW5jdDogZXZ0Lk1ldGEuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX2lkCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtaGlnaC1tZWRpdW0tc2V2ZXJpdHkKZGVzY3JpcHRpb246ICJEZXRlY3QgZXhwbG9pdCBhdHRlbXB0cyB2aWEgZW1lcmdpbmcgdGhyZWF0IHJ1bGVzIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnc3VyaWNhdGFfYWxlcnQnICYmIGV2dC5QYXJzZWQucHJvdG8gPT0gJ1RDUCcgJiYgZXZ0Lk1ldGEuc3VyaWNhdGFfcnVsZV9zZXZlcml0eSA9PSAnMiciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBzdXJpY2F0YQogdHlwZTogZXhwbG9pdAo=", "description": "Detect exploit attempts via emerging threat rules", "author": "crowdsecurity", "references": [ "http://rules.emergingthreats.net/" ], "labels": { "remediation": "true", "service": "suricata", "type": "exploit" } }, "crowdsecurity/synology-dsm-bf": { "path": "scenarios/crowdsecurity/synology-dsm-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "8d70f3ab754d69ce9c10fb668bf3fb6bf9f02dca26e577c6c8b0c10731b0c442", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IFN5bm9sb2d5IERTTSBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3N5bm9sb2d5LWRzbS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBTeW5vbG9neSBEU00gd2ViIGF1dGggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3N5bm9sb2d5LWRzbV9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHN5bm9sb2d5LWRzbQogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Synology DSM web auth bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "synology-dsm", "type": "bruteforce" } }, "crowdsecurity/telnet-bf": { "path": "scenarios/crowdsecurity/telnet-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "fd1769c247b352916a0400c33668b315a6d7a0ab8e672f339b00d9de2df71229", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IFRlbG5ldCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxuZXQtYmYKZGVzY3JpcHRpb246ICJkZXRlY3QgdGVsbmV0IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RlbG5ldF9uZXdfc2Vzc2lvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0ZWxuZXQKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl", "description": "detect telnet bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "telnet", "type": "bruteforce" } }, "crowdsecurity/thehive-bf": { "path": "scenarios/crowdsecurity/thehive-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6a8e5ab92bdc2087dffb2702d9990a7c974654ce88db63a3b7f4a40b3af75790", "deprecated": false }, "0.2": { "digest": "a082bd5622ebf06280de10cdd126699b8d53f8ca002085e4113d3ea174597e9a", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBUaGVoaXZlIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgZnJvbSBzYW1lIElQ", "content": "dHlwZTogbGVha3kKZGVidWc6IGZhbHNlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIFRoZWhpdmUgd2ViIGludGVyZmFjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAndGhlaGl2ZV9mYWlsZWRfYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0aGVoaXZlCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect bruteforce on Thehive web interface", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "thehive", "type": "bruteforce" } }, "crowdsecurity/thinkphp-cve-2018-20062": { "path": "scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml", "version": "0.3", "versions": { "0.1": { "digest": "bf76bbd0e78be17642a4ea0d8c080ae72b43075fa74ba77990aac602285c1857", "deprecated": false }, "0.2": { "digest": "abb7a26fc4cd630c545738b3cf43d36439526eec9c5a25668f434c1cf9f0320b", "deprecated": false }, "0.3": { "digest": "1cc85df2f1e642e83ec20e0197777795b82ff076842c6b169a8a7b1e4687de3a", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS90aGlua3BocC1jdmUtMjAxOC0yMDA2MgpkZXNjcmlwdGlvbjogIkRldGVjdCBUaGlua1BIUCBDVkUtMjAxOC0yMDA2MiBleHBsb2l0YXRpb24gYXR0ZW1wcyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSBhbmQgYW55KEZpbGUoInRoaW5rcGhwX2N2ZV8yMDE4LTIwMDYyLnR4dCIpLCB7VXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBtYXRjaGVzIFVwcGVyKCMpfSkKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3RoaW5rcGhwX2N2ZV8yMDE4LTIwMDYyLnR4dAogICAgZGVzdF9maWxlOiB0aGlua3BocF9jdmVfMjAxOC0yMDA2Mi50eHQKICAgIHR5cGU6IHN0cmluZwpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect ThinkPHP CVE-2018-20062 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/vmware-cve-2022-22954": { "path": "scenarios/crowdsecurity/vmware-cve-2022-22954.