{ "appsec-configs": { "crowdsecurity/appsec-default": { "path": "appsec-configs/crowdsecurity/appsec-default.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2b821a2cbcfdd7fdfd8ada95c00a4c6fdf8ce8a3efb55b1e3cd8eacc0ed418b6", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCmRlZmF1bHRfcmVtZWRpYXRpb246IGJhbgppbmJhbmRfcnVsZXM6CiAtIGNyb3dkc2VjdXJpdHkvYmFzZS1jb25maWcgCiAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLSoKIC0gY3Jvd2RzZWN1cml0eS9nZW5lcmljLSo=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/crs": { "path": "appsec-configs/crowdsecurity/crs.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e9cbc67cae76d60468e40f54db62c97157e203bc06c412239695c843ef98f987", "deprecated": false }, "0.2": { "digest": "fd41693ebf881d1cb561cd6a163c9da47c50c480829efe4ddca74f6ec3847855", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jcnMKZGVmYXVsdF9yZW1lZGlhdGlvbjogYmFuCiNsb2dfbGV2ZWw6IGRlYnVnCm91dG9mYmFuZF9ydWxlczoKIC0gY3Jvd2RzZWN1cml0eS9jcnM=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/generic-rules": { "path": "appsec-configs/crowdsecurity/generic-rules.yaml", "version": "0.3", "versions": { "0.1": { "digest": "e406c104f040ca39220f610efce241489d64ce0f1654b3fca39a844893ea0840", "deprecated": false }, "0.2": { "digest": "265fbcc3008391bb24ca0305e08c2dd0f975ea1c8ab7e542fda431b953603cc1", "deprecated": false }, "0.3": { "digest": "fb011e3c38570d29d51af0de461b52ace41f7dbf6c7d8127ff1d1eafe07ab090", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9nZW5lcmljLXJ1bGVzCmRlZmF1bHRfcmVtZWRpYXRpb246IGJhbgppbmJhbmRfcnVsZXM6CiAtIGNyb3dkc2VjdXJpdHkvYmFzZS1jb25maWcgCiAtIGNyb3dkc2VjdXJpdHkvZ2VuZXJpYy0q", "author": "crowdsecurity", "labels": null }, "crowdsecurity/virtual-patching": { "path": "appsec-configs/crowdsecurity/virtual-patching.yaml", "version": "0.4", "versions": { "0.1": { "digest": "48a765ded560cf4d8bb405e563411245156b6b2c2fef09e5492e6270f5337bff", "deprecated": false }, "0.2": { "digest": "0bf15e1ebed4c94933bf9407d616be22121733ddd327710f7f5b79ec70d52085", "deprecated": false }, "0.3": { "digest": "e93cc5d63aae3a83794b0f6b1e41566f53fae059e6044a9519f02256fa6e2adf", "deprecated": false }, "0.4": { "digest": "ddad5c18125c5753b23b52f55598911b66effaddc9c02286775061609901dbeb", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCmRlZmF1bHRfcmVtZWRpYXRpb246IGJhbgppbmJhbmRfcnVsZXM6CiAtIGNyb3dkc2VjdXJpdHkvYmFzZS1jb25maWcgCiAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLSoK", "author": "crowdsecurity", "labels": null } }, "appsec-rules": { "crowdsecurity/base-config": { "path": "appsec-rules/crowdsecurity/base-config.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5ef93f4b19a028f2415afaf570df4d20a5f6038fa94cc990a387662303c2ef20", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwojIyMjIFRoaXMgZmlsZSBpcyBpbnRlbmRlZCB0byBwcm92aWRlIGEgYmFzaWMgY29uZmlndXJhdGlvbiBmb3IgY29yYXphOgojIyMjIC0gU2V0IHRoZSBib2R5IHByb2Nlc3NvcnMgYmFzZWQgb24gdGhlIGNvbnRlbnQtdHlwZQoKc2VjbGFuZ19ydWxlczoKIC0gU2VjcnVsZSBSRVFVRVNUX0hFQURFUlM6Q29udGVudC1UeXBlICJAcnggXmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgImlkOjEwMCxwaGFzZToxLHBhc3Msbm9sb2csbm9hdWRpdGxvZyxjdGw6cmVxdWVzdEJvZHlQcm9jZXNzb3I9VVJMRU5DT0RFRCIKIC0gU2VjcnVsZSBSRVFVRVNUX0hFQURFUlM6Q29udGVudC1UeXBlICJAcnggXm11bHRpcGFydC9mb3JtLWRhdGEiICJpZDoxMDEscGhhc2U6MSxwYXNzLG5vbG9nLG5vYXVkaXRsb2csY3RsOnJlcXVlc3RCb2R5UHJvY2Vzc29yPU1VTFRJUEFSVCIKIC0gU2VjcnVsZSBSRVFVRVNUX0hFQURFUlM6Q29udGVudC1UeXBlICJAcnggXmFwcGxpY2F0aW9uL3htbCIgImlkOjEwMixwaGFzZToxLHBhc3Msbm9sb2csbm9hdWRpdGxvZyxjdGw6cmVxdWVzdEJvZHlQcm9jZXNzb3I9WE1MIgogLSBTZWNydWxlIFJFUVVFU1RfSEVBREVSUzpDb250ZW50LVR5cGUgIkByeCBeYXBwbGljYXRpb24vanNvbiIgImlkOjEwMyxwaGFzZToxLHBhc3Msbm9sb2csbm9hdWRpdGxvZyxjdGw6cmVxdWVzdEJvZHlQcm9jZXNzb3I9SlNPTiIKIC0gU2VjcnVsZSBSRVFVRVNUX0hFQURFUlM6Q29udGVudC1UeXBlICJAcnggXnRleHQveG1sIiAiaWQ6MTA0LHBoYXNlOjEscGFzcyxub2xvZyxub2F1ZGl0bG9nLGN0bDpyZXF1ZXN0Qm9keVByb2Nlc3Nvcj1YTUwiCiAtIFNlY1J1bGUgUkVRQk9EWV9QUk9DRVNTT1IgIiFAcnggKD86VVJMRU5DT0RFRHxNVUxUSVBBUlR8WE1MfEpTT04pIiAiaWQ6MTA1LHBoYXNlOjEscGFzcyxub2xvZyxub2F1ZGl0bG9nLGN0bDpyZXF1ZXN0Qm9keVByb2Nlc3Nvcj1SQVciICNVc2Ugb3VyIGN1c3RvbSBSQVcgYm9keSBwcm9jZXNzb3IsIGp1c3QgdG8gaGF2ZSBSRVFVRVNUX0JPRFkgc2V0Cg==", "author": "crowdsecurity", "labels": null }, "crowdsecurity/crs": { "path": "appsec-rules/crowdsecurity/crs.yaml", "version": "0.4", "versions": { "0.1": { "digest": "786fe3341c0f0a813eb57b7780620181686081e0f181515509290f2e8c042f0b", "deprecated": false }, "0.2": { "digest": "19d216b68b3de8a9c03e4d6644f578520b3673096ef55da6d77bf40902a36cab", "deprecated": false }, "0.3": { "digest": "cdbc73bed015a54c9b47c90ff636ecaea095a954e0e0f4b0e47cafd19d1fd1c6", "deprecated": false }, "0.4": { "digest": "d1e1f48413ff3bca7a13260b2dd111a8a3acc0b5df5a4acc47c3181d3f291b43", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jcnMKc2VjbGFuZ19ydWxlczoKIC0gU2VjUnVsZUVuZ2luZSBPbgogLSBTZWNSZXF1ZXN0Qm9keUFjY2VzcyBPbgpzZWNsYW5nX2ZpbGVzX3J1bGVzOgogLSBjcnMtc2V0dXAuY29uZgogLSBSRVFVRVNULTkwMS1JTklUSUFMSVpBVElPTi5jb25mCiAtIFJFUVVFU1QtOTA1LUNPTU1PTi1FWENFUFRJT05TLmNvbmYKIC0gUkVRVUVTVC05MTEtTUVUSE9ELUVORk9SQ0VNRU5ULmNvbmYKIC0gUkVRVUVTVC05MTMtU0NBTk5FUi1ERVRFQ1RJT04uY29uZgogLSBSRVFVRVNULTkyMC1QUk9UT0NPTC1FTkZPUkNFTUVOVC5jb25mCiAtIFJFUVVFU1QtOTIxLVBST1RPQ09MLUFUVEFDSy5jb25mCiAtIFJFUVVFU1QtOTIyLU1VTFRJUEFSVC1BVFRBQ0suY29uZgogLSBSRVFVRVNULTkzMC1BUFBMSUNBVElPTi1BVFRBQ0stTEZJLmNvbmYKIC0gUkVRVUVTVC05MzEtQVBQTElDQVRJT04tQVRUQUNLLVJGSS5jb25mCiAtIFJFUVVFU1QtOTMyLUFQUExJQ0FUSU9OLUFUVEFDSy1SQ0UuY29uZgogLSBSRVFVRVNULTkzMy1BUFBMSUNBVElPTi1BVFRBQ0stUEhQLmNvbmYKIC0gUkVRVUVTVC05MzQtQVBQTElDQVRJT04tQVRUQUNLLUdFTkVSSUMuY29uZgogLSBSRVFVRVNULTk0MS1BUFBMSUNBVElPTi1BVFRBQ0stWFNTLmNvbmYKIC0gUkVRVUVTVC05NDItQVBQTElDQVRJT04tQVRUQUNLLVNRTEkuY29uZgogLSBSRVFVRVNULTk0My1BUFBMSUNBVElPTi1BVFRBQ0stU0VTU0lPTi1GSVhBVElPTi5jb25mCiAtIFJFUVVFU1QtOTQ0LUFQUExJQ0FUSU9OLUFUVEFDSy1KQVZBLmNvbmYKIC0gUkVRVUVTVC05NDktQkxPQ0tJTkctRVZBTFVBVElPTi5jb25mCiAtIFJFU1BPTlNFLTk1MC1EQVRBLUxFQUtBR0VTLmNvbmYKIC0gUkVTUE9OU0UtOTUxLURBVEEtTEVBS0FHRVMtU1FMLmNvbmYKIC0gUkVTUE9OU0UtOTUyLURBVEEtTEVBS0FHRVMtSkFWQS5jb25mCiAtIFJFU1BPTlNFLTk1My1EQVRBLUxFQUtBR0VTLVBIUC5jb25mCiAtIFJFU1BPTlNFLTk1NC1EQVRBLUxFQUtBR0VTLUlJUy5jb25mCiAtIFJFU1BPTlNFLTk1NS1XRUItU0hFTExTLmNvbmYKIC0gUkVTUE9OU0UtOTU5LUJMT0NLSU5HLUVWQUxVQVRJT04uY29uZgogLSBSRVNQT05TRS05ODAtQ09SUkVMQVRJT04uY29uZgoKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvY3JzLXNldHVwLmNvbmYKICAgIGRlc3RfZmlsZTogY3JzLXNldHVwLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTkwMS1JTklUSUFMSVpBVElPTi5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTAxLUlOSVRJQUxJWkFUSU9OLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTkwNS1DT01NT04tRVhDRVBUSU9OUy5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTA1LUNPTU1PTi1FWENFUFRJT05TLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTkxMS1NRVRIT0QtRU5GT1JDRU1FTlQuY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTkxMS1NRVRIT0QtRU5GT1JDRU1FTlQuY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFUVVFU1QtOTEzLVNDQU5ORVItREVURUNUSU9OLmNvbmYKICAgIGRlc3RfZmlsZTogUkVRVUVTVC05MTMtU0NBTk5FUi1ERVRFQ1RJT04uY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFUVVFU1QtOTIwLVBST1RPQ09MLUVORk9SQ0VNRU5ULmNvbmYKICAgIGRlc3RfZmlsZTogUkVRVUVTVC05MjAtUFJPVE9DT0wtRU5GT1JDRU1FTlQuY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFUVVFU1QtOTIxLVBST1RPQ09MLUFUVEFDSy5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTIxLVBST1RPQ09MLUFUVEFDSy5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05MjItTVVMVElQQVJULUFUVEFDSy5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTIyLU1VTFRJUEFSVC1BVFRBQ0suY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFUVVFU1QtOTMwLUFQUExJQ0FUSU9OLUFUVEFDSy1MRkkuY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTkzMC1BUFBMSUNBVElPTi1BVFRBQ0stTEZJLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTkzMS1BUFBMSUNBVElPTi1BVFRBQ0stUkZJLmNvbmYKICAgIGRlc3RfZmlsZTogUkVRVUVTVC05MzEtQVBQTElDQVRJT04tQVRUQUNLLVJGSS5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05MzItQVBQTElDQVRJT04tQVRUQUNLLVJDRS5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTMyLUFQUExJQ0FUSU9OLUFUVEFDSy1SQ0UuY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFUVVFU1QtOTMzLUFQUExJQ0FUSU9OLUFUVEFDSy1QSFAuY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTkzMy1BUFBMSUNBVElPTi1BVFRBQ0stUEhQLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTkzNC1BUFBMSUNBVElPTi1BVFRBQ0stR0VORVJJQy5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTM0LUFQUExJQ0FUSU9OLUFUVEFDSy1HRU5FUklDLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVFVRVNULTk0MS1BUFBMSUNBVElPTi1BVFRBQ0stWFNTLmNvbmYKICAgIGRlc3RfZmlsZTogUkVRVUVTVC05NDEtQVBQTElDQVRJT04tQVRUQUNLLVhTUy5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05NDItQVBQTElDQVRJT04tQVRUQUNLLVNRTEkuY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTk0Mi1BUFBMSUNBVElPTi1BVFRBQ0stU1FMSS5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05NDMtQVBQTElDQVRJT04tQVRUQUNLLVNFU1NJT04tRklYQVRJT04uY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTk0My1BUFBMSUNBVElPTi1BVFRBQ0stU0VTU0lPTi1GSVhBVElPTi5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05NDQtQVBQTElDQVRJT04tQVRUQUNLLUpBVkEuY29uZgogICAgZGVzdF9maWxlOiBSRVFVRVNULTk0NC1BUFBMSUNBVElPTi1BVFRBQ0stSkFWQS5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVRVUVTVC05NDktQkxPQ0tJTkctRVZBTFVBVElPTi5jb25mCiAgICBkZXN0X2ZpbGU6IFJFUVVFU1QtOTQ5LUJMT0NLSU5HLUVWQUxVQVRJT04uY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFU1BPTlNFLTk1MC1EQVRBLUxFQUtBR0VTLmNvbmYKICAgIGRlc3RfZmlsZTogUkVTUE9OU0UtOTUwLURBVEEtTEVBS0FHRVMuY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFU1BPTlNFLTk1MS1EQVRBLUxFQUtBR0VTLVNRTC5jb25mCiAgICBkZXN0X2ZpbGU6IFJFU1BPTlNFLTk1MS1EQVRBLUxFQUtBR0VTLVNRTC5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVTUE9OU0UtOTUyLURBVEEtTEVBS0FHRVMtSkFWQS5jb25mCiAgICBkZXN0X2ZpbGU6IFJFU1BPTlNFLTk1Mi1EQVRBLUxFQUtBR0VTLUpBVkEuY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL1JFU1BPTlNFLTk1My1EQVRBLUxFQUtBR0VTLVBIUC5jb25mCiAgICBkZXN0X2ZpbGU6IFJFU1BPTlNFLTk1My1EQVRBLUxFQUtBR0VTLVBIUC5jb25mCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvUkVTUE9OU0UtOTU0LURBVEEtTEVBS0FHRVMtSUlTLmNvbmYKICAgIGRlc3RfZmlsZTogUkVTUE9OU0UtOTU0LURBVEEtTEVBS0FHRVMtSUlTLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVNQT05TRS05NTUtV0VCLVNIRUxMUy5jb25mCiAgICBkZXN0X2ZpbGU6IFJFU1BPTlNFLTk1NS1XRUItU0hFTExTLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVNQT05TRS05NTktQkxPQ0tJTkctRVZBTFVBVElPTi5jb25mCiAgICBkZXN0X2ZpbGU6IFJFU1BPTlNFLTk1OS1CTE9DS0lORy1FVkFMVUFUSU9OLmNvbmYKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9SRVNQT05TRS05ODAtQ09SUkVMQVRJT04uY29uZgogICAgZGVzdF9maWxlOiBSRVNQT05TRS05ODAtQ09SUkVMQVRJT04uY29uZgogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL2NyYXdsZXJzLXVzZXItYWdlbnRzLmRhdGEKICAgIGRlc3RfZmlsZTogY3Jhd2xlcnMtdXNlci1hZ2VudHMuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL2lpcy1lcnJvcnMuZGF0YQogICAgZGVzdF9maWxlOiBpaXMtZXJyb3JzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9qYXZhLWNsYXNzZXMuZGF0YQogICAgZGVzdF9maWxlOiBqYXZhLWNsYXNzZXMuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL2phdmEtY29kZS1sZWFrYWdlcy5kYXRhCiAgICBkZXN0X2ZpbGU6IGphdmEtY29kZS1sZWFrYWdlcy5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvamF2YS1lcnJvcnMuZGF0YQogICAgZGVzdF9maWxlOiBqYXZhLWVycm9ycy5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvbGZpLW9zLWZpbGVzLmRhdGEKICAgIGRlc3RfZmlsZTogbGZpLW9zLWZpbGVzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9waHAtY29uZmlnLWRpcmVjdGl2ZXMuZGF0YQogICAgZGVzdF9maWxlOiBwaHAtY29uZmlnLWRpcmVjdGl2ZXMuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3BocC1lcnJvcnMuZGF0YQogICAgZGVzdF9maWxlOiBwaHAtZXJyb3JzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9waHAtZXJyb3JzLXBsMi5kYXRhCiAgICBkZXN0X2ZpbGU6IHBocC1lcnJvcnMtcGwyLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9waHAtZnVuY3Rpb24tbmFtZXMtOTMzMTUwLmRhdGEKICAgIGRlc3RfZmlsZTogcGhwLWZ1bmN0aW9uLW5hbWVzLTkzMzE1MC5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvcGhwLWZ1bmN0aW9uLW5hbWVzLTkzMzE1MS5kYXRhCiAgICBkZXN0X2ZpbGU6IHBocC1mdW5jdGlvbi1uYW1lcy05MzMxNTEuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3BocC12YXJpYWJsZXMuZGF0YQogICAgZGVzdF9maWxlOiBwaHAtdmFyaWFibGVzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9yZXN0cmljdGVkLWZpbGVzLmRhdGEKICAgIGRlc3RfZmlsZTogcmVzdHJpY3RlZC1maWxlcy5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvcmVzdHJpY3RlZC11cGxvYWQuZGF0YQogICAgZGVzdF9maWxlOiByZXN0cmljdGVkLXVwbG9hZC5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvc2Nhbm5lcnMtaGVhZGVycy5kYXRhCiAgICBkZXN0X2ZpbGU6IHNjYW5uZXJzLWhlYWRlcnMuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3NjYW5uZXJzLXVybHMuZGF0YQogICAgZGVzdF9maWxlOiBzY2FubmVycy11cmxzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9zY2FubmVycy11c2VyLWFnZW50cy5kYXRhCiAgICBkZXN0X2ZpbGU6IHNjYW5uZXJzLXVzZXItYWdlbnRzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9zY3JpcHRpbmctdXNlci1hZ2VudHMuZGF0YQogICAgZGVzdF9maWxlOiBzY3JpcHRpbmctdXNlci1hZ2VudHMuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3NxbC1lcnJvcnMuZGF0YQogICAgZGVzdF9maWxlOiBzcWwtZXJyb3JzLmRhdGEKICAgIHR5cGU6IG1vZHNlYwogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvYXBwc2VjL2Nycy9zc3JmLmRhdGEKICAgIGRlc3RfZmlsZTogc3NyZi5kYXRhCiAgICB0eXBlOiBtb2RzZWMKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L2FwcHNlYy9jcnMvdW5peC1zaGVsbC5kYXRhCiAgICBkZXN0X2ZpbGU6IHVuaXgtc2hlbGwuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3dlYi1zaGVsbHMtcGhwLmRhdGEKICAgIGRlc3RfZmlsZTogd2ViLXNoZWxscy1waHAuZGF0YQogICAgdHlwZTogbW9kc2VjCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9hcHBzZWMvY3JzL3dpbmRvd3MtcG93ZXJzaGVsbC1jb21tYW5kcy5kYXRhCiAgICBkZXN0X2ZpbGU6IHdpbmRvd3MtcG93ZXJzaGVsbC1jb21tYW5kcy5kYXRhCiAgICB0eXBlOiBtb2RzZWM=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/generic-freemarker-ssti": { "path": "appsec-rules/crowdsecurity/generic-freemarker-ssti.