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a5d994d73edec1ea334d09cd057193163a32527797f9556774f167bda1593616", "deprecated": false }, "0.2": { "digest": "d26a37b84b843dba6a0266d54f754438b875fa8bc62de6ddd7d9d2d5d1eba07c", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBWbXdhcmUgQ1ZFLTIwMjItMjI5NTQKClJlZjogaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwKUG9jOiBodHRwczovL2dpdGh1Yi5jb20vc2hlcmxvY2tzZWN1cml0eS9WTXdhcmUtQ1ZFLTIwMjItMjI5NTQ=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3Ztd2FyZS1jdmUtMjAyMi0yMjk1NApkZXNjcmlwdGlvbjogIkRldGVjdCBWbXdhcmUgQ1ZFLTIwMjItMjI5NTQgZXhwbG9pdGF0aW9uIGF0dGVtcHRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIFVwcGVyKFF1ZXJ5VW5lc2NhcGUoZXZ0Lk1ldGEuaHR0cF9wYXRoKSkgc3RhcnRzV2l0aCBVcHBlcignL2NhdGFsb2ctcG9ydGFsL3VpL29hdXRoL3ZlcmlmeT9lcnJvcj0mZGV2aWNlVWRpZD0keyJmcmVlbWFya2VyLnRlbXBsYXRlLnV0aWxpdHkuRXhlY3V0ZSI/bmV3KCkoJykKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Vmware CVE-2022-22954 exploitation attempts", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/vmware-vcenter-vmsa-2021-0027": { "path": "scenarios/crowdsecurity/vmware-vcenter-vmsa-2021-0027.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4d497542fa056c82b0089b7849ce686544b8ae9775f6dffddd6ac5074ec5964b", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBWTVNBLTIwMjEtMDAyNwoKUmVmOiBodHRwczovL3d3dy52bXdhcmUuY29tL3NlY3VyaXR5L2Fkdmlzb3JpZXMvVk1TQS0yMDIxLTAwMjcuaHRtbAo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3Ztd2FyZS12Y2VudGVyLXZtc2EtMjAyMS0wMDI3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFZNU0EtMjAyMS0wMDI3IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBtYXRjaGVzICcvdWkvdmNhdi1ib290c3RyYXAvcmVzdC92Y2F2LXByb3ZpZGVycy9wcm92aWRlci1sb2dvXFw/dXJsPShmaWxlfGh0dHApJwpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect VMSA-2021-0027 exploitation attemps", "author": "crowdsecurity", "labels": { "remediation": "true", "type": "exploit" } }, "crowdsecurity/vsftpd-bf": { "path": "scenarios/crowdsecurity/vsftpd-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IEZUUCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdnNmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEZUUCBicnV0ZWZvcmNlICh2c2Z0cGQpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogZnRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect FTP bruteforce (vsftpd)", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "ftp", "type": "bruteforce" } }, "crowdsecurity/windows-CVE-2022-30190-msdt": { "path": "scenarios/crowdsecurity/windows-CVE-2022-30190-msdt.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6cac369ca1553245cf9a837275492822387a43a0a4f138560dfdda208def1103", "deprecated": false } }, "long_description": "VGhpcyBzY2VuYXJpbyBkZXRlY3RzIHNvbWUgYXR0ZW1wdHMgYXQgZXhwbG9pdGluZyBbQ1ZFLTIwMjItMzAxOTBdKGh0dHBzOi8vbXNyYy1ibG9nLm1pY3Jvc29mdC5jb20vMjAyMi8wNS8zMC9ndWlkYW5jZS1mb3ItY3ZlLTIwMjItMzAxOTAtbWljcm9zb2Z0LXN1cHBvcnQtZGlhZ25vc3RpYy10b29sLXZ1bG5lcmFiaWxpdHkvKSBvbiBXaW5kb3dzLgoKSXQgZG9lcyBzbyBieSBwYXJzaW5nIHN5c21vbiBsb2dzLCBtb3JlIHNwZWNpZmljYWxseSB0aGUgb25lIHdpdGggZXZlbnQgSUQgMSAocHJvY2VzcyBjcmVhdGlvbikuCgpUaGlzIG1lYW5zIHRoYXQgeW91IG5lZWQgYSB3b3JraW5nIHN5c21vbiBpbnN0YWxsYXRpb24gdG8gYmUgYWJsZSB0byB1c2UgdGhpcyBzY2VuYXJpby4g", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTMwMTkwLW1zZHQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItMzAxOTAgZnJvbSBzeXNtb24gZXZlbnRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5zZXJ2aWNlID09ICdzeXNtb24nICYmIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMScgJiYgCiAgVXBwZXIoZXZ0LlBhcnNlZC5JbWFnZSkgZW5kc1dpdGggJ01TRFQuRVhFJyAmJiAKICBVcHBlcihldnQuUGFyc2VkLlBhcmVudEltYWdlKSBlbmRzV2l0aCAnV0lOV09SRC5FWEUnICYmCiAgKFVwcGVyKGV2dC5QYXJzZWQuQ29tbWFuZExpbmUpIGNvbnRhaW5zICdQQ1dESUFHTk9TVElDJyAmJiBVcHBlcihldnQuUGFyc2VkLkNvbW1hbmRMaW5lKSBjb250YWlucyAnSVRfUkVCUk9XU0VGT1JGSUxFJyAmJiBVcHBlcihldnQuUGFyc2VkLkNvbW1hbmRMaW5lKSBjb250YWlucyAnSVRfQlJPV1NFRk9SRklMRScpCmxhYmVsczoKIHR5cGU6IHJjZQogbm90aWZpY2F0aW9uOiB0cnVlCiBvczogd2luZG93cwpzY29wZToKICB0eXBlOiB1c2VyX2FjY291bnQKICBleHByZXNzaW9uOiBldnQuUGFyc2VkLlVzZXIK", "description": "Detect CVE-2022-30190 from sysmon events", "author": "crowdsecurity", "labels": { "notification": "true", "os": "windows", "type": "rce" } }, "crowdsecurity/windows-bf": { "path": "scenarios/crowdsecurity/windows-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "8bab4995597e6a72e87131cd681ed6023c90cc805c3ee824bfbce1725e67fdd8", "deprecated": false } }, "long_description": "RGV0ZWN0cyBCRiBhZ2FpbnN0IHNlcnZpY2VzIHVzaW5nIHdpbmRvd3MgYXV0aGVudGljYXRpb24gKFJEUCwgU01CLCBPV0EsIC4uLikuCgpCdWNrZXRzIGhhdmUgYSBjYXBhY2l0eSBvZiA1IGFuZCBhIGxlYWtzcGVlZCBvZiAxMHMu", "content": "IyB3aW5kb3dzIGF1dGggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgd2luZG93cyBhdXRoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd3aW5kb3dzX2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogd2luZG93cwogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect windows auth bruteforce", "author": "crowdsecurity", "labels": { "remediation": "true", "service": "windows", "type": "bruteforce" } }, "firewallservices/lemonldap-ng-bf": { "path": "scenarios/firewallservices/lemonldap-ng-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "92ffa388cc0c79431a9014d6a384a84e7571d5e3445ff60d29792eb5d36307da", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBMZW1vbmxkYXA6Ok5HIGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMzBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDJtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBMZW1vbmxkYXA6Ok5HIGJydXRmb3JjZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9sZW1vbmxkYXAtbmctYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgTGVtb25sZGFwOjpORyBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2xsbmcnIGFuZCBldnQuTWV0YS5sb2dfdHlwZSA9PSAnbGxuZ19hdXRoX2ZhaWwnCmxlYWtzcGVlZDogMzBzCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogbGxuZwogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBMZW1vbmxkYXA6Ok5HIHVzZXIgZW51bWVyYXRpb24KdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGZpcmV3YWxsc2VydmljZXMvbGVtb25sZGFwLW5nLXVzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBMZW1vbmxkYXA6Ok5HIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2xsbmcnIGFuZCBldnQuTWV0YS5sb2dfdHlwZSA9PSAnbGxuZ19hdXRoX2ZhaWwnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDJtCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGxsbmcKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKCg==", "description": "Detect Lemonldap::NG bruteforce", "author": "firewallservices", "labels": { "remediation": "true", "service": "llng", "type": "bruteforce" } }, "firewallservices/pf-scan-multi_ports": { "path": "scenarios/firewallservices/pf-scan-multi_ports.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d650a9e64532d14a46dcf5bfc952b0a0eb1825efdb07a179069d9c7f8f185d78", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3BmX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "ban IPs that are scanning us", "author": "firewallservices", "labels": { "remediation": "true", "service": "tcp", "type": "scan" } }, "firewallservices/zimbra-bf": { "path": "scenarios/firewallservices/zimbra-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "20cd0d65ecb94e81c785bbc8117d3cf12333bf0b32f600d14949be7ce21f3a4c", "deprecated": false } }, "long_description": "RGV0ZWN0IHZhcmlvdXMgYXV0aGVudGljYXRpb24gZmFpbHVyZXMgb24gWmltYnJhCi0gT24gdGhlIHdlYiBsb2dpbiBwYWdlCi0gT24gdGhlIFNNVFAgc2VydmVyIChTTVRQUyBhbmQgU1VCTUlTU0lPTikKLSBPbiB0aGUgSU1BUCBzZXJ2ZXIKClRoaXMgc2NlbmFyaW8gdXNlcyB0d28gbGVha3kgYnVja2V0czoKLSBsZWFrc3BlZWQgb2YgMzBzLCBjYXBhY2l0eSBvZiA1IChwZXIgY2xpZW50IElQKQotIGxlYWtzcGVlZCBvZiAybSwgY2FwYWNpdHkgb2YgNSwgb24gdW5pcSB0YXJnZXQgdXNlciAocGVyIGNsaWVudCBJUCkK", "content": "IyBaaW1icmEgYnJ1dGZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBmaXJld2FsbHNlcnZpY2VzL3ppbWJyYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBaaW1icmEgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnemltYnJhX2F1dGhfZmFpbCcKbGVha3NwZWVkOiAzMHMKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiB6aW1icmEKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgWmltYnJhIHVzZXIgZW51bWVyYXRpb24KdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGZpcmV3YWxsc2VydmljZXMvemltYnJhLXVzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBaaW1icmEgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3ppbWJyYV9hdXRoX2ZhaWwnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDJtCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IHppbWJyYQogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQoK", "description": "Detect Zimbra bruteforce", "author": "firewallservices", "labels": { "remediation": "true", "service": "zimbra", "type": "bruteforce" } }, "fulljackz/proxmox-bf": { "path": "scenarios/fulljackz/proxmox-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0e9371bccf18fdd2195b68c9506182d0958ef4e8a31289d34106fda4b58ccd17", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwcm94bW94IGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBQcm94bW94IGF1dGhlbnQgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBmdWxsamFja3ovcHJveG1veC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBwcm94bW94IGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwdmVfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBwdmVkYWVtb24KIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIFByb3htb3ggYmFkIHVzZXIKdHlwZTogbGVha3kKbmFtZTogZnVsbGphY2t6L3Byb3htb3gtYmYtdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHByb3htb3ggd3JvbmcgdXNlcm5hbWUiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwdmVfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEuc291cmNlX3VzZXIKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogcHZlZGFlbW9uCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect proxmox bruteforce", "author": "fulljackz", "labels": { "remediation": "true", "service": "pvedaemon", "type": "bruteforce" } }, "fulljackz/pureftpd-bf": { "path": "scenarios/fulljackz/pureftpd-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b3d2ff52ddeff8e7bc547565b7d797c7420f4f5dc4cd00181f4a2be28dd56be7", "deprecated": false } }, "content": "IyBQdXJlZnRwZCBhdXRoZW50IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogZnVsbGphY2t6L3B1cmVmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHB1cmVmdHBkIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwZnRwZF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6ICdwdXJlZnRwZCcKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect pureftpd bruteforce", "author": "fulljackz", "labels": { "remediation": "true", "service": "pureftpd", "type": "bruteforce" } }, "hitech95/mail-generic-bf": { "path": "scenarios/hitech95/mail-generic-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f4dd689cd76dbad62fc1188d106ee58d67e9637398e25f1ee6c4dd56039491c1", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGVtYWlsIChTTVRQLCBJTUFQLCBQT1ApIGF1dGguCgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgaXAKIC0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgMyBvbiBzYW1lIHRhcmdldCB1c2VyCg==", "content": "IyBHbG9iYWwgYnJvdXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGhpdGVjaDk1L2VtYWlsLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBlbWFpbCBicnV0ZSBmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21haWxfYXV0aCcgJiYgZXZ0Lk1ldGEuc3ViX3R5cGUgPT0gJ2F1dGhfZmFpbCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogZW1haWwKIHR5cGU6IGJmCiByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBQZXIgdXNlciBicm91dGVmb3JjZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogaGl0ZWNoOTUvZW1haWwtdXNlci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzcGVjaWZpYyB1c2VyIGVtYWlsIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbWFpbF9hdXRoJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VybmFtZQpjYXBhY2l0eTogMwpsZWFrc3BlZWQ6ICIzMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogZW1haWwKIHR5cGU6IGJmCiByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect generic email brute force", "author": "hitech95", "labels": { "remediation": "true", "service": "email", "type": "bf" } }, "jusabatier/apereo-cas-bf": { "path": "scenarios/jusabatier/apereo-cas-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d1bf29f3d7bbf0a7bee0a9e0dddc953c9f0cad2ac4f5d6dcefe7d8ae3dc833a6", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBDQVMgYXV0aGVudGljYXRpb25zIDoKCiogbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiogbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBjYXMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgQ0FTIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9jYXMtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBjYXMKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIGNhcyB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZToganVzYWJhdGllci9hcGVyZW8tY2FzLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBDQVMgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2Nhc19mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKIHNlcnZpY2U6IGNhcwogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", "description": "Detect CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "remediation": "true", "service": "cas", "type": "bruteforce" } }, "jusabatier/apereo-cas-slow-bf": { "path": "scenarios/jusabatier/apereo-cas-slow-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4bcde74a3f00abede206b5821669531c8ebfbf80b79530414050bfd3ccbfc6f9", "deprecated": false } }, "long_description": "RGV0ZWN0IHNsb3cgQ0FTIGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIDoKCiogbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgb24gc2FtZSB0YXJnZXQgdXNlcgoqIGxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBDQVMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2Nhcy1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgQ0FTIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9jYXMtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogY2FzCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBjYXMgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGp1c2FiYXRpZXIvY2FzLXNsb3ctYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgQ0FTIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiA2MHMKY2FwYWNpdHk6IDEwCmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogY2FzCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect slow CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "remediation": "true", "service": "cas", "type": "bruteforce" } }, "jusabatier/cas-slow-bf": { "path": "scenarios/jusabatier/cas-slow-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6279c83e01b94e7d87271e16118d6b06be9662873c941884a12038fa7adc76c1", "deprecated": false } }, "content": "IyBDQVMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtc2xvdy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbG93IENBUyBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnY2FzX2ZhaWxlZC1hdXRoJyIKbGVha3NwZWVkOiAiNjBzIgpyZWZlcmVuY2VzOgogIC0gaHR0cDovL3dpa2lwZWRpYS5jb20vY2FzLWJmLWlzLWJhZApjYXBhY2l0eTogMTAKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IGNhcwogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgY2FzIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtc2xvdy1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc2xvdyBDQVMgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2Nhc19mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDYwcwpjYXBhY2l0eTogMTAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBjYXMKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect slow CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "remediation": "true", "service": "cas", "type": "bruteforce" } }, "lourys/pterodactyl-wings-bf": { "path": "scenarios/lourys/pterodactyl-wings-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "05da99b5df02bed22d6627edd06897404a53ed13f9033b79cdf7b9cc21538cbe", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwdGVyb2RhY3R5bCB3aW5ncyBhdXRoZW50aWNhdGlvbnM6CgpJbnZhbGlkIGZvcm1hdDoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAxIG9uIHNhbWUgdGFyZ2V0IHVzZXIKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAxIHVuaXF1ZSBkaXN0aW5jdCB1c2VycwoKSW52YWxpZCB1c2VybmFtZS9wYXNzd29yZDoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAz", "content": "IyMjIyMjIyMjIyMjIyMjIyMjIyMKIyMgSW52YWxpZCBmb3JtYXQgIyMKIyMjIyMjIyMjIyMjIyMjIyMjIyMKdHlwZTogbGVha3kKbmFtZTogbG91cnlzL3B0ZXJvZGFjdHlsLXdpbmdzLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGludmFsaWRfZm9ybWF0IHNzaCBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAncHRlcm9kYWN0bHlfd2luZ3NfaW52YWxpZF9mb3JtYXQnIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiAxCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDE1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZTogcHRlcm9kYWN0eWwKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBsb3VyeXMvcHRlcm9kYWN0eWwtd2luZ3MtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgaW52YWxpZF9mb3JtYXQgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdwdGVyb2RhY3RseV93aW5nc19pbnZhbGlkX2Zvcm1hdCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDE1cwpjYXBhY2l0eTogMQpibGFja2hvbGU6IDE1bQpsYWJlbHM6CiBzZXJ2aWNlOiBwdGVyb2RhY3R5bAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyMgSW52YWxpZCB1c2VybmFtZS9wYXNzd29yZCAjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBsb3VyeXMvcHRlcm9kYWN0eWwtd2luZ3MtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgaW52YWxpZF91c2VybmFtZV9vcl9wYXNzd29yZCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAncHRlcm9kYWN0bHlfd2luZ3NfaW52YWxpZF91c2VybmFtZV9vcl9wYXNzd29yZCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogcHRlcm9kYWN0eWwKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=", "description": "Detect invalid_format ssh bruteforce", "author": "lourys", "labels": { "remediation": "true", "service": "pterodactyl", "type": "bruteforce" } }, "ltsich/http-w00tw00t": { "path": "scenarios/ltsich/http-w00tw00t.