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4c4466729b2fdebcf23dfd197e2b967c17d79324cfd4245ac3a3d9be6f029df8", "deprecated": false }, "0.2": { "digest": "4721a9b2f0ab29d5dfd385101afe5c23c197f59bfa86e82935d3371879768059", "deprecated": false }, "0.3": { "digest": "5f731c0099b563a816529755f147b4a4b5d047719f90382e1dc86d39d6ecf558", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9nZW5lcmljLWZyZWVtYXJrZXItc3N0aQpkZXNjcmlwdGlvbjogIkdlbmVyaWMgRnJlZU1hcmtlciBTU1RJIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6IAogICAgICAtIFJBV19CT0RZCiAgICAgIC0gQVJHUwogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGNvbnRhaW5zCiAgICAgICAgdmFsdWU6ICdmcmVlbWFya2VyLnRlbXBsYXRlLnV0aWxpdHkuZXhlY3V0ZScKCmxhYmVsczoKICAgdHlwZTogZXhwbG9pdAogICBzZXJ2aWNlOiBodHRwCiAgIGNvbmZpZGVuY2U6IDIKICAgc3Bvb2ZhYmxlOiAwCiAgIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogICBsYWJlbDogIkdlbmVyaWMgRnJlZU1hcmtlciBTU1RJIgogICBjbGFzc2lmaWNhdGlvbjoKICAgICAtIGF0dGFjay5UMTU5NQogICAgIC0gYXR0YWNrLlQxMTkw", "description": "Generic FreeMarker SSTI", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Generic FreeMarker SSTI", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2017-9841": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0737417a66c5327708f6eff4392a4461002592fabcda6cdbdaa4143bce185503", "deprecated": false }, "0.2": { "digest": "6e5549b580c3a35315a6660a2904eafd3b463141d95f1ad2d5d606d55eb0b046", "deprecated": false }, "0.3": { "digest": "69404f8a96298652c1fcc8ed6e6c979fd83271c2167cc3af50edb9201bafb092", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQpkZXNjcmlwdGlvbjogIlBIUFVuaXQgUkNFIChDVkUtMjAxNy05ODQxKSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC91dGlsL3BocC9ldmFsLXN0ZGluLnBocApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJQSFBVbml0IFJDRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMTctOTg0MQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtOTQ=", "description": "PHPUnit RCE (CVE-2017-9841)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2017-9841", "attack.T1595", "attack.T1190", "cwe.CWE-94" ], "confidence": 3, "label": "PHPUnit RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2018-1000861": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2018-1000861.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c56b770df99a1e84a45f07487a5d0fb031adbcfce8ac8182e56761f1db7ab82b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTAwMDg2MQpkZXNjcmlwdGlvbjogIkplbmtpbnMgLSBSQ0UgKENWRS0yMDE4LTEwMDA4NjEpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogZGVzY3JpcHRvckJ5TmFtZS9vcmcuamVua2luc2NpLnBsdWdpbnMud29ya2Zsb3cuY3BzLkNwc0Zsb3dEZWZpbml0aW9uL2NoZWNrU2NyaXB0Q29tcGlsZQogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiBzZWN1cml0eVJlYWxtL3VzZXIvYWRtaW4KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiSmVua2lucyAtIFJDRSIKICByZWZlcmVuY2VzOgogICAgLSBodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PWFidUgtai02LXMwJnQ9N3MKICAgIC0gaHR0cHM6Ly9kZXZjby5yZS9ibG9nLzIwMTkvMDIvMTkvaGFja2luZy1KZW5raW5zLXBhcnQyLWFidXNpbmctbWV0YS1wcm9ncmFtbWluZy1mb3ItdW5hdXRoZW50aWNhdGVkLVJDRS8KICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMTgtMTAwMDg2MQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNTAy", "description": "Jenkins - RCE (CVE-2018-1000861)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2018-1000861", "attack.T1595", "attack.T1190", "cwe.CWE-502" ], "confidence": 3, "label": "Jenkins - RCE", "references": [ "https://www.youtube.com/watch?v=abuH-j-6-s0\u0026t=7s", "https://devco.re/blog/2019/02/19/hacking-Jenkins-part2-abusing-meta-programming-for-unauthenticated-RCE/" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2018-10562": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2018-10562.yaml", "version": "0.2", "versions": { "0.1": { "digest": "65fc92420da5015e64403c4f85bbf53c739fabb1a6d30885ec016d8f7ca6a0b0", "deprecated": false }, "0.2": { "digest": "f1c5bc2ea0106e9ea059d5787daa33b8d0b94cc35fca876d9440ac8d876a3254", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTA1NjIKZGVzY3JpcHRpb246ICJEYXNhbiBHUE9OIFJDRSAoQ1ZFLTIwMTgtMTA1NjIpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9ncG9uZm9ybS9kaWFnX2Zvcm0KICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBkZXN0X2hvc3QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogcmVnZXgKICAgICAgICB2YWx1ZTogIlteMC05YS16QS1aLS5dKyIKCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkRhc2FuIEdQT04gUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAxOC0xMDU2MgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzg=", "description": "Dasan GPON RCE (CVE-2018-10562)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2018-10562", "attack.T1595", "attack.T1190", "cwe.CWE-78" ], "confidence": 3, "label": "Dasan GPON RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2019-1003030": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2019-1003030.yaml", "version": "0.1", "versions": { "0.1": { "digest": "28e6b8f2d87fa26712625e52cb4f3c11c8e0f4a39a2d632598c5023e83639ec5", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTAwMzAzMApkZXNjcmlwdGlvbjogIkplbmtpbnMgLSBSQ0UgKENWRS0yMDE5LTEwMDMwMzApIgpydWxlczoKICAtIGFuZDoKICAgICAgLSB6b25lczoKICAgICAgICAgIC0gVVJJCiAgICAgICAgdHJhbnNmb3JtOgogICAgICAgICAtIGxvd2VyY2FzZQogICAgICAgIG1hdGNoOgogICAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICAgIHZhbHVlOiBkZXNjcmlwdG9yYnluYW1lL29yZy5qZW5raW5zY2kucGx1Z2lucy5zY3JpcHRzZWN1cml0eS5zYW5kYm94Lmdyb292eS5zZWN1cmVncm9vdnlzY3JpcHQvY2hlY2tzY3JpcHQKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIHJlZmVyZW5jZXM6CiAgICAtIGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzQ4OTA0CiAgbGFiZWw6ICJKZW5raW5zIC0gUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBjdmUuQ1ZFLTIwMTktMTAwMzAzMAogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN3ZS5DV0UtMjY0Cg==", "description": "Jenkins - RCE (CVE-2019-1003030)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2019-1003030", "attack.T1595", "attack.T1190", "cwe.CWE-264" ], "confidence": 3, "label": "Jenkins - RCE", "references": [ "https://www.exploit-db.com/exploits/48904" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2019-12989": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml", "version": "0.3", "versions": { "0.1": { "digest": "a2f681cb8b762e33a66e63343a9fce32d5416438322ec376946ff78428543714", "deprecated": false }, "0.2": { "digest": "a8137b302f6fa55456dcf9cb7e9e9ba11dd878f0b91c90b3910fa4af397e0218", "deprecated": false }, "0.3": { "digest": "82b7a57b7fad8c56a0d439ee933debc9272bce8cea2a46ce3177110a57e11bd2", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKZGVzY3JpcHRpb246ICJDaXRyaXggU1FMaSAoQ1ZFLTIwMTktMTI5ODkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9zZHdhbi9uaXRyby92MS9jb25maWcvZ2V0X3BhY2thZ2VfZmlsZQogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gYWN0aW9uCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJmaWxlX2Rvd25sb2FkIgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBqc29uLmdldF9wYWNrYWdlX2ZpbGUuc2l0ZV9uYW1lCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGxpYmluamVjdGlvblNRTApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDaXRyaXggU1FMaSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMTktMTI5ODkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTg5", "description": "Citrix SQLi (CVE-2019-12989)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2019-12989", "attack.T1595", "attack.T1190", "cwe.CWE-89" ], "confidence": 3, "label": "Citrix SQLi", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2020-11738": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml", "version": "0.6", "versions": { "0.1": { "digest": "4760198ce14851e3387470bc0270f662b58aa32b8ef1f4217af6818e4f0cedbe", "deprecated": false }, "0.2": { "digest": "d939fd479841838064eb205911dd20f35a8070eea2734cf4e0c7bd0c2b5444fe", "deprecated": false }, "0.3": { "digest": "d82023967b6e1516519bf0adf7ae5e4d192c19039434267cffd73058f550c2fc", "deprecated": false }, "0.4": { "digest": "e73f8dadfeb909e98e3609d0cc098533f2c0351503cabebdf92a43f9d1b3e94c", "deprecated": false }, "0.5": { "digest": "b971347e1c948e6a19be6b8641329806b8cbeeaac2f42c0037521831a4629075", "deprecated": false }, "0.6": { "digest": "c126f8093c14e959ee0ae591c6e22b912b39fe8ede8004d79aba7dedcc9c970a", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKZGVzY3JpcHRpb246ICJXb3JkcHJlc3MgU25hcCBDcmVlayBEdXBsaWNhdG9yIC0gUGF0aCBUcmF2ZXJzYWwgKENWRS0yMDIwLTExNzM4KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC93cC1hZG1pbi9hZG1pbi1hamF4LnBocAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIGFjdGlvbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogZHVwbGljYXRvcl9kb3dubG9hZAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIGZpbGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIi4uIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJXb3JkcHJlc3MgU25hcCBDcmVlayBEdXBsaWNhdG9yIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMC0xMTczOAogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtMjI=", "description": "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2020-11738", "attack.T1595", "attack.T1190", "cwe.CWE-22" ], "confidence": 3, "label": "Wordpress Snap Creek Duplicator", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2020-17496": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2020-17496.yaml", "version": "0.1", "versions": { "0.1": { "digest": "835df99b26dfcfc6656a6e985ea82966551fae61c61ebb5383bdf9b6dcfa0cd5", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTc0OTYKZGVzY3JpcHRpb246ICJ2QnVsbGV0aW4gUkNFIChDVkUtMjAyMC0xNzQ5NikiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvYWpheC9yZW5kZXIvd2lkZ2V0X3RhYmJlZGNvbnRhaW5lcl90YWJfcGFuZWwKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gL3N1YndpZGdldHNcW1swLTldK1xdXFt0ZW1wbGF0ZVxdLwogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogd2lkZ2V0X3BocAogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1NfTkFNRVMKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogcmVnZXgKICAgICAgICB2YWx1ZTogc3ViV2lkZ2V0c1xbWzAtOV0rXF1cW2NvbmZpZ1xdXFtjb2RlXF0KCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogInZCdWxsZXRpbiBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIwLTE3NDk2CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03NA==", "description": "vBulletin RCE (CVE-2020-17496)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2020-17496", "attack.T1595", "attack.T1190", "cwe.CWE-74" ], "confidence": 3, "label": "vBulletin RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2021-22941": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml", "version": "0.3", "versions": { "0.1": { "digest": "994975ada2914e56168b94db4acb5f28293673fcf824d35619d5e35539cf8052", "deprecated": false }, "0.2": { "digest": "0057a096e2d27ce5264d9481dd073bf97d7ef9a6b7e3e11785cfd8dde880db56", "deprecated": false }, "0.3": { "digest": "10b432dba048130dbea67c24d1f94f84ff0df489dce552fda2cd6c0e76eb6e16", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKZGVzY3JpcHRpb246ICJDaXRyaXggUkNFIChDVkUtMjAyMS0yMjk0MSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3VwbG9hZC5hc3B4CiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB1cGxvYWRpZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNpdHJpeCBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTIyOTQxCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", "description": "Citrix RCE (CVE-2021-22941)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2021-22941", "attack.T1595", "attack.T1190", "cwe.CWE-284" ], "confidence": 3, "label": "Citrix RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2021-3129": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml", "version": "0.4", "versions": { "0.1": { "digest": "78803a49055ed71b353ddf43560d700d0b64ebfb172ef6705457f793a9f37b34", "deprecated": false }, "0.2": { "digest": "b155e9bbe64b4b44f3c98617c4b3bfedaadcce147e0685290e0d7a8dbdf47108", "deprecated": false }, "0.3": { "digest": "60ab3d4c01d7e9cd998134473b7be3899d63af8936227c4d1899cd3008aab53d", "deprecated": false }, "0.4": { "digest": "bf67806102345ebd40cbc47dc0494d97b0a7be420302386844650ad28284e74c", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQpkZXNjcmlwdGlvbjogIkxhcmF2ZWwgd2l0aCBJZ25pdGlvbiBEZWJ1ZyBNb2RlIFJDRSAoQ1ZFLTIwMjEtMzEyOSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvX2lnbml0aW9uL2V4ZWN1dGUtc29sdXRpb24KICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBqc29uLnBhcmFtZXRlcnMudmlld0ZpbGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogcmVnZXgKICAgICAgICB2YWx1ZTogInBocDovL2ZpbHRlcnxwaGFyOi8vIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJMYXJhdmVsIHdpdGggSWduaXRpb24gRGVidWcgTW9kZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTMxMjkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTk4", "description": "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2021-3129", "attack.T1595", "attack.T1190", "cwe.CWE-98" ], "confidence": 3, "label": "Laravel with Ignition Debug Mode RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-22954": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-22954.