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f0cba1520658a1016e9d1952473fa9e78175deef2117d2b921e7d994a6e7a549", "deprecated": false } }, "long_description": "dHJpZ2dlciBzY2VuYXJpbyB0byBkZXRlY3QgdzAwdHcwMHQgcGF0dGVybiB1c2VkIGJ5IGh0dHAgdnVsbmVyYWJpbGl0eSBzY2FubmVyLCBzZWUgW3RoaXMgcmVzc291cmNlXShodHRwczovL2lzYy5zYW5zLmVkdS9mb3J1bXMvZGlhcnkvdzAwdHcwMHQvOTAwLykKCj4gQ29udHJpYnV0ZWQgYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", "content": "I2NvbnRyaWJ1dGVkIGJ5IGx0c2ljaAp0eXBlOiB0cmlnZ2VyCm5hbWU6IGx0c2ljaC9odHRwLXcwMHR3MDB0CmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHcwMHR3MDB0IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3cwMHR3MDB0LmF0LklTQy5TQU5TLkRGaW5kJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", "description": "detect w00tw00t", "author": "ltsich", "labels": { "remediation": "true", "service": "http", "type": "scan" } }, "mstilkerich/bind9-refused": { "path": "scenarios/mstilkerich/bind9-refused.yaml", "version": "0.1", "versions": { "0.1": { "digest": "16ff798ce0bde3b31c91eed4d3b022b70ccbe723579ab80ac889880058a50d20", "deprecated": false } }, "long_description": "RGV0ZWN0IEFYRlIgcmVxdWVzdHMgYW5kIEROUyBxdWVyaWVzIHJlamVjdGVkIGJ5IGJpbmQ5IHNlY3VyaXR5IHBvbGljeToKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAK", "content": "dHlwZTogbGVha3kKbmFtZTogbXN0aWxrZXJpY2gvYmluZDktcmVmdXNlZApkZXNjcmlwdGlvbjogIkFjdCBvbiBxdWVyaWVzIC8gem9uZSB0cmFuc2ZlcnMgZGVuaWVkIGJ5IGJpbmQ5IHBvbGljeSIKZGVidWc6IGZhbHNlCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdiaW5kOV9kZW5pZWQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYmluZDkKICB0eXBlOiBzY2FuCiAgIyByZW1lZGlhdGlvbiBsYWJlbCwgaWYgc2V0IHRvIHRydWUgaW5kaWNhdGUgSVAgc2hvdWxkIGJlIGJhbm5lZAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Act on queries / zone transfers denied by bind9 policy", "author": "mstilkerich", "labels": { "remediation": "true", "service": "bind9", "type": "scan" } }, "schiz0phr3ne/prowlarr-bf": { "path": "scenarios/schiz0phr3ne/prowlarr-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "feac3b8dda8d9841c36edd56c9e4504d4be3f3cf6027e67c00fb8f2f6b6784ee", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBQcm93bGFyciBhdXRoZW50aWNhdGlvbnM6CgotIGxlYWtzcGVlZCBvZiAxNXMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCi0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBQcm93bGFyciBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHNjaGl6MHBocjNuZS9wcm93bGFyci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBQcm93bGFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3Byb3dsYXJyX2ZhaWxlZF9hdXRoZW50aWNhdGlvbiddIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogcHJvd2xhcnIKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgUHJvd2xhcnIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogc2NoaXowcGhyM25lL3Byb3dsYXJyLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBQcm93bGFyciB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydwcm93bGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBwcm93bGFycgogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZSAK", "description": "Detect Prowlarr bruteforce", "author": "schiz0phr3ne", "labels": { "remediation": "true", "service": "prowlarr", "type": "bruteforce" } }, "schiz0phr3ne/radarr-bf": { "path": "scenarios/schiz0phr3ne/radarr-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "e4917c28697b2e60f6324f0daa7c844154a852ba7db95080575fb428a1596786", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBSYWRhcnIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiAzMHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBSYWRhcnIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBzY2hpejBwaHIzbmUvcmFkYXJyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFJhZGFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3JhZGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMTVzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHJhZGFycgogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBSYWRhcnIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogc2NoaXowcGhyM25lL3JhZGFyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgUmFkYXJyIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3JhZGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiByYWRhcnIKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUgCg==", "description": "Detect Radarr bruteforce", "author": "schiz0phr3ne", "labels": { "remediation": "true", "service": "radarr", "type": "bruteforce" } }, "schiz0phr3ne/sonarr-bf": { "path": "scenarios/schiz0phr3ne/sonarr-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "110d81a708fdb4d201495e61619d2d36acb24d8e8b8a6e55e2210517618aaff1", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBTb25hcnIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiAzMHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBTb25hcnIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBzY2hpejBwaHIzbmUvc29uYXJyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFNvbmFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3NvbmFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMTVzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNvbmFycgogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBTb25hcnIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogc2NoaXowcGhyM25lL3NvbmFyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgU29uYXJyIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3NvbmFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzb25hcnIKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUgCg==", "description": "Detect Sonarr bruteforce", "author": "schiz0phr3ne", "labels": { "remediation": "true", "service": "sonarr", "type": "bruteforce" } }, "thespad/sshesame-honeypot": { "path": "scenarios/thespad/sshesame-honeypot.yaml", "version": "0.2", "versions": { "0.1": { "digest": "0818e9e2be666b4e6315050b7fa96f82dc47b6010c07704370738875842c160b", "deprecated": false }, "0.2": { "digest": "a6120c94b2390d7deea3b79407e37870e084fed11d08bd7434162ce6f84257a5", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBzY2VuYXJpb3MKClNjZW5hcmlvcyBmb3IgW3NzaGVzYW1lXShodHRwczovL2dpdGh1Yi5jb20vamFrc2kvc3NoZXNhbWUvKSBob25leXBvdCBsb2dzLgoKIyMgU2NlbmFyaW8gc2V0dXAKCiogQWxsIGxvZ2luIGV2ZW50czogbGVha3NwZWVkIG9mIDMwbSwgY2FwYWNpdHkgb2YgMwoqIEFueSBjb21tYW5kcyBzZW50IGJ5IGNsaWVudHMgYXMgcGFydCBvZiBhIGNvbm5lY3Rpb24gYXR0ZW1wdCB3aWxsIGltbWVkaWF0ZWx5IG92ZXJmbG93Cg==", "content": "IyBzc2hlc2FtZSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRoZXNwYWQvc3NoZXNhbWUtYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoZXNhbWUgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaGVzYW1lX2xvZ2luJyIKbGVha3NwZWVkOiAiMzBtIgpjYXBhY2l0eTogMwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogc3NoZXNhbWUKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgc3NoZXNhbWUgY29tbWFuZHMKdHlwZTogdHJpZ2dlcgpuYW1lOiB0aGVzcGFkL3NzaGVzYW1lLWNtZApkZXNjcmlwdGlvbjogIkRldGVjdCBzc2hlc2FtZSBjb21tYW5kcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaGVzYW1lX2NtZCciCmNhcGFjaXR5OiAwCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2hlc2FtZQogIHR5cGU6IGNvbW1hbmQKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBzc2hlc2FtZSBpbnB1dAp0eXBlOiBsZWFreQpuYW1lOiB0aGVzcGFkL3NzaGVzYW1lLWlucHV0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNzaGVzYW1lIGlucHV0IHNwYW0iCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hlc2FtZV9pbnB1dCciCmxlYWtzcGVlZDogIjVtIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogc3NoZXNhbWUKICB0eXBlOiBpbnB1dAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect sshesame