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e60bbff9098b087dc1d8fa2ccb7007c4d886228344af78ef998b4d73f81e4820", "deprecated": false }, "0.2": { "digest": "16face3b32aa6a9a3664f3919f2ae58440ec7ccd2c364156cf9ac8cebcbecb26", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NTQKZGVzY3JpcHRpb246ICJWTVdhcmUgV29ya3NwYWNlIE9ORSBBY2Nlc3MgUkNFIChDVkUtMjAyMi0yMjk1NCkiCnJ1bGVzOgogIC0gYW5kOgogICAgICAgLSB6b25lczoKICAgICAgICAgICAtIFVSSQogICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICAgbWF0Y2g6CiAgICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgICB2YWx1ZTogL2NhdGFsb2ctcG9ydGFsL3VpL29hdXRoL3ZlcmlmeQogICAgICAgLSB6b25lczoKICAgICAgICAgICAtIEFSR1MKICAgICAgICAgdmFyaWFibGVzOgogICAgICAgICAgIC0gZGV2aWNlVWRpZAogICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICAgbWF0Y2g6CiAgICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgICB2YWx1ZTogJHsKCmxhYmVsczoKICAgdHlwZTogZXhwbG9pdAogICBzZXJ2aWNlOiBodHRwCiAgIGNvbmZpZGVuY2U6IDMKICAgc3Bvb2ZhYmxlOiAwCiAgIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogICBsYWJlbDogIlZNV2FyZSBXb3Jrc3BhY2UgT05FIFJDRSIKICAgcmVmZXJlbmNlczoKICAgIC0gaHR0cHM6Ly93d3cucmFwaWQ3LmNvbS9ibG9nL3Bvc3QvMjAyMi8wNC8yOS93aWRlc3ByZWFkLWV4cGxvaXRhdGlvbi1vZi12bXdhcmUtd29ya3NwYWNlLW9uZS1hY2Nlc3MtY3ZlLTIwMjItMjI5NTQvCiAgICAtIGh0dHBzOi8vdW5pdDQyLnBhbG9hbHRvbmV0d29ya3MuY29tL2N2ZS0yMDIyLTIyOTU0LXZtd2FyZS12dWxuZXJhYmlsaXRpZXMvCiAgICAtIGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL2N2ZS0yMDIyLTIyOTU0CiAgIGNsYXNzaWZpY2F0aW9uOgogICAgIC0gY3ZlLkNWRS0yMDIyLTIyOTU0CiAgICAgLSBhdHRhY2suVDE1OTUKICAgICAtIGF0dGFjay5UMTE5MA==", "description": "VMWare Workspace ONE Access RCE (CVE-2022-22954)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-22954", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "VMWare Workspace ONE RCE", "references": [ "https://www.rapid7.com/blog/post/2022/04/29/widespread-exploitation-of-vmware-workspace-one-access-cve-2022-22954/", "https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/", "https://nvd.nist.gov/vuln/detail/cve-2022-22954" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-22965": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-22965.yaml", "version": "0.2", "versions": { "0.1": { "digest": "97303299c1e51bff072ad97376af0f9c1ce3489920c2f5669c728165d52c961e", "deprecated": false }, "0.2": { "digest": "68d3b2dda49624c72976f5bc7322c532286ec8a4f45ed2526d1fd880195d3d3b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKZGVzY3JpcHRpb246ICJTcHJpbmc0U2hlbGwgLSBSQ0UgKENWRS0yMDIyLTIyOTY1KSIKcnVsZXM6CiAgLSB6b25lczoKICAgIC0gUkFXX0JPRFkKICAgIC0gQVJHU19OQU1FUwogICAgbWF0Y2g6CiAgICAgIHR5cGU6IGNvbnRhaW5zCiAgICAgIHZhbHVlOiBjbGFzcy5tb2R1bGUuY2xhc3NMb2FkZXIucmVzb3VyY2VzLgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJTcHJpbmc0U2hlbGwgLSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIyLTIyOTY1CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS05NAoKCg==", "description": "Spring4Shell - RCE (CVE-2022-22965)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-22965", "attack.T1595", "attack.T1190", "cwe.CWE-94" ], "confidence": 3, "label": "Spring4Shell - RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-27926": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml", "version": "0.4", "versions": { "0.1": { "digest": "d96237a7ed02eb7aa9df45a684b5cef8f5145e857d10b5260373739668ad63f5", "deprecated": false }, "0.2": { "digest": "ba56077560152e4dd0e06c1bc1e6522515142b0ea7a27dff2c0ea289ddaee174", "deprecated": false }, "0.3": { "digest": "951e401afc100b54c1151efaea6ae676a95e91eb1ba8503638500695bd607f97", "deprecated": false }, "0.4": { "digest": "e2c3a9d82d7362168f27227660a2d35249642843672438545ca5a8eb25d7e4e5", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjc5MjYKZGVzY3JpcHRpb246ICJaaW1icmEgQ29sbGFib3JhdGlvbiBYU1MgKENWRS0yMDIyLTI3OTI2KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9wdWJsaWMvZXJyb3IuanNwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGVyckNvZGUKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBsaWJpbmplY3Rpb25YU1MKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiWmltYnJhIENvbGxhYm9yYXRpb24gKFpDUykgLSBYU1MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIyLTI3OTI2CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OQ==", "description": "Zimbra Collaboration XSS (CVE-2022-27926)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-27926", "attack.T1595", "attack.T1190", "cwe.CWE-79" ], "confidence": 3, "label": "Zimbra Collaboration (ZCS) - XSS", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-35914": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml", "version": "0.5", "versions": { "0.1": { "digest": "6a04ea781b27eb568a1752e3e310ef59532f803fed829010fb5cf76225454bc5", "deprecated": false }, "0.2": { "digest": "ef4c9225bcfcc942fa5db2568a99af628cf578249b4a7477e0889f16d3ef4111", "deprecated": false }, "0.3": { "digest": "e1213758c850424b37cb6ff6360fc1e1a2f12af9284d77766b06ee8c58679656", "deprecated": false }, "0.4": { "digest": "dca2dbd76392b220f527732266fd7b39b16e23cd7ec72665f022598325fc7988", "deprecated": false }, "0.5": { "digest": "ec12df461c9066584779c55e88d51a40f9e29b90a5b7f65f074a07af1584bbe5", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKZGVzY3JpcHRpb246ICJHTFBJIFJDRSAoQ1ZFLTIwMjItMzU5MTQpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3ZlbmRvci9odG1sYXdlZC9odG1sYXdlZC9odG1sYXdlZHRlc3QucGhwCgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJHTFBJIFJDRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjItMzU5MTQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTc0", "description": "GLPI RCE (CVE-2022-35914)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-35914", "attack.T1595", "attack.T1190", "cwe.CWE-74" ], "confidence": 3, "label": "GLPI RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-44877": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml", "version": "0.2", "versions": { "0.1": { "digest": "3c6baf947b513098784bb4cb9d03c2e19483dd48a7660db55ee77872dd903132", "deprecated": false }, "0.2": { "digest": "717fe0d16947d200c0f9142ca667618c3984037f0775fda609326a87f90357d8", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDQ4NzcKZGVzY3JpcHRpb246ICJDZW50T1MgV2ViIFBhbmVsIDcgUkNFIChDVkUtMjAyMi00NDg3NykiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvbG9naW4vaW5kZXgucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGxvZ2luCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtekEtWjAtOV8uLV0rIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDZW50T1MgV2ViIFBhbmVsIDcgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMi00NDg3NwogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzg=", "description": "CentOS Web Panel 7 RCE (CVE-2022-44877)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-44877", "attack.T1595", "attack.T1190", "cwe.CWE-78" ], "confidence": 3, "label": "CentOS Web Panel 7 RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2022-46169": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml", "version": "0.5", "versions": { "0.1": { "digest": "e251805a453d65934e5794cbb96ce34179ce20981a123103d814afdcbb788d00", "deprecated": false }, "0.2": { "digest": "6d2c89d06aefeacf14816f1cc755365056efcdba79265a0bb587033ca5790962", "deprecated": false }, "0.3": { "digest": "00ad3b04df93d2ea077b69ecfcc1156ad0262005ab9915b740f6fb0c08fe86a1", "deprecated": false }, "0.4": { "digest": "01f9badf366abe7fc3572b8814139521f114e15d716ee06541076dae4670a0fa", "deprecated": false }, "0.5": { "digest": "b70ef73cc7e6c472e2a66ed981d434cc8678ab45d9409de1967613140f545140", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKZGVzY3JpcHRpb246ICJDYWN0aSBSQ0UgKENWRS0yMDIyLTQ2MTY5KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9yZW1vdGVfYWdlbnQucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIHBvbGxlcl9pZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAiW15hLXpBLVowLTlfXSIKCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNhY3RpIDw9MS4yLjIyIC0gUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMi00NjE2OQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzQKICAgLSBjd2UuQ1dFLTc3CiAgIC0gY3dlLkNXRS03OAogICAtIGN3ZS5DV0UtODYz", "description": "Cacti RCE (CVE-2022-46169)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2022-46169", "attack.T1595", "attack.T1190", "cwe.CWE-74", "cwe.CWE-77", "cwe.CWE-78", "cwe.CWE-863" ], "confidence": 3, "label": "Cacti \u003c=1.2.22 - RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-1389": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-1389.yaml", "version": "0.1", "versions": { "0.1": { "digest": "fedda002c3f2a7d4435a63833a834facdb2f73344477edb65c96af7ea2f6968f", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMTM4OQpkZXNjcmlwdGlvbjogIlRQLUxpbmsgQXJjaGVyIEFYMjEgLSBSQ0UgKENWRS0yMDIzLTEzODkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2NnaS1iaW4vbHVjaS87c3Rvaz0vbG9jYWxlCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGZvcm0KICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IGNvdW50cnkKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gb3BlcmF0aW9uCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiB3cml0ZQogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBjb3VudHJ5CiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtekEtWjAtOV8uLV0rIgoKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiVFAtTGluayBBcmNoZXIgQVgyMSAtIFJDRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMTM4OQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzcK", "description": "TP-Link Archer AX21 - RCE (CVE-2023-1389)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-1389", "attack.T1595", "attack.T1190", "cwe.CWE-77" ], "confidence": 3, "label": "TP-Link Archer AX21 - RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-20198": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml", "version": "0.6", "versions": { "0.1": { "digest": "100fe7c75a8b557d6ad35bc8712b996d9366631dda64d8a72e245293773ef2ae", "deprecated": false }, "0.2": { "digest": "4ed8476a931d3b45b210669ccab401d736bc765cc21ea02ed8fbddc21e6598ca", "deprecated": false }, "0.3": { "digest": "eedd4555f876c459d0a17950f3b1311404b44d248b789221fddf73054e429bc0", "deprecated": false }, "0.4": { "digest": "4d5339081ffa687619f13b3480984e056f64cab397154c187470ef1144a5fed3", "deprecated": false }, "0.5": { "digest": "c4356c6967555f649c5ce02078d5f64c5a3905004519072d7c9c36ee638a66ba", "deprecated": false }, "0.6": { "digest": "a14a7f74314729684f6c0bcaee613779d83b4dd58555f763cfb1c10f37349781", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjAxOTgKZGVzY3JpcHRpb246ICJDSVNDTyBJT1MgWEUgQWNjb3VudCBDcmVhdGlvbiAoQ1ZFLTIwMjMtMjAxOTgpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogLyU3N2VidWlfd3NtYV9odHRwcwogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ0lTQ08gSU9TIFhFIGFjY291bnQgY3JlYXRpb24iCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTIwMTk4CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODc=", "description": "CISCO IOS XE Account Creation (CVE-2023-20198)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-20198", "attack.T1595", "attack.T1190", "cwe.CWE-287" ], "confidence": 3, "label": "CISCO IOS XE account creation", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-22515": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml", "version": "0.4", "versions": { "0.1": { "digest": "dc6fc69ee52353cef3ea5563dbccd5b73dae0924e0bf13e38550768a23eeee8c", "deprecated": false }, "0.2": { "digest": "bf313622a8c6b00bdaf421bb0766c1a0d077aaff8db50c32c4b1090dbbbf0fb9", "deprecated": false }, "0.3": { "digest": "16d7f6ff1913304df2a270b3a27ba5d1165be8e3c7978489cfb9338875bb4d42", "deprecated": false }, "0.4": { "digest": "8bf6511a6046718e06db86f0ffbaf0a8e636e62b3bc700fc8869919b70111698", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKZGVzY3JpcHRpb246ICJBdGxhc3NpYW4gQ29uZmx1ZW5jZSBQcml2ZXNjIChDVkUtMjAyMy0yMjUxNSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvc2V0dXAvc2V0dXBhZG1pbmlzdHJhdG9yLmFjdGlvbgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSUwogICAgICB2YXJpYWJsZXM6CiAgICAgICAtIHgtYXRsYXNzaWFuLXRva2VuCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJuby1jaGVjayIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQXRsYXNzaWFuIENvbmZsdWVuY2UgUHJpdmVzYyIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMjI1MTUKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NA==", "description": "Atlassian Confluence Privesc (CVE-2023-22515)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-22515", "attack.T1595", "attack.T1190", "cwe.CWE-284" ], "confidence": 3, "label": "Atlassian Confluence Privesc", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-22527": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-22527.yaml", "version": "0.2", "versions": { "0.1": { "digest": "322eefa82144adaa963690cce3c672312e5ecb805334a972d8c4c40953054df6", "deprecated": false }, "0.2": { "digest": "b6d23c5a79107b37ffdcb20def2b749821800a036fd99ad58d3faff2d830eb59", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MjcKZGVzY3JpcHRpb246ICJSQ0UgdXNpbmcgU1NUSSBpbiBDb25mbHVlbmNlIChDVkUtMjAyMy0yMjUyNykiCnJ1bGVzOgogIC0gYW5kOgogICAgICAtIHpvbmVzOgogICAgICAgICAgLSBNRVRIT0QKICAgICAgICBtYXRjaDoKICAgICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgICAgdmFsdWU6IFBPU1QKICAgICAgLSB6b25lczoKICAgICAgICAgIC0gVVJJCiAgICAgICAgdHJhbnNmb3JtOgogICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICBtYXRjaDoKICAgICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgICAgdmFsdWU6IC90ZW1wbGF0ZS9hdWkvdGV4dC1pbmxpbmUudm0KICAgICAgLSB6b25lczoKICAgICAgICAgIC0gUkFXX0JPRFkKICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAtIGxvd2VyY2FzZQogICAgICAgIG1hdGNoOgogICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgIHZhbHVlOiAiZnJlZW1hcmtlci50ZW1wbGF0ZS51dGlsaXR5LmV4ZWN1dGUoKSkuZXhlYyIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ29uZmx1ZW5jZSBSQ0UiCiAgcmVmZXJlbmNlczoKICAgIC0gaHR0cHM6Ly9ibG9nLnByb2plY3RkaXNjb3ZlcnkuaW8vYXRsYXNzaWFuLWNvbmZsdWVuY2Utc3N0aS1yZW1vdGUtY29kZS1leGVjdXRpb24vCiAgICAtIGh0dHBzOi8vY29uZmx1ZW5jZS5hdGxhc3NpYW4uY29tL3NlY3VyaXR5L2N2ZS0yMDIzLTIyNTI3LXJjZS1yZW1vdGUtY29kZS1leGVjdXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1jb25mbHVlbmNlLXNlcnZlci0xMzMzOTkwMjU3Lmh0bWwKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gY3ZlLkNWRS0yMDIzLTIyNTI3CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTA=", "description": "RCE using SSTI in Confluence (CVE-2023-22527)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-22527", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Confluence RCE", "references": [ "https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/", "https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-23752": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-23752.yaml", "version": "0.1", "versions": { "0.1": { "digest": "fa79ea72e00dfcc1e067e8906823f2df7897b8925b86417b1fc1fdab5f26ac6a", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjM3NTIKZGVzY3JpcHRpb246ICJKb29tbGEhIFdlYnNlcnZpY2UgLSBQYXNzd29yZCBEaXNjbG9zdXJlIChDVkUtMjAyMy0yMzc1MikiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAoL2NvbmZpZy9hcHBsaWNhdGlvbnwvdXNlcnMpJAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBwdWJsaWMKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogInRydWUiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkpvb21sYSEgV2Vic2VydmljZSAtIFBhc3N3b3JkIERpc2Nsb3N1cmUiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTIzNzUyCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQKICAgLSBjd2UuQ1dFLTI2NgoKCg==", "description": "Joomla! Webservice - Password Disclosure (CVE-2023-23752)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-23752", "attack.T1595", "attack.T1190", "cwe.CWE-284", "cwe.CWE-266" ], "confidence": 3, "label": "Joomla! Webservice - Password Disclosure", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-24489": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c7ec7c49ee24ba7ba855e3ae256ec2d128b51c7771d676dc150aa3cc060ca785", "deprecated": false }, "0.2": { "digest": "16e398688d669dbf5181718b18338df2baf906212e563749ce5d0041a56543dd", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjQ0ODkKZGVzY3JpcHRpb246ICJDaXRyaXggU2hhcmVGaWxlIFJDRSAoQ1ZFLTIwMjMtMjQ0ODkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2RvY3VtZW50dW0vdXBsb2FkLmFzcHgKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB1cGxvYWRpZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCiAgICAtIHpvbmVzOgogICAgICAtIFJBV19CT0RZCiNpdCBzZWVtcyAnUGFnZV9Mb2FkJyBpcyB0aGUgaGFuZGxlciB0aGF0IGNhbiBiZSBhYnVzZWQsIG1heWJlIHNvbWUgb3RoZXJzIGNhbj8KICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIlBhZ2VfTG9hZCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2l0cml4IFNoYXJlRmlsZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTI0NDg5CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", "description": "Citrix ShareFile RCE (CVE-2023-24489)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-24489", "attack.T1595", "attack.T1190", "cwe.CWE-284" ], "confidence": 3, "label": "Citrix ShareFile RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-28121": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-28121.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6a72dcabc9d7df47d1b5e7b7fa17ca4548e4b6c3cd9cbfcc6d1fea541aaab092", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKZGVzY3JpcHRpb246ICJXb29Db21tZXJjZSBhdXRoIGJ5cGFzcyAoQ1ZFLTIwMjMtMjgxMjEpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEhFQURFUlNfTkFNRVMKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogeC13Y3BheS1wbGF0Zm9ybS1jaGVja291dC11c2VyCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIldvb0NvbW1lcmNlIGF1dGggYnlwYXNzIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy0yODEyMQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtMjg3", "description": "WooCommerce auth bypass (CVE-2023-28121)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-28121", "attack.T1595", "attack.T1190", "cwe.CWE-287" ], "confidence": 3, "label": "WooCommerce auth bypass", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-33617": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml", "version": "0.4", "versions": { "0.1": { "digest": "27d605f7f1aa991127741c047ca8c4af1e0113feafb2073fd9aa04793c311d6e", "deprecated": false }, "0.2": { "digest": "15df9e2f71f34f037f96f7a9b61e6cbab993f3de3708ee92cda32bec84412391", "deprecated": false }, "0.3": { "digest": "399c24c2222b455a5e9030ad0a31b58261e62724051655f7b98be4cdc8cc96d3", "deprecated": false }, "0.4": { "digest": "2c5a0d6ffd19c4d14b691c51028dab5a3a32280bb6ec6943ef60e0e105ee8647", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKZGVzY3JpcHRpb246ICJBdGxhc3NpYW4gQ29uZmx1ZW5jZSBQcml2ZXNjIChDVkUtMjAyMy0zMzYxNykiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogcG9zdAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvYm9hZm9ybS9hZG1pbi9mb3JtbG9naW4KICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gdXNlcm5hbWUKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogImFkbWluIgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBwc2QKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogInBhcmtzIgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2JvYWZvcm0vYWRtaW4vZm9ybXBpbmcKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSB0YXJnZXRfYWRkcgogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtZjAtOTouXSsiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkF0bGFzc2lhbiBDb25mbHVlbmNlIFByaXZlc2MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTMzNjE3CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OA==", "description": "Atlassian Confluence Privesc (CVE-2023-33617)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-33617", "attack.T1595", "attack.T1190", "cwe.CWE-78" ], "confidence": 3, "label": "Atlassian Confluence Privesc", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-34362": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml", "version": "0.6", "versions": { "0.1": { "digest": "b032c0e88f383ffb1228287b53f61443eb9c91db1cd730c4e10dd42bf44d86d9", "deprecated": false }, "0.2": { "digest": "be808170ee4c42540423351f6d188b8cd22899810357f188d404a61f07b64dc7", "deprecated": false }, "0.3": { "digest": "f579f526676ecaded1b1048503b9fd738144a67b2f7f0b14d6d770c35aa98cf6", "deprecated": false }, "0.4": { "digest": "1af2e304188e802a2aedc45557e41c2e6debac3d8246ec1e44d57f7d664c9677", "deprecated": false }, "0.5": { "digest": "bc1e444bcbe52474d0a3d9dd7293681d0a6ca0a034cded87e095460403985b9d", "deprecated": false }, "0.6": { "digest": "db7744c5124e1531f5c3e141df01fa6dedd5c88cccefb32e5e38206820807c27", "deprecated": false } }, "content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCmRlc2NyaXB0aW9uOiAiTU9WRWl0IFRyYW5zZmVyIFJDRSAoQ1ZFLTIwMjMtMzQzNjIpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IC9tb3ZlaXRpc2FwaS9tb3ZlaXRpc2FwaS5kbGwKICAgIC0gem9uZXM6CiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gYWN0aW9uCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBtMgogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBIRUFERVJTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogJ3gtc2lsb2NrLXRyYW5zYWN0aW9uJwogICAgLSB6b25lczoKICAgICAgLSBIRUFERVJTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICcuK3gtc2lsb2NrLXRyYW5zYWN0aW9uJwpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJNT1ZFaXQgVHJhbnNmZXIgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy0zNDM2MgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtODk=", "description": "MOVEit Transfer RCE (CVE-2023-34362)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-34362", "attack.T1595", "attack.T1190", "cwe.CWE-89" ], "confidence": 3, "label": "MOVEit Transfer RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-35078": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-35078.yaml", "version": "0.1", "versions": { "0.1": { "digest": "24955c9a4642704372c1a26193d4a599165cd486b1f5f3c60bd72991d1ecd18f", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKZGVzY3JpcHRpb246ICJNb2JpbGVJcm9uIENvcmUgUmVtb3RlIFVuYXV0aGVudGljYXRlZCBBUEkgQWNjZXNzIChDVkUtMjAyMy0zNTA3OCkiCnJ1bGVzOgogICAgICAgLSB6b25lczoKICAgICAgICAgICAtIFVSSQogICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICAgbWF0Y2g6CiAgICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgICB2YWx1ZTogL21pZnMvYWFkL2FwaS92Mi8KbGFiZWxzOgogICB0eXBlOiBleHBsb2l0CiAgIHNlcnZpY2U6IGh0dHAKICAgY29uZmlkZW5jZTogMwogICBzcG9vZmFibGU6IDAKICAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgIGxhYmVsOiAiTW9iaWxlSXJvbiBDb3JlIEFQSSIKICAgcmVmZXJlbmNlczoKICAgIC0gaHR0cHM6Ly9mb3J1bXMuaXZhbnRpLmNvbS9zL2FydGljbGUvQ1ZFLTIwMjMtMzUwNzgtUmVtb3RlLXVuYXV0aGVudGljYXRlZC1BUEktYWNjZXNzLXZ1bG5lcmFiaWxpdHk/bGFuZ3VhZ2U9ZW5fVVMKICAgIC0gaHR0cHM6Ly93d3cucmFwaWQ3LmNvbS9ibG9nL3Bvc3QvMjAyMy8wOC8wMi9jdmUtMjAyMy0zNTA4Mi1tb2JpbGVpcm9uLWNvcmUtdW5hdXRoZW50aWNhdGVkLWFwaS1hY2Nlc3MtdnVsbmVyYWJpbGl0eS8KICAgIC0gaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjMtMzUwNzgKICAgY2xhc3NpZmljYXRpb246CiAgICAgLSBjdmUuQ1ZFLTIwMjMtMzUwNzgKICAgICAtIGF0dGFjay5UMTU5NQogICAgIC0gYXR0YWNrLlQxMTkwIA==", "description": "MobileIron Core Remote Unauthenticated API Access (CVE-2023-35078)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-35078", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "MobileIron Core API", "references": [ "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US", "https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/", "https://nvd.nist.gov/vuln/detail/CVE-2023-35078" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-35082": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-35082.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7c66626c83d7f91407257df0897a9adb5958043bbb4d70dece61e0245db2dcc8", "deprecated": false }, "0.2": { "digest": "678db5fe74dc3ee8191cde2e79346935efb2363b7ab93622cdeb1e2fca45f943", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwODIKZGVzY3JpcHRpb246ICJNb2JpbGVJcm9uIENvcmUgUmVtb3RlIFVuYXV0aGVudGljYXRlZCBBUEkgQWNjZXNzIChDVkUtMjAyMy0zNTA4MikiCnJ1bGVzOgogICAgICAgLSB6b25lczoKICAgICAgICAgICAtIFVSSQogICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICAgbWF0Y2g6CiAgICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgICB2YWx1ZTogL21pZnMvYXNmdjMvYXBpL3YyLwpsYWJlbHM6CiAgIHR5cGU6IGV4cGxvaXQKICAgc2VydmljZTogaHR0cAogICBjb25maWRlbmNlOiAzCiAgIHNwb29mYWJsZTogMAogICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICAgbGFiZWw6ICJNb2JpbGVJcm9uIENvcmUgQVBJIgogICByZWZlcmVuY2VzOgogICAgLSBodHRwczovL3d3dy5yYXBpZDcuY29tL2Jsb2cvcG9zdC8yMDIzLzA4LzAyL2N2ZS0yMDIzLTM1MDgyLW1vYmlsZWlyb24tY29yZS11bmF1dGhlbnRpY2F0ZWQtYXBpLWFjY2Vzcy12dWxuZXJhYmlsaXR5LwogICAgLSBodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMy0zNTA4MgogICAgLSBodHRwczovL2ZvcnVtcy5pdmFudGkuY29tL3MvYXJ0aWNsZS9DVkUtMjAyMy0zNTA4Mi1SZW1vdGUtVW5hdXRoZW50aWNhdGVkLUFQSS1BY2Nlc3MtVnVsbmVyYWJpbGl0eS1pbi1Nb2JpbGVJcm9uLUNvcmUtMTEtMi1hbmQtb2xkZXI/bGFuZ3VhZ2U9ZW5fVVMKICAgY2xhc3NpZmljYXRpb246CiAgICAgLSBjdmUuQ1ZFLTIwMjMtMzUwODIKICAgICAtIGF0dGFjay5UMTU5NQogICAgIC0gYXR0YWNrLlQxMTkwIA==", "description": "MobileIron Core Remote Unauthenticated API Access (CVE-2023-35082)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-35082", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "MobileIron Core API", "references": [ "https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/", "https://nvd.nist.gov/vuln/detail/CVE-2023-35082", "https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-3519": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml", "version": "0.3", "versions": { "0.1": { "digest": "459cd434b8da480eaa0bfbbefc9806ca8c445a64757cbd339f1f7b6b32082f6f", "deprecated": false }, "0.2": { "digest": "57441c54adbcb8cd88ba205b1f1358dfc10c1779662efe7e9854469b986c5f54", "deprecated": false }, "0.3": { "digest": "8cc7bb6fd0d71871b7fb1f891182d3a12273dd507c1d59c7539dc620de6c70c4", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQpkZXNjcmlwdGlvbjogIkNpdHJpeCBSQ0UgKENWRS0yMDIzLTM1MTkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBHRVQKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2d3dGVzdC9mb3Jtc3NzbwogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gdGFyZ2V0CiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsZW5ndGgKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZ3RlCiAgICAgICAgdmFsdWU6IDEwMApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDaXRyaXggUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy0zNTE5CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS05NA==", "description": "Citrix RCE (CVE-2023-3519)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-3519", "attack.T1595", "attack.T1190", "cwe.CWE-94" ], "confidence": 3, "label": "Citrix RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-38205": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml", "version": "0.3", "versions": { "0.1": { "digest": "d2c3666c0a337304d92b737ca02ad1aed164e31439eb6596a848688f0c27b178", "deprecated": false }, "0.2": { "digest": "5403b1146ab6a652b31c572f07863ce284d63a6c6a26d254a3c064de0479cb26", "deprecated": false }, "0.3": { "digest": "43a1a41cff1a160eeeb468b52a5fcc2889ee917a4db0396e42c8d6219fdb60c4", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzgyMDUKZGVzY3JpcHRpb246ICJBZG9iZSBDb2xkRnVzaW9uIEFjY2VzcyBDb250cm9sIEJ5cGFzcyAoQ1ZFLTIwMjMtMzgyMDUpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogLi5jZmlkZS93aXphcmRzL2NvbW1vbi8KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQWRvYmUgQ29sZEZ1c2lvbiBBY2Nlc3MgQ29udHJvbCBCeXBhc3MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTM4MjA1CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", "description": "Adobe ColdFusion Access Control Bypass (CVE-2023-38205)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-38205", "attack.T1595", "attack.T1190", "cwe.CWE-284" ], "confidence": 3, "label": "Adobe ColdFusion Access Control Bypass", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-40044": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml", "version": "0.3", "versions": { "0.1": { "digest": "2e8db7d8cb223e1cb1a57c4621b1720d88174c3398183948c8901645f78ee338", "deprecated": false }, "0.2": { "digest": "e49809530908e16a9628fece23d934be09d9756fc64f795d7311e70565a2f32e", "deprecated": false }, "0.3": { "digest": "a32dec2d2ccf399ab0b9bc86dfeb48b7b11037ca617ea8e4ffbce02ed467247b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDAwNDQKZGVzY3JpcHRpb246ICJXU19GVFAgLk5FVCBkZXNlcmlhbGl6ZSBSQ0UgKENWRS0yMDIzLTQwMDQ0KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9haHQvCiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGI2NGRlY29kZQogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiPHM6c3RyaW5nPmNtZDwvczpzdHJpbmc+IgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJXU19GVFAgLk5FVCBkZXNlcmlhbGl6ZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTQwMDQ0CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS01MDIKCgo=", "description": "WS_FTP .NET deserialize RCE (CVE-2023-40044)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-40044", "attack.T1595", "attack.T1190", "cwe.CWE-502" ], "confidence": 3, "label": "WS_FTP .NET deserialize RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-42793": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml", "version": "0.3", "versions": { "0.1": { "digest": "86fb6a193e9799612bf00b67894f7aabe4482f024a012f305b2cfa910384aa73", "deprecated": false }, "0.2": { "digest": "7e7078b0858ea9d8d32c2f9fa9f6879b2322c7b4da1558f9a60708b129dfc1ef", "deprecated": false }, "0.3": { "digest": "c5440ec9305b7dcd1afd0c3d414b5558eb4ab8e64b41acf7ff2427330eabe91a", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDI3OTMKZGVzY3JpcHRpb246ICJKZXRCcmFpbnMgVGVhbWNpdHkgQXV0aCBCeXBhc3MgKENWRS0yMDIzLTQyNzkzKSIKcnVsZXM6CiAgLSB6b25lczoKICAgIC0gVVJJCiAgICB0cmFuc2Zvcm06CiAgICAtIGxvd2VyY2FzZQogICAgbWF0Y2g6CiAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgIHZhbHVlOiAvcnBjMgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJKZXRCcmFpbnMgVGVhbWNpdHkgQXV0aCBCeXBhc3MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTQyNzkzCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODgK", "description": "JetBrains Teamcity Auth Bypass (CVE-2023-42793)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-42793", "attack.T1595", "attack.T1190", "cwe.CWE-288" ], "confidence": 3, "label": "JetBrains Teamcity Auth Bypass", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-46805": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-46805.yaml", "version": "0.4", "versions": { "0.1": { "digest": "d73f6475914ef2c68df3a55c7e38944ab514d0f602246ebb7aa703cf99f922d7", "deprecated": false }, "0.2": { "digest": "bea99668edb018be9ddd78dae7ac1f9585ea8401d15d10494302901f30831bd8", "deprecated": false }, "0.3": { "digest": "94039ee1d01b3cb7a66c6fd7e500ecdf0038de5b64242d48c0710e363baa8c7c", "deprecated": false }, "0.4": { "digest": "d600d0e2e53c296169a060c4d07b2ce4b1ae9a17e181c90bcd44231bd6c7e89b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKZGVzY3JpcHRpb246ICJJdmFudGkgQ29ubmVjdCBBdXRoIEJ5cGFzcyAoQ1ZFLTIwMjMtNDY4MDUpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogL2FwaS92MS90b3RwL3VzZXItYmFja3VwLWNvZGUvLi4vCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICByZWZlcmVuY2VzOgogICAgLSAiaHR0cHM6Ly9hdHRhY2tlcmtiLmNvbS90b3BpY3MvQWRVaDZieTUySy9jdmUtMjAyMy00NjgwNS9yYXBpZDctYW5hbHlzaXMiCiAgbGFiZWw6ICJJdmFudGkgQ29ubmVjdCBBdXRoIEJ5cGFzcyIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtNDY4MDUKICAgLSBjdmUuQ1ZFLTIwMjQtMjE4ODcKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NwogICAtIGN3ZS5DV0UtNzcK", "description": "Ivanti Connect Auth Bypass (CVE-2023-46805)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-46805", "cve.CVE-2024-21887", "attack.T1595", "attack.T1190", "cwe.CWE-287", "cwe.CWE-77" ], "confidence": 3, "label": "Ivanti Connect Auth Bypass", "references": [ "https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-49070": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-49070.yaml", "version": "0.1", "versions": { "0.1": { "digest": "8e97f76d9d5d07270acabdee9ffa0f4aed6632732efc188631f819e60342bd8b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDkwNzAKZGVzY3JpcHRpb246ICJBcGFjaGUgT0ZCaXogLSBSQ0UgKENWRS0yMDIzLTQ5MDcwKSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC93ZWJ0b29scy9jb250cm9sL3htbHJwYzsvCiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBBUkdTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJ1c2VybmFtZSIKICAgIC0gem9uZXM6CiAgICAgIC0gQVJHU19OQU1FUwogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiAicGFzc3dvcmQiCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1NfTkFNRVMKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogInJlcXVpcmVwYXNzd29yZGNoYW5nZSIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQXBhY2hlIE9GQml6IC0gUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy00OTA3MAogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtOTQKCgo=", "description": "Apache OFBiz - RCE (CVE-2023-49070)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-49070", "attack.T1595", "attack.T1190", "cwe.CWE-94" ], "confidence": 3, "label": "Apache OFBiz - RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-50164": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml", "version": "0.6", "versions": { "0.1": { "digest": "2af3917de29ccf7f71d43b78502602568b2d4582769e62ffb9c195fcfab33e90", "deprecated": false }, "0.2": { "digest": "05c4eb4526d99bc0c9cbefbcc60e2fde6f93f5b0f41ea500565f791ae57ed67e", "deprecated": false }, "0.3": { "digest": "fb7280f1aa638812e942985a0a061bc94bac1a5381e57eb764f447d72a8f09d0", "deprecated": false }, "0.4": { "digest": "139eed3def5189d40e3f5e7d613c17ea40141c5707c0094735a41f03d609fc32", "deprecated": false }, "0.5": { "digest": "776bff2e741b150b2fee625b9373f467085d4d52518b80e3712f3da3124c14ef", "deprecated": false }, "0.6": { "digest": "8061064724ee0d544abcff0c661ec8a7ea2b1d1b505a67688754843df7b395a1", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKZGVzY3JpcHRpb246ICJBcGFjaGUgU3RydXRzMiBQYXRoIFRyYXZlcnNhbCAoQ1ZFLTIwMjMtNTAxNjQpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwojaXQgbWlnaHQgYmUgdXNlZCBib3RoIGluIFBPU1QgYW5kIEdFVCBhcmdzOiBodHRwczovL3RyZ2FuZGEuZ2l0aHViLmlvL25vdGVzL3NlY3VyaXR5L3Z1bG5lcmFiaWxpdGllcy9hcGFjaGUtc3RydXRzL0FwYWNoZS1TdHJ1dHMtUmVtb3RlLUNvZGUtRXhlY3V0aW9uLVZ1bG5lcmFiaWxpdHktKC1TMi0wNjYtQ1ZFLTIwMjMtNTAxNjQpCiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gLy4rZmlsZW5hbWUkLwogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4vIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJBcGFjaGUgU3RydXRzMiBQYXRoIFRyYXZlcnNhbCIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtNTAxNjQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTU1MgoKCg==", "description": "Apache Struts2 Path Traversal (CVE-2023-50164)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-50164", "attack.T1595", "attack.T1190", "cwe.CWE-552" ], "confidence": 3, "label": "Apache Struts2 Path Traversal", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-6553": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-6553.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7f1b24ef1f47484198636bb3c21580d075befe0be4a5438c2fb881d7a8646827", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwpkZXNjcmlwdGlvbjogIkJhY2t1cCBNaWdyYXRpb24gcGx1Z2luIGZvciBXb3JkUHJlc3MgUkNFIChDVkUtMjAyMy02NTUzKSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC93cC1jb250ZW50L3BsdWdpbnMvYmFja3VwLWJhY2t1cC9pbmNsdWRlcy9iYWNrdXAtaGVhcnQucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEhFQURFUlMKICAgICAgdmFyaWFibGVzOgogICAgICAtIGNvbnRlbnQtZGlyCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHN0YXJ0c1dpdGgKICAgICAgICB2YWx1ZTogInBocDovL2ZpbHRlciIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQmFja3VwIE1pZ3JhdGlvbiBwbHVnaW4gZm9yIFdvcmRQcmVzcyBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTY1NTMKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4Nw==", "description": "Backup Migration plugin for WordPress RCE (CVE-2023-6553)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-6553", "attack.T1595", "attack.T1190", "cwe.CWE-287" ], "confidence": 3, "label": "Backup Migration plugin for WordPress RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2023-7028": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-7028.yaml", "version": "0.2", "versions": { "0.1": { "digest": "811a139492660287a20b85f93f48c4ae1de59ff4a22f8c73d7a7f5a56933d273", "deprecated": false }, "0.2": { "digest": "e5171ce8e1da414ec9d165d6bfcd407eaad7f9f2b88531ce0651317dc4bbfa14", "deprecated": false } }, "content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTcwMjgKZGVzY3JpcHRpb246ICJHaXRsYWIgUGFzc3dvcmQgUmVzZXQgQWNjb3VudCBUYWtlb3ZlciAoQ1ZFLTIwMjMtNzAyOCkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvdXNlcnMvcGFzc3dvcmQKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gJ3VzZXJbZW1haWxdW10nCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBjb3VudAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBndGUKICAgICAgICB2YWx1ZTogMgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJHaXRsYWIgUGFzc3dvcmQgUmVzZXQgQWNjb3VudCBUYWtlb3ZlciIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtNzAyOAogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MA==", "description": "Gitlab Password Reset Account Takeover (CVE-2023-7028)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2023-7028", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Gitlab Password Reset Account Takeover", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2024-1212": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml", "version": "0.3", "versions": { "0.1": { "digest": "3326d798f61d7c8958a55949f3867b13d88f86483eed381947596e8f4596f3ea", "deprecated": false }, "0.2": { "digest": "0819184b4cda6c3ef48cf2fde19c4a5a9dde6a3389b0ad0c4a65df61de3247d0", "deprecated": false }, "0.3": { "digest": "58256c07b3c6e43e42f125bb0b735b31ec621e17c3067ededc97b9fc5cc239a7", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgpkZXNjcmlwdGlvbjogIlByb2dyZXNzIEtlbXAgTG9hZE1hc3RlciBVbmF1dGhlbnRpY2F0ZWQgQ29tbWFuZCBJbmplY3Rpb24gKENWRS0yMDI0LTEyMTIpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogL2FjY2Vzcy9zZXQKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gQXV0aG9yaXphdGlvbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAnQmFzaWMgSnp0JyAjYjY0ZW5jb2RlIG9mICc7CmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkxvYWRNYXN0ZXIgVUNJIgogIHJlZmVyZW5jZXM6CiAgLSBodHRwczovL3JoaW5vc2VjdXJpdHlsYWJzLmNvbS9yZXNlYXJjaC9jdmUtMjAyNC0xMjEydW5hdXRoZW50aWNhdGVkLWNvbW1hbmQtaW5qZWN0aW9uLWluLXByb2dyZXNzLWtlbXAtbG9hZG1hc3Rlci8KICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjQtMTIxMgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAo=", "description": "Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2024-1212", "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "LoadMaster UCI", "references": [ "https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/" ], "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2024-22024": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-22024.yaml", "version": "0.1", "versions": { "0.1": { "digest": "86d1e5651f9ed931064321629d37acd1d297f050af95304004743546ccde373b", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjIwMjQKZGVzY3JpcHRpb246ICJJdmFudGkgQ29ubmVjdCBTZWN1cmUgLSBYWEUgKENWRS0yMDI0LTIyMDI0KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAiL2RhbmEtbmEvYXV0aC9zYW1sLXNzby5jZ2kiCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gYjY0ZGVjb2RlCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBTQU1MUmVxdWVzdAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiPCFFTlRJVFkiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkl2YW50aSBDb25uZWN0IFNlY3VyZSAtIFhYRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjQtMjIwMjQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTYxMQoKCg==", "description": "Ivanti Connect Secure - XXE (CVE-2024-22024)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2024-22024", "attack.T1595", "attack.T1190", "cwe.CWE-611" ], "confidence": 3, "label": "Ivanti Connect Secure - XXE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2024-23897": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-23897.yaml", "version": "0.4", "versions": { "0.1": { "digest": "ab1b0f8e512b1f4ec4a36928bc617a4cc047fd3040f5441072f4e8570a66839c", "deprecated": false }, "0.2": { "digest": "adc0d879372de93098470b3058230c6a52fa3b7f35580ee55aa32f973a049982", "deprecated": false }, "0.3": { "digest": "ab1b0f8e512b1f4ec4a36928bc617a4cc047fd3040f5441072f4e8570a66839c", "deprecated": false }, "0.4": { "digest": "31e3cb46327f3b95ee097aca11e862c296e49602fa968077a85b2ba320cc97b6", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjM4OTcKZGVzY3JpcHRpb246ICJKZW5raW5zIENMSSBSQ0UgKENWRS0yMDI0LTIzODk3KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogIi9jbGkiCiAgICAtIHpvbmVzOgogICAgICAgIC0gSEVBREVSUwogICAgICB2YXJpYWJsZXM6CiAgICAgICAgLSBzaWRlCiAgICAgIHRyYW5zZm9ybToKICAgICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogInVwbG9hZCIKICAgIC0gem9uZXM6CiAgICAgIC0gUkFXX0JPRFkKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogcmVnZXgKICAgICAgICB2YWx1ZTogPi0KICAgICAgICAgIEAvfEBcLgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJKZW5raW5zIENMSSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDI0LTIzODk3CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS01NTIKCgo=", "description": "Jenkins CLI RCE (CVE-2024-23897)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2024-23897", "attack.T1595", "attack.T1190", "cwe.CWE-552" ], "confidence": 3, "label": "Jenkins CLI RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-CVE-2024-27198": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-27198.yaml", "version": "0.4", "versions": { "0.1": { "digest": "1bd4f1a3645fc3a5ed7311cd2fdc535417963f0e8f9872a0fcdad2c6fe92b260", "deprecated": false }, "0.2": { "digest": "18cc0e2d9cee1d2aef80d7ac4f2da92f1305dd5cd6468009840839f484321e5c", "deprecated": false }, "0.3": { "digest": "6a74b6a71bce986adec58998aa99ba1332c54799b10535ad9966751e7348d4e9", "deprecated": false }, "0.4": { "digest": "b8b51dea722e3c2e4d3a8349718e4642fc4746c02bb152a12e7aca185daf114e", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKZGVzY3JpcHRpb246ICJUZWFtY2l0eSAtIEF1dGhlbnRpY2F0aW9uIEJ5cGFzcyAoQ1ZFLTIwMjQtMjcxOTgpIgpydWxlczoKICAtIGFuZDoKICAgICAgLSB6b25lczoKICAgICAgICAgIC0gVVJJX0ZVTEwKICAgICAgICB0cmFuc2Zvcm06CiAgICAgICAgICAtIGxvd2VyY2FzZQogICAgICAgIG1hdGNoOgogICAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICAgIHZhbHVlOiAiOy5qc3AiCiAgICAgIC0gem9uZXM6CiAgICAgICAgICAtIFVSSV9GVUxMCiAgICAgICAgdHJhbnNmb3JtOgogICAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgICBtYXRjaDoKICAgICAgICAgIHR5cGU6IGNvbnRhaW5zCiAgICAgICAgICB2YWx1ZTogIi9hcHAvcmVzdC8iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlBIUFVuaXQgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBjdmUuQ1ZFLTIwMTctOTg0MQogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN3ZS5DV0UtOTQK", "description": "Teamcity - Authentication Bypass (CVE-2024-27198)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "cve.CVE-2017-9841", "attack.T1595", "attack.T1190", "cwe.CWE-94" ], "confidence": 3, "label": "PHPUnit RCE", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-connectwise-auth-bypass": { "path": "appsec-rules/crowdsecurity/vpatch-connectwise-auth-bypass.yaml", "version": "0.3", "versions": { "0.1": { "digest": "3a461c52bf1c676beadeeef321bcd39a871b4051f1e5aca42fe2268b7f917dcd", "deprecated": false }, "0.2": { "digest": "a7c50e04363300961065df8065b2fa7b038e07aa4f81b98b64484f2b567d982d", "deprecated": false }, "0.3": { "digest": "70f819f47b0c12d5bafc64b3f7274b8e61dca3b22a35c23e21119d871dce2f61", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtY29ubmVjdHdpc2UtYXV0aC1ieXBhc3MKZGVzY3JpcHRpb246ICJEZXRlY3QgZXhwbG9pdGF0aW9uIG9mIGF1dGggYnlwYXNzIGluIENvbm5lY3RXaXNlIFNjcmVlbkNvbm5lY3QiCnJ1bGVzOgogIC0gem9uZXM6CiAgICAtIFVSSQogICAgdHJhbnNmb3JtOgogICAgLSBsb3dlcmNhc2UKICAgIG1hdGNoOgogICAgICB0eXBlOiBlbmRzV2l0aAogICAgICB2YWx1ZTogL3NldHVwd2l6YXJkLmFzcHgvCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNvbm5lY3RXaXNlIFNjcmVlbkNvbm5lY3QgLSBBdXRoIEJ5cGFzcyIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjdmUuQ1ZFLTIwMjQtMTcwOQo=", "description": "Detect exploitation of auth bypass in ConnectWise ScreenConnect", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2024-1709" ], "confidence": 3, "label": "ConnectWise ScreenConnect - Auth Bypass", "service": "http", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/vpatch-env-access": { "path": "appsec-rules/crowdsecurity/vpatch-env-access.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ae22c494fb05801bc4886564e63927ccc248be20b1d1dc31f1011a27a4d75cbe", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtZW52LWFjY2VzcwpkZXNjcmlwdGlvbjogIkRldGVjdCBhY2Nlc3MgdG8gLmVudiBmaWxlcyIKcnVsZXM6CiAgLSB6b25lczoKICAgIC0gVVJJCiAgICB0cmFuc2Zvcm06CiAgICAtIGxvd2VyY2FzZQogICAgbWF0Y2g6CiAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgIHZhbHVlOiAvLmVudgpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJBY2Nlc3MgdG8gLmVudiBmaWxlIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAo=", "description": "Detect access to .env files", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Access to .env file", "service": "http", "spoofable": 0, "type": "scan" } }, "crowdsecurity/vpatch-laravel-debug-mode": { "path": "appsec-rules/crowdsecurity/vpatch-laravel-debug-mode.yaml", "version": "0.3", "versions": { "0.1": { "digest": "096552a04dd5f6c94e6beeadb8c197bc543518388b2b2316ce602b60ba3d9f49", "deprecated": false }, "0.2": { "digest": "38bac09d834161aa1f0e66dbf6930c53a8f71c25871cb1e527c97c02b3a41b50", "deprecated": false }, "0.3": { "digest": "209bf1b8311c071da33bf6ad7a2bd4b074c0ec1dcd2e28030d95cd4cd5fc1711", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJvdHMgZXhwbG9pdGluZyBsYXJhdmVsIGRlYnVnIG1vZGUiCiNzZWUgaHR0cHM6Ly9naXRodWIuY29tL3MxbWlpaS9jYXBlL2Jsb2IvbWFpbi9sZXIucHkgOiBib3QgaXMgdHJ5aW5nIHRvIHRyaWdnZXIgYSBkZWJ1ZyBsb2cgdG8gZXh0cmFjdCBzZWNyZXRzLgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAgIC0gQk9EWV9BUkdTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogIjB4W10iCmxhYmVsczoKICB0eXBlOiBzY2FuCiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIkFjY2VzcyB0byBsYXJhdmVsIGRlYnVnIG1vZGUiCiAgI3doaWxlIHRoZSB2cGF0Y2ggZG9lc24ndCBhZGRyZXNzIGRpcmVjdGx5IHRoZSBDVkVzIGJlbG93LCBpdCBkZXRlY3RzIHRoZSBib3QgdGhhdCBhYnVzZXMgdGhlbS4KICBjbGFzc2lmaWNhdGlvbjoKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjdmUuQ1ZFLTIwMTctMTY4OTQKICAgLSBjdmUuQ1ZFLTIwMjEtNDE3MTQKICAgLSBjdmUuQ1ZFLTIwMTktMTcwNTAK", "description": "Detect bots exploiting laravel debug mode", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2017-16894", "cve.CVE-2021-41714", "cve.CVE-2019-17050" ], "confidence": 3, "label": "Access to laravel debug mode", "service": "http", "spoofable": 0, "type": "scan" } }, "crowdsecurity/vpatch-symfony-profiler": { "path": "appsec-rules/crowdsecurity/vpatch-symfony-profiler.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9f9f2298f065610b0b45115147050747dfb53eb51d8bda781811bdce3f5bef10", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtc3ltZm9ueS1wcm9maWxlcgpkZXNjcmlwdGlvbjogIkRldGVjdCBhYnVzZSBvZiBzeW1mb255IHByb2ZpbGVyIgpydWxlczoKICAtIHpvbmVzOgogICAgLSBVUkkKICAgIHRyYW5zZm9ybToKICAgIC0gbG93ZXJjYXNlCiAgICBtYXRjaDoKICAgICAgdHlwZTogY29udGFpbnMKICAgICAgdmFsdWU6IC9fcHJvZmlsZXIvcGhwaW5mbwogIC0gem9uZXM6CiAgICAtIFVSSQogICAgdHJhbnNmb3JtOgogICAgLSBsb3dlcmNhc2UKICAgIG1hdGNoOgogICAgICB0eXBlOiBjb250YWlucwogICAgICB2YWx1ZTogL19wcm9maWxlci9vcGVuCmxhYmVsczoKICB0eXBlOiBzY2FuCiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIkFjY2VzcyB0byBzeW1mb255IHByb2ZpbGVyIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAo=", "description": "Detect abuse of symfony profiler", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Access to symfony profiler", "service": "http", "spoofable": 0, "type": "scan" } } }, "collections": { "Dominic-Wagner/vaultwarden": { "path": "collections/Dominic-Wagner/vaultwarden.yml", "version": "0.1", "versions": { "0.1": { "digest": "41f537b7985ef168a1d31c7cb10a49672925313724d523fba8389714c4222742", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIFZhdWx0d2FyZGVuIHBhcnNlcgogLSBWYXVsdHdhcmRlbiBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCg==", "content": "cGFyc2VyczoKICAtIERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWxvZ3MKc2NlbmFyaW9zOgogIC0gRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tYmYKZGVzY3JpcHRpb246ICJWYXVsdHdhcmRlbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogRG9taW5pYy1XYWduZXIKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gdmF1bHR3YXJkZW4K", "description": "Vaultwarden support : parser and brute-force detection", "author": "Dominic-Wagner", "labels": null, "parsers": [ "Dominic-Wagner/vaultwarden-logs" ], "scenarios": [ "Dominic-Wagner/vaultwarden-bf" ] }, "LePresidente/adguardhome": { "path": "collections/LePresidente/adguardhome.yml", "version": "0.1", "versions": { "0.1": { "digest": "3ab656c2d2be80019f8b6c63a5ea46d7400593cb50c946cde89b05d1878229e5", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQWRHdWFyZEhvbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9BZGd1YXJkVGVhbS9BZEd1YXJkSG9tZSkgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEFkR3VhcmRIb21lIHBhcnNlcgogLSBBZEd1YXJkSG9tZSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWRHdWFyZCBIb21lIC0gQ29uZmlndXJhdGlvbgpBZGQgaW50byBBZEd1YXJkSG9tZS55YW1sIHRoZSBmb2xsb3cgYXJndW1lbnRzIChwZXIgZGVmYXVsdCBBZGd1YXJkIHdyaXRlIGludG8gc3Rkb3V0IG9yIHN5c2xvZyBbRG9rdSBBZEd1YXJkIEhvbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9BZGd1YXJkVGVhbS9BZEd1YXJkSG9tZS93aWtpL0NvbmZpZ3VyYXRpb24jY29tbWFuZC1saW5lKQoKYGBgCmxvZzoKICBmaWxlOiAvdmFyL2xvZy9BZEd1YXJkSG9tZS5sb2cKICB2ZXJib3NlOiBmYWxzZQpgYGAKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKSWYgdXNpbmcgTE9HX0ZJTEUgZW52aXJvbm1lbnQgdmFyaWFibGU6CmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvQWRHdWFyZEhvbWUubG9nCmxhYmVsczoKICB0eXBlOiBhZGd1YXJkaG9tZQpgYGAKCkRpcmVjdGx5IG1vbml0b3JpbmcgRG9ja2VyCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBBZEd1YXJkSG9tZQojY29udGFpbmVyX2lkOgojIC0gODQzZWU5MmQyMzFiCmxhYmVsczoKICB0eXBlOiBhZGd1YXJkaG9tZQpgYGAKCgoKCg==", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9hZGd1YXJkaG9tZS1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9hZGd1YXJkaG9tZS1iZgpkZXNjcmlwdGlvbjogIkFkR3VhcmRIb21lIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gQWRHdWFyZEhvbWU=", "description": "AdGuardHome Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/adguardhome-logs" ], "scenarios": [ "LePresidente/adguardhome-bf" ] }, "LePresidente/authelia": { "path": "collections/LePresidente/authelia.yml", "version": "0.2", "versions": { "0.1": { "digest": "483d6a415e6649614ce28efbc2f87cf35664d989469e97cbd1f4d8b8ab7916ed", "deprecated": false }, "0.2": { "digest": "24800ff1ae7b37bf343bc7dfc9053c0130e75c832826782fa422b182b787e0d5", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQXV0aGVsaWFdKGh0dHBzOi8vd3d3LmF1dGhlbGlhLmNvbSkgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEF1dGhlbGlhIHBhcnNlcgogLSBBdXRoZWxpYSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpJZiB1c2luZyBMT0dfRklMRSBlbnZpcm9ubWVudCB2YXJpYWJsZToKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9BdXRoZWxpYS5sb2cKbGFiZWxzOgogIHR5cGU6IGF1dGhlbGlhCmBgYA==", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9hdXRoZWxpYS1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZgpkZXNjcmlwdGlvbjogIkF1dGhlbGlhIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gYXV0aGVsaWE=", "description": "Authelia Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/authelia-logs" ], "scenarios": [ "LePresidente/authelia-bf" ] }, "LePresidente/emby": { "path": "collections/LePresidente/emby.yml", "version": "0.1", "versions": { "0.1": { "digest": "53801da28b3557ad39bc8672d0db62d845cc401bbfcde36f6f4b7f0d8a749fe9", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbRW1ieV0oaHR0cHM6Ly9lbWJ5Lm1lZGlhKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gRW1ieSBwYXJzZXIKIC0gRW1ieSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpJZiB1c2luZyBMT0dfRklMRSBlbnZpcm9ubWVudCB2YXJpYWJsZToKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9lbWJ5c2VydmVyLnR4dApsYWJlbHM6CiAgdHlwZTogZW1ieQpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9lbWJ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL2VtYnktYmYKZGVzY3JpcHRpb246ICJFbWJ5IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gZW1ieQ==", "description": "Emby support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/emby-logs" ], "scenarios": [ "LePresidente/emby-bf" ] }, "LePresidente/gitea": { "path": "collections/LePresidente/gitea.yml", "version": "0.2", "versions": { "0.1": { "digest": "1282681d69e45e64050a497ac8f17bfb67ba55a0c494743e3f5b33c2f3cee97d", "deprecated": false }, "0.2": { "digest": "f5098f91736d1c3b835dfb741c271cad33a21ffb78e0554357950313ecdfe037", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbR2l0ZWFdKGh0dHBzOi8vZ2l0ZWEuaW8pIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEdpdGVhIHBhcnNlcgogLSBHaXRlYSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGVhLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0ZWEKYGBg", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9naXRlYS1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9naXRlYS1iZgpkZXNjcmlwdGlvbjogIkdpdGVhIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gZ2l0ZWE=", "description": "Gitea Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/gitea-logs" ], "scenarios": [ "LePresidente/gitea-bf" ] }, "LePresidente/grafana": { "path": "collections/LePresidente/grafana.yml", "version": "0.1", "versions": { "0.1": { "digest": "ab0e0fd9a6a3b424af7ef5c162ae1d99e3adf0d5f166c0179acf57b8b3428ff0", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbR3JhZmFuYV0oaHR0cHM6Ly9ncmFmYW5hLmNvbSkgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEdyYWZhbmEgcGFyc2VyCiAtIEdyYWZhbmEgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKSWYgdXNpbmcgTE9HX0ZJTEUgZW52aXJvbm1lbnQgdmFyaWFibGU6CmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvZ3JhZmFuYS9ncmFmYW5hLmxvZwpsYWJlbHM6CiAgdHlwZTogZ3JhZmFuYQpgYGAKCkRpcmVjdGx5IG1vbml0b3JpbmcgRG9ja2VyCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBncmFmYW5hCiNjb250YWluZXJfaWQ6CiMgLSA4NDNlZTkyZDIzMWIKbGFiZWxzOgogIHR5cGU6IGdyYWZhbmEKLS0tCg==", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9ncmFmYW5hLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL2dyYWZhbmEtYmYKZGVzY3JpcHRpb246ICJHcmFmYW5hIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gZ3JhZmFuYQ==", "description": "Grafana Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/grafana-logs" ], "scenarios": [ "LePresidente/grafana-bf" ] }, "LePresidente/harbor": { "path": "collections/LePresidente/harbor.yml", "version": "0.1", "versions": { "0.1": { "digest": "93d1b83b4948e89c35e034037be9588309a097009cf00335e054c8314424ff24", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSGFyYm9yXShodHRwczovL2dvaGFyYm9yLmlvLykgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrczoKIC0gSGFyYm9yIHBhcnNlcgogLSBIYXJib3IgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9oYXJib3IvY29yZS5sb2cKbGFiZWxzOgogIHR5cGU6IGhhcmJvcgpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9oYXJib3ItbG9ncwpzY2VuYXJpb3M6CiAgLSBMZVByZXNpZGVudGUvaGFyYm9yLWJmCmRlc2NyaXB0aW9uOiAiSGFyYm9yIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gaGFyYm9y", "description": "Harbor Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/harbor-logs" ], "scenarios": [ "LePresidente/harbor-bf" ] }, "LePresidente/jellyfin": { "path": "collections/LePresidente/jellyfin.yml", "version": "0.2", "versions": { "0.1": { "digest": "4aba23304b8de2d269e4223a64e418b23154461af1862ef6b67239033e1bef43", "deprecated": false }, "0.2": { "digest": "fe7f6fd1f6dde5ca66020b1d8431784a27dbb9ff34bbd15f4222356eb713a80f", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSmVsbHlmaW5dKGh0dHBzOi8vamVsbHlmaW4ub3JnKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gSmVsbHlmaW4gcGFyc2VyCiAtIEplbGx5ZmluIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2plbGx5ZmluL2xvZ18qLmxvZwpsYWJlbHM6CiAgdHlwZTogamVsbHlmaW4KYGBgCgpGb3IgRG9ja2VyIGRpcmVjdGx5CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBqZWxseWZpbgojY29udGFpbmVyX2lkOgojIC0gODQzZWU5MmQyMzFiCmxhYmVsczoKICB0eXBlOiBqZWxseWZpbgpgYGAKCioqTm90ZToqKiBJZiB5b3UgYXJlIHVzaW5nIERvY2tlciBsb2dzIChkaXJlY3RseSBvciBzZW5kaW5nIHRoZW0gdG8gYSBzeXNsb2cgc2VydmVyKSwgdGhlIG91dHB1dCBmb3JtYXQgaXMgaW5jb3JyZWN0IGFuZCB3aWxsIG5vdCBtYXRjaC4gIApDcmVhdGUgYSBjb3B5IG9mIGBsb2dnaW5nLmRlZmF1bHQuanNvbmAgdG8gYGxvZ2dpbmcuanNvbmAgaW4gSmVsbHlmaW4gY29uZmlnIGRpcmVjdG9yeSAoaXQgd2lsbCBvdmVycmlkZSB0aGUgbG9nZ2luZy5kZWZhdWx0Lmpzb24pIGFuZCBjaGFuZ2UgdGhlIGNvbnNvbGUgb3V0cHV0IHRlbXBsYXRlIGxpa2UgdGhlIGZvbGxvd2luZyA6ICAKYGBgCi4uLgogICAgICAgICJXcml0ZVRvIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiTmFtZSI6ICJDb25zb2xlIiwKICAgICAgICAgICAgICAgICJBcmdzIjogewogICAgICAgICAgICAgICAgICAgICJvdXRwdXRUZW1wbGF0ZSI6ICJbe1RpbWVzdGFtcDp5eXl5LU1NLWRkIEhIOm1tOnNzLmZmZiB6enp9XSBbe0xldmVsOnUzfV0gW3tUaHJlYWRJZH1dIHtTb3VyY2VDb250ZXh0fToge01lc3NhZ2U6bGp9e05ld0xpbmV9e0V4Y2VwdGlvbn0iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCi4uLgpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9qZWxseWZpbi1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2plbGx5ZmluLXdoaXRlbGlzdApzY2VuYXJpb3M6CiAgLSBMZVByZXNpZGVudGUvamVsbHlmaW4tYmYKZGVzY3JpcHRpb246ICJKZWxseWZpbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogTGVQcmVzaWRlbnRlCnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGUtZm9yY2UKICAtIGplbGx5ZmluCg==", "description": "Jellyfin support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/jellyfin-logs", "crowdsecurity/jellyfin-whitelist" ], "scenarios": [ "LePresidente/jellyfin-bf" ] }, "LePresidente/jellyseerr": { "path": "collections/LePresidente/jellyseerr.yml", "version": "0.1", "versions": { "0.1": { "digest": "aca16e29cb6b48379195cc5a945d40ec50839728ad57bfeaca2002cb74c4e942", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSmVsbHlTZWVycl0oaHR0cHM6Ly9naXRodWIuY29tL0ZhbGxlbmJhZ2VsL2plbGx5c2VlcnIpIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEplbGx5U2VlcnIgcGFyc2VyCiAtIEplbGx5U2VlcnIgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIGplbGx5c2VlcnIKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogamVsbHlzZWVycgpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9qZWxseXNlZXJyLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItYmYKZGVzY3JpcHRpb246ICJqZWxseXNlZXJyIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gamVsbHlzZWVycg==", "description": "jellyseerr Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/jellyseerr-logs" ], "scenarios": [ "LePresidente/jellyseerr-bf" ] }, "LePresidente/ombi": { "path": "collections/LePresidente/ombi.yml", "version": "0.2", "versions": { "0.1": { "digest": "e9d9d297381904e0a1cc418bc8474969bca3f37acde631e7ed84529bd7e7f1f4", "deprecated": false }, "0.2": { "digest": "fa7cf1b7df176ab36a30f56f863949f204ffea11ba93ab2d31e63c88a716725c", "deprecated": false } }, "long_description": "RXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvb21iaS9sb2ctKi50eHQKbGFiZWxzOgogIHR5cGU6IG9tYmkKYGBg", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9vbWJpLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL29tYmktYmYKZGVzY3JpcHRpb246ICJPbWJpIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gb21iaQ==", "description": "Ombi Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/ombi-logs" ], "scenarios": [ "LePresidente/ombi-bf" ] }, "LePresidente/overseerr": { "path": "collections/LePresidente/overseerr.yml", "version": "0.1", "versions": { "0.1": { "digest": "25fd12bd42233e51847faf10f6189ebbdc692ddf8ec9fe092ce4d3e55ef87ed3", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbT3ZlcnNlZXJyXShodHRwczovL292ZXJzZWVyci5kZXYpIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIE92ZXJzZWVyciBwYXJzZXIKIC0gT3ZlcnNlZXJyIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBvdmVyc2VlcnIKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogb3ZlcnNlZXJyCmBgYA==", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9vdmVyc2VlcnItbG9ncwpzY2VuYXJpb3M6CiAgLSBMZVByZXNpZGVudGUvb3ZlcnNlZXJyLWJmCmRlc2NyaXB0aW9uOiAib3ZlcnNlZXJyIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gb3ZlcnNlZXJy", "description": "overseerr Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/overseerr-logs" ], "scenarios": [ "LePresidente/overseerr-bf" ] }, "LePresidente/redmine": { "path": "collections/LePresidente/redmine.yml", "version": "0.1", "versions": { "0.1": { "digest": "5e00897f8019dfd8e49d5040827577195a83d57a1903e654c395874d98b029cb", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbUmVkbWluZV0oaHR0cHM6Ly93d3cucmVkbWluZS5vcmcpIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBSZWRtaW5lIHBhcnNlcgogLSBSZWRtaW5lIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3Byb2R1Y3Rpb24ubG9nCmxhYmVsczoKICB0eXBlOiByZWRtaW5lCmBgYAoKRGlyZWN0bHkgbW9uaXRvcmluZyBEb2NrZXIKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIFJlZG1pbmUKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogcmVkbWluZQpgYGA=", "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9yZWRtaW5lLWxvZ3MKc2NlbmFyaW9zOgogIC0gTGVQcmVzaWRlbnRlL3JlZG1pbmUtYmYKZGVzY3JpcHRpb246ICJSZWRtaW5lIFN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gcmVkbWluZQ==", "description": "Redmine Support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ "LePresidente/redmine-logs" ], "scenarios": [ "LePresidente/redmine-bf" ] }, "MariuszKociubinski/bitwarden": { "path": "collections/MariuszKociubinski/bitwarden.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6b194780d0bcc423fb609ec55cf283df24510ea53e28ee63173fd8c94490de7c", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQml0d2FyZGVuIFNlbGYgSG9zdGVkXShodHRwczovL2JpdHdhcmRlbi5jb20vaGVscC9pbnN0YWxsLWFuZC1kZXBsb3ktdW5pZmllZC1iZXRhLykgZGVwbG95bWVudHMgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEJpdHdhcmRlbiBwYXJzZXIKIC0gQml0d2FyZGVuIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2JpdHdhcmRlbi9pZGVudGl0eS5sb2cKbGFiZWxzOgogIHR5cGU6IGJpdHdhcmRlbgpgYGA=", "content": "cGFyc2VyczogCiAgLSBNYXJpdXN6S29jaXViaW5za2kvYml0d2FyZGVuLWxvZ3MKc2NlbmFyaW9zOgogIC0gTWFyaXVzektvY2l1Ymluc2tpL2JpdHdhcmRlbi1iZgpkZXNjcmlwdGlvbjogIkJpdHdhcmRlbiBTZWxmIEhvc3RlZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogTWFyaXVzektvY2l1Ymluc2tpCnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGUtZm9yY2UKICAtIGJpdHdhcmRlbg==", "description": "Bitwarden Self Hosted support : parser and brute-force detection", "author": "MariuszKociubinski", "labels": null, "parsers": [ "MariuszKociubinski/bitwarden-logs" ], "scenarios": [ "MariuszKociubinski/bitwarden-bf" ] }, "ZoeyVid/npmplus": { "path": "collections/ZoeyVid/npmplus.yaml", "version": "0.2", "versions": { "0.1": { "digest": "fee2cab2c1ddb4243b18cbffffd1176bbc25bfbc3803140806738f23e1b301c4", "deprecated": false }, "0.2": { "digest": "7b9d1c50999fe6dcf3df75344de98d68d394873c7a11c61de07aaaadc8ab6926", "deprecated": false } }, "long_description": "IyMgTlBNcGx1cyBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIG5naW54IGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIFtOUE1wbHVzXShodHRwczovL2dpdGh1Yi5jb20vWm9leVZpZC9OUE1wbHVzKSBwYXJzZXIKIC0gYmFzZSBodHRwIHNjZW5hcmlvcyAoY3Jhd2wsIDQwNCBzY2FuLCBiZikKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9vcHQvbnBtL25naW54L2FjY2Vzcy5sb2cKbGFiZWxzOgogIHR5cGU6IG5wbXBsdXMKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBucG1wbHVzCmxhYmVsczoKICB0eXBlOiBucG1wbHVzCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gbnBtcGx1cwpsYWJlbHM6CiAgdHlwZTogbW9kc2VjdXJpdHkKLS0tCmxpc3Rlbl9hZGRyOiAwLjAuMC4wOjc0MjIKYXBwc2VjX2NvbmZpZzogY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCm5hbWU6IG15QXBwU2VjQ29tcG9uZW50CnNvdXJjZTogYXBwc2VjCmxhYmVsczoKICB0eXBlOiBhcHBzZWMKYGBgCgoKbm90ZXM6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBjb25maWd1cmF0aW9uLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIFpvZXlWaWQvbnBtcGx1cy1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCiAgLSBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5CnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtcmVxLWxpbWl0LWV4Y2VlZGVkCmRlc2NyaXB0aW9uOiAiTlBNcGx1cyBzdXBwb3J0OiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogWm9leVZpZAp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuZ2lueC1wcm94eQogIC0gY3Jhd2wKICAtIHNjYW4K", "description": "NPMplus support: parser and generic http scenarios", "author": "ZoeyVid", "labels": null, "parsers": [ "ZoeyVid/npmplus-logs" ], "scenarios": [ "crowdsecurity/nginx-req-limit-exceeded" ], "collections": [ "crowdsecurity/appsec-virtual-patching", "crowdsecurity/base-http-scenarios", "crowdsecurity/modsecurity" ] }, "a1ad/meshcentral": { "path": "collections/a1ad/meshcentral.yml", "version": "0.2", "versions": { "0.1": { "digest": "f3f12866b7128fab9b648ae1c27202c5d46aae241d2b0151a62956d17fc3774f", "deprecated": false }, "0.2": { "digest": "dc8041951ca55d91c59af573ae9b6284a89f84cddc1267ffe0de56d0ebd41602", "deprecated": false } }, "long_description": "CkEgY29sbGVjdGlvbiB0byBkZWZlbmQgW01lc2hjZW50cmFsXShodHRwczovL3d3dy5tZXNoY29tbWFuZGVyLmNvbS9tZXNoY2VudHJhbDIpIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBNZXNoY2VudHJhbCBwYXJzZXIKIC0gTWVzaGNlbnRyYWwgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKWW91IG5lZWQgdG8gYWRkIHRoZSBmb2xsb3dpbmcgaW4gdGhlIE1lc2hjZW50cmFsIGNvbmZpZyBmaWxlIGJlZm9yZSBNZXNoY2VudHJhbCBzdGFydHMgbG9nZ2luZzoKImF1dGhMb2ciOiAiL29wdC9tZXNoY2VudHJhbC9tZXNoY2VudHJhbC1kYXRhL2F1dGgubG9nIgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvb3B0L21lc2hjZW50cmFsL21lc2hjZW50cmFsLWRhdGEvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IG1lc2hjZW50cmFsCmBgYAoKRm9yIERvY2tlciBkaXJlY3RseQpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gbWVzaGNlbnRyYWwKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogbWVzaGNlbnRyYWwKYGBgCg==", "content": "cGFyc2VyczoKICAtIGExYWQvbWVzaGNlbnRyYWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBhMWFkL21lc2hjZW50cmFsLWJmCmRlc2NyaXB0aW9uOiAiTWVzaGNlbnRyYWwgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGExYWQKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gbWVzaGNlbnRyYWwK", "description": "Meshcentral support : parser and brute-force detection", "author": "a1ad", "labels": null, "parsers": [ "a1ad/meshcentral-logs" ], "scenarios": [ "a1ad/meshcentral-bf" ] }, "a1ad/mikrotik": { "path": "collections/a1ad/mikrotik.yml", "version": "0.2", "versions": { "0.1": { "digest": "04e0cdfcab4158d6067397b7592b6fecc89171e0eeac055557b17d26e3d8c00b", "deprecated": false }, "0.2": { "digest": "7def1e4c4f498ef43a22ef297c716013892f5b2cb201359e2d9336cc7d85f028", "deprecated": false } }, "long_description": "IyMgTWlrcm90aWsgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTWlrcm90aWtdKGh0dHBzOi8vbWlrcm90aWsuY29tLykgZmlyZXdhbGwgYWdhaW5zdCBwb3J0c2Nhbm5pbmcgYW5kIGJydXRlIGZvcmNlIGF0dGVtcHRzCi0gTWlrcm90aWsgcGFyc2VyCi0gTWlrcm90aWsgcG9ydHNjYW4gc2NlbmFyaW8KLSBNaWtyb3RpayBicnV0ZSBmb3JjZSBzY2VuYXJpbwoKWW91IG5lZWQgdG8gc2V0IHVwIGEgcmVtb3RlIHN5c2xvZyBzZXJ2ZXIuIFRoZXJlIGlzIG5vIGNyb3dkc2VjIGNsaWVudCBvbiB0aGUgTWlrcm90aWssIHNvIGxvZyBwYXJzaW5nIG5lZWRzIHRvIGJlIGRvbmUgb24gdGhlIHJzeXNsb2cgc2VydmVyLgpEbyBub3QgZm9yZ2V0IHRvIHNldCAiRmlyZXdhbGwiIGZsYWcgaW4gdGhlIHJlbW90ZSBsb2cgc2V0dGluZ3MgYW5kIGNyZWF0ZSBhIGRyb3AgcnVsZSB3aXRoIGxvZ2dpbmcgYWN0aXZlLgpGb3IgYnJ1dGUgZm9yY2UgZGV0ZWN0aW9uIHlvdSBuZWVkIHRvIHNldCB0aGUgImVycm9yIiBmbGFnLgoKQXMgYm91bmNlciB5b3UgY2FuIHVzZSB0aGUgW2NzLW1pa3JvdGlrLWJvdW5jZXJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvZnVua29sYWIvYm91bmNlcnMvY3MtbWlrcm90aWstYm91bmNlcikKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9yc3lzbG9nLzEwLjEwLjEwLjEvc3lzbG9nLmxvZwpsYWJlbHM6CiAgdHlwZTogbWlrcm90aWsKYGBgCg==", "content": "cGFyc2VyczoKICAtIGExYWQvbWlrcm90aWstbG9ncwpzY2VuYXJpb3M6CiAgLSBhMWFkL21pa3JvdGlrLXNjYW4tbXVsdGlfcG9ydHMKICAtIGExYWQvbWlrcm90aWstYmYKZGVzY3JpcHRpb246ICJNaWtyb3RpayBzdXBwb3J0OiBsb2dzLCBhdXRoIGFuZCBwb3J0LXNjYW5zIGRldGVjdGlvbiBzY2VuYXJpb3MiCmF1dGhvcjogYTFhZAp0YWdzOgogIC0gbWlrcm90aWsKICAtIHBvcnRzY2FuCiAgLSBicnV0ZSBmb3JjZQo=", "description": "Mikrotik support: logs, auth and port-scans detection scenarios", "author": "a1ad", "labels": null, "parsers": [ "a1ad/mikrotik-logs" ], "scenarios": [ "a1ad/mikrotik-scan-multi_ports", "a1ad/mikrotik-bf" ] }, "aidalinfo/couchdb": { "path": "collections/aidalinfo/couchdb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6fb50c70d3f6297ef796f52a6c0c733da6876c0fdea01d25bf87a910152c2f0a", "deprecated": false } }, "long_description": "IyBDb3VjaERCCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIFtDb3VjaERCXShodHRwczovL2NvdWNoZGIuYXBhY2hlLm9yZy8pLgoKIyMgRmVhdHVyZXMgOgoKICAgIC0gQ3Jhd2wgREIKICAgIC0gQnJ1dGVmb3JjZQogICAgLSBCcnV0ZWZvcmNlIG9uIHNwZWNpZmljIERCCgojIENvdWNoREIgQ29uZmlndXJhdGlvbgoKRW5hYmxlIGxvZ2dpbmcKCmBgYApbbG9nXQp3cml0ZXIgPSBmaWxlCmZpbGUgPSAvb3B0L2NvdWNoZGIvdmFyL2xvZy9jb3VjaC5sb2cKYGBgCiMjIEFjcXVpcyB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAtIC9wYXRoL3RvL2NvdWNoLmxvZwpsYWJlbHM6CiAgdHlwZTogY291Y2hkYgpgYGAK", "content": "I3RoZSBsaXN0IG9mIHBhcnNlcnMgaXQgY29udGFpbnMKcGFyc2VyczoKICAtIGFpZGFsaW5mby9jb3VjaGRiLWxvZ3MKc2NlbmFyaW9zOgogIC0gYWlkYWxpbmZvL2NvdWNoZGItYmYKICAtIGFpZGFsaW5mby9jb3VjaGRiLWNyYXdsCgpkZXNjcmlwdGlvbjogIkNvdWNoREIgcGFyc2VycyBhbmQgc2NlbmFyaW9zIGZvciBpbXByb3ZlIHlvdXIgc2VjdXJpdHkgISBNYWRlIHdpdGggPDMgYnkgQWlkYWxpbmZvIgphdXRob3I6IGFpZGFsaW5mbwp0YWdzOgogIC0gY291Y2hkYgo=", "description": "CouchDB parsers and scenarios for improve your security ! Made with \u003c3 by Aidalinfo", "author": "aidalinfo", "labels": null, "parsers": [ "aidalinfo/couchdb-logs" ], "scenarios": [ "aidalinfo/couchdb-bf", "aidalinfo/couchdb-crawl" ] }, "andreasbrett/baikal": { "path": "collections/andreasbrett/baikal.yml", "version": "0.1", "versions": { "0.1": { "digest": "cff4a56fbb40a4b6d7b8940d397728088090b3dfebb4e773abc0c895b5a724f0", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBhIFtCYWlrYWxdKGh0dHBzOi8vZ2l0aHViLmNvbS9zYWJyZS1pby9CYWlrYWwpIENhbERBVi9DYXJkREFWIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CgotICAgQmFpa2FsIHBhcnNlcgotICAgQmFpa2FsIGJydXRlZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAgICAtIC92YXIvbG9nL2h0dHBkL2Vycm9yLmxvZwpsYWJlbHM6CiAgICB0eXBlOiBCYWlrYWwKYGBgCg==", "content": "cGFyc2VyczoKICAgIC0gYW5kcmVhc2JyZXR0L2JhaWthbC1sb2dzCnNjZW5hcmlvczoKICAgIC0gYW5kcmVhc2JyZXR0L2JhaWthbC1iZgpkZXNjcmlwdGlvbjogIkJhaWthbCBzdXBwb3J0OiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBhbmRyZWFzYnJldHQKdGFnczoKICAgIC0gbGludXgKICAgIC0gYnJ1dGUtZm9yY2UKICAgIC0gYmFpa2FsCg==", "description": "Baikal support: parser and brute-force detection", "author": "andreasbrett", "labels": null, "parsers": [ "andreasbrett/baikal-logs" ], "scenarios": [ "andreasbrett/baikal-bf" ] }, "andreasbrett/paperless-ngx": { "path": "collections/andreasbrett/paperless-ngx.yml", "version": "0.1", "versions": { "0.1": { "digest": "ea3c8748bb3c1a0ba83d93cd3e93e18ce677407d3964e1e4b97d674507f33ef8", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBhIFtQYXBlcmxlc3Mtbmd4XShodHRwczovL2dpdGh1Yi5jb20vcGFwZXJsZXNzLW5neC9wYXBlcmxlc3Mtbmd4KSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgoKLSAgIFBhcGVybGVzcy1uZ3ggcGFyc2VyCi0gICBQYXBlcmxlc3Mtbmd4IGJydXRlZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAgICAtIC92YXIvbG9nL3BhcGVybGVzcy5sb2cKbGFiZWxzOgogICAgdHlwZTogUGFwZXJsZXNzLW5neApgYGAK", "content": "cGFyc2VyczoKICAgIC0gYW5kcmVhc2JyZXR0L3BhcGVybGVzcy1uZ3gtbG9ncwpzY2VuYXJpb3M6CiAgICAtIGFuZHJlYXNicmV0dC9wYXBlcmxlc3Mtbmd4LWJmCmRlc2NyaXB0aW9uOiAiUGFwZXJsZXNzLW5neCBzdXBwb3J0OiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBhbmRyZWFzYnJldHQKdGFnczoKICAgIC0gbGludXgKICAgIC0gYnJ1dGUtZm9yY2UKICAgIC0gcGFwZXJsZXNzLW5neAo=", "description": "Paperless-ngx support: parser and brute-force detection", "author": "andreasbrett", "labels": null, "parsers": [ "andreasbrett/paperless-ngx-logs" ], "scenarios": [ "andreasbrett/paperless-ngx-bf" ] }, "andreasbrett/webmin": { "path": "collections/andreasbrett/webmin.yml", "version": "0.1", "versions": { "0.1": { "digest": "6224508886b13ff1c68c31faa7cc28ecd27ce7301b8f7089743c3f5d15bd73a2", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBhIFtXZWJtaW5dKGh0dHBzOi8vZ2l0aHViLmNvbS93ZWJtaW4vd2VibWluKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgoKLSAgIFdlYm1pbiBwYXJzZXIKLSAgIFdlYm1pbiBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogICAgLSAvdmFyL3dlYm1pbi93ZWJtaW4ubG9nCmxhYmVsczoKICAgIHR5cGU6IFdlYm1pbgpgYGAK", "content": "cGFyc2VyczoKICAgIC0gYW5kcmVhc2JyZXR0L3dlYm1pbi1sb2dzCnNjZW5hcmlvczoKICAgIC0gYW5kcmVhc2JyZXR0L3dlYm1pbi1iZgpkZXNjcmlwdGlvbjogIldlYm1pbiBzdXBwb3J0OiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBhbmRyZWFzYnJldHQKdGFnczoKICAgIC0gbGludXgKICAgIC0gYnJ1dGUtZm9yY2UKICAgIC0gd2VibWluCg==", "description": "Webmin support: parser and brute-force detection", "author": "andreasbrett", "labels": null, "parsers": [ "andreasbrett/webmin-logs" ], "scenarios": [ "andreasbrett/webmin-bf" ] }, "baudneo/gotify": { "path": "collections/baudneo/gotify.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9d3c0d0e2271d560f5aa45601cca9dd1d4f5722e7f1ca8198f21acc1231bca34", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIEdvdGlmeSBzZXJ2ZXIu", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGJhdWRuZW8vZ290aWZ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gYmF1ZG5lby9nb3RpZnktYmYKZGVzY3JpcHRpb246ICJHb3RpZnkgYnJ1dGVmb3JjZSBsb2dpbiBwcm90ZWN0aW9uIgphdXRob3I6IGJhdWRuZW8KdGFnczoKICAtIEdvdGlmeQogIC0gYnJ1dGVmb3JjZQo=", "description": "Gotify bruteforce login protection", "author": "baudneo", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "baudneo/gotify-logs" ], "scenarios": [ "baudneo/gotify-bf" ] }, "baudneo/zoneminder": { "path": "collections/baudneo/zoneminder.yaml", "version": "0.2", "versions": { "0.1": { "digest": "2ea1b2b8b5b7f1f6fe3c23300c08f0e6df8afea45ad94cb4cf6af36cdf489174", "deprecated": false }, "0.2": { "digest": "a1f88aaab3a31ad0b469f80dc7ff1c12bbc3d0e8d3f1a2c4d7be218ab725e951", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBicnV0ZWZvcmNlIGxvZ2lucyBhbmQgdXNlciBlbnVtZXJhdGlvbiBvbiBab25lTWluZGVyLgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGJhdWRuZW8vem9uZW1pbmRlci1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKc2NlbmFyaW9zOgogIC0gYmF1ZG5lby96b25lbWluZGVyLWJmCmNvbGxlY3Rpb25zOgogIC0gYmF1ZG5lby96b25lbWluZGVyX2h0dHAtY3ZlCmRlc2NyaXB0aW9uOiAiWm9uZU1pbmRlciBicnV0ZWZvcmNlIGxvZ2luLCB1c2VyIGVudW0gYW5kIGN2ZSAgcHJvdGVjdGlvbiIKYXV0aG9yOiBiYXVkbmVvCnRhZ3M6CiAgLSBab25lTWluZGVyCiAgLSBicnV0ZWZvcmNlCg==", "description": "ZoneMinder bruteforce login, user enum and cve protection", "author": "baudneo", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "baudneo/zoneminder-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "baudneo/zoneminder-bf" ], "collections": [ "baudneo/zoneminder_http-cve" ] }, "baudneo/zoneminder_http-cve": { "path": "collections/baudneo/zoneminder_http-cve.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0c4bc2952784bd9cc0f2a9590fa6f60124fbeaf1f3c04f603ee8b53adeef8c4a", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBIVFRQIGJhc2VkIENWRXMgb24gWm9uZU1pbmRlci4K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKc2NlbmFyaW9zOgogIC0gYmF1ZG5lby96b25lbWluZGVyX2N2ZS0yMDIyLTM5Mjg1CiAgLSBiYXVkbmVvL3pvbmVtaW5kZXJfY3ZlLTIwMjItMzkyOTAKICAtIGJhdWRuZW8vem9uZW1pbmRlcl9jdmUtMjAyMi0zOTI5MQpkZXNjcmlwdGlvbjogIlpvbmVNaW5kZXIgQ1ZFIHByb3RlY3Rpb24iCmF1dGhvcjogYmF1ZG5lbwp0YWdzOgogIC0gWm9uZU1pbmRlcgogIC0gQ1ZFLTIwMjItMzkyOTAK", "description": "ZoneMinder CVE protection", "author": "baudneo", "labels": null, "parsers": [ "crowdsecurity/apache2-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "baudneo/zoneminder_cve-2022-39285", "baudneo/zoneminder_cve-2022-39290", "baudneo/zoneminder_cve-2022-39291" ] }, "corvese/apache-guacamole": { "path": "collections/corvese/apache-guacamole.yaml", "version": "0.1", "versions": { "0.1": { "digest": "eec539fc4d01c275a0777aa0e41578fc1480f79e8b23c97e695c9ff1a855dd5c", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQXBhY2hlIEd1YWNhbW9sZV0oaHR0cHM6Ly9ndWFjYW1vbGUuYXBhY2hlLm9yZy8pIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MKCkluY2x1ZGVzOiAKIC0gQXBhY2hlIEd1YWNhbW9sZSBwYXJzZXIKIC0gQXBhY2hlIEd1YWNhbW9sZSBicnV0ZWZvcmNlICYgdXNlciBlbnVtZXJhdGlvbiBkZXRlY3Rpb24gc2NlbmFyaW9zCgpTZWUgdGhlIGFwYWNoZS1ndWFjYW1vbGUtbG9ncyBwYXJzZXIgZG9jdW1lbnRhdGlvbiBmb3IgY29uZmlndXJhdGlvbiBpbnN0cnVjdGlvbnM=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNvcnZlc2UvYXBhY2hlLWd1YWNhbW9sZS1sb2dzCnNjZW5hcmlvczoKICAtIGNvcnZlc2UvYXBhY2hlLWd1YWNhbW9sZV9iZgogIC0gY29ydmVzZS9hcGFjaGUtZ3VhY2Ftb2xlX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogIkFwYWNoZSBHdWFjYW1vbGUgYnJ1dGVmb3JjZSBsb2dpbiBwcm90ZWN0aW9uIgphdXRob3I6IGNvcnZlc2UKdGFnczoKICAtIEFwYWNoZUd1YWNhbW9sZQogIC0gYnJ1dGVmb3JjZQ==", "description": "Apache Guacamole bruteforce login protection", "author": "corvese", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "corvese/apache-guacamole-logs" ], "scenarios": [ "corvese/apache-guacamole_bf", "corvese/apache-guacamole_user_enum" ] }, "crowdsecurity/amavis": { "path": "collections/crowdsecurity/amavis.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cbb1f1e1029d6b8d08023f5332f430942079a00fde8fa65b14ca18c1c8194ff6", "deprecated": false } }, "long_description": "IyMgQW1hdmlzIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgW0FtYXZpc10oaHR0cHM6Ly9hbWF2aXMub3JnLykgOgogLSBhbWF2aXMgcGFyc2VyCiAtIGJhc2Ugc2NlbmFyaW8gdG8gYmFuIElQcyBzZW5kaW5nIGluZmVjdGVkIGVtYWlscwoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6Cgo+IEZpbGUgYmFzZWQKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9hbWF2aXMubG9nCiAgLSAvdmFyL2xvZy9tYWlsbG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCgo+IEpvdXJuYWxjdGwgYmFzZWQKYGBgeWFtbAotLS0Kc291cmNlOiBqb3VybmFsY3RsCmpvdXJuYWxjdGxfZmlsdGVyOgogIC0gIlNZU0xPR19JREVOVElGSUVSPWFtYXZpcyIKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYW1hdmlzLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hbWF2aXMtYmxvY2tlZApkZXNjcmlwdGlvbjogImFtYXZpcyBzdXBwb3J0IDogcGFyc2VyIGFuZCBibG9ja2luZyBzY2VuYXJpbyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBjbGFtYXYKICAtIGFtYXZpcwogIC0gbWFpbAo=", "description": "amavis support : parser and blocking scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/amavis-logs", "crowdsecurity/syslog-logs" ], "scenarios": [ "crowdsecurity/amavis-blocked" ] }, "crowdsecurity/apache2": { "path": "collections/crowdsecurity/apache2.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3601f38e187479724e830e0182f51468c980f661e6eedc6d2e586f622e3b48ea", "deprecated": false } }, "long_description": "IyMgQXBhY2hlMiBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIGFwYWNoZTIgOgogLSBhcGFjaGUyIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIGZvciBjcmF3bCwgc2NhbiBldGMuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXBhY2hlMi8qLmxvZwogIC0gL3Zhci9sb2cvKmh0dHBkKi5sb2cKICAtIC92YXIvbG9nL2h0dHBkLypsb2cKbGFiZWxzOgogIHR5cGU6IGFwYWNoZTIKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiYXBhY2hlMiBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zICIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYXBhY2hlMgogIC0gY3Jhd2wKICAtIHNjYW4KCg==", "description": "apache2 support : parser and generic http scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/apache2-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/apiscp": { "path": "collections/crowdsecurity/apiscp.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0d5b10b1ab997a9826b657dfa145799904c7f340c38b0db0855f24900900408a", "deprecated": false } }, "long_description": "IyMgQXBpc0NQIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgQXBpc0NQIDoKIC0gQXBhY2hlIGxvZyBwYXJzZXIgZm9yIGFwaXNDUCBhbmQgaHR0cGQgYWNjZXNzX2xvZwogLSBTY2VuYXJpbyB0byBkZXRlY3QgYnJ1dGVmb3JjZSBvbiBBcGlzQ1AgYWRtaW4gcGFnZQogLSBDb2xsZWN