bruteforce", "author": "thespad", "labels": { "remediation": "true", "service": "sshesame", "type": "bruteforce" } }, "timokoessler/gitlab-bf": { "path": "scenarios/timokoessler/gitlab-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c41f3f4003eeb331fa35aa2ace0e861a674992efdb5a26c5f9d447db40a67eca", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBHaXRMYWIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiA0MHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBnaXRsYWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiB0aW1va29lc3NsZXIvZ2l0bGFiLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdpdGxhYiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2dpdGxhYl9mYWlsZWRfcGFzc3dvcmQnLCAnZ2l0bGFiX2ZhaWxlZF90b3RwJ10iCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBnaXRsYWIKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgZ2l0bGFiIHVzZXIgZW51bSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRpbW9rb2Vzc2xlci9naXRsYWItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdpdGxhYiB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2dpdGxhYl9mYWlsZWRfcGFzc3dvcmQnIgpsZWFrc3BlZWQ6ICI0MHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IGdpdGxhYgogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect gitlab bruteforce", "author": "timokoessler", "labels": { "remediation": "true", "service": "gitlab", "type": "bruteforce" } }, "timokoessler/mongodb-bf": { "path": "scenarios/timokoessler/mongodb-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2091dbe9f9e71d2f31a6c6dbcd1aaa5b8eb8215925bfdf8a36f9b3c1624cffcf", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBNb25nb0RCIGF1dGhlbnRpY2F0aW9uczoKCi0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAKLSBsZWFrc3BlZWQgb2YgNDBzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcCBhbmQgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCi0gbGVha3NwZWVkIG9mIDQwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCBhdXRoZW50aWNhdGlvbiBkYXRhYmFzZQ==", "content": "IyBtb25nb2RiIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL21vbmdvZGItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgbW9uZ29kYiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbW9uZ29kYl9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBtb25nb2RiCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIG1vbmdvZGIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL21vbmdvZGItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1vbmdvZGIgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdtb25nb2RiX2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAiNDBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBtb25nb2RiCiAgdHlwZTogYnJ1dGVmb3JjZQogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIG1vbmdvZGIgYXV0aGVudGljYXRpb24gZGF0YWJhc2UgZW51bSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRpbW9rb2Vzc2xlci9tb25nb2RiLWJmX2F1dGgtZGItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBtb25nb2RiIGF1dGhlbnRpY2F0aW9uIGRhdGFiYXNlIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21vbmdvZGJfZmFpbGVkX2F1dGgnIgpsZWFrc3BlZWQ6ICI0MHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEuYXV0aGVudGljYXRpb25fZGF0YWJhc2UKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IG1vbmdvZGIKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWU=", "description": "Detect mongodb bruteforce", "author": "timokoessler", "labels": { "remediation": "true", "service": "mongodb", "type": "bruteforce" } }, "timokoessler/uptime-kuma-bf": { "path": "scenarios/timokoessler/uptime-kuma-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a50fbbc0db115694fc140607f27688c499d63b3702b2bc596809f3cfaeb58c02", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBVcHRpbWUgS3VtYSBhdXRoZW50aWNhdGlvbnM6CgotIGxlYWtzcGVlZCBvZiAxNXMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCi0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBVcHRpbWUgS3VtYSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBVcHRpbWUgS3VtYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3VwdGltZV9rdW1hX2ZhaWxlZF9wYXNzd29yZCcsICd1cHRpbWVfa3VtYV9mYWlsZWRfdG90cCddIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogdXB0aW1lLWt1bWEKICB0eXBlOiBicnV0ZWZvcmNlCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgVXB0aW1lIEt1bWEgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL3VwdGltZS1rdW1hLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBVcHRpbWUgS3VtYSB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyd1cHRpbWVfa3VtYV9mYWlsZWRfcGFzc3dvcmQnLCAndXB0aW1lX2t1bWFfZmFpbGVkX3RvdHAnXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiB1cHRpbWUta3VtYQogIHR5cGU6IGJydXRlZm9yY2UKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect Uptime Kuma bruteforce", "author": "timokoessler", "labels": { "remediation": "true", "service": "uptime-kuma", "type": "bruteforce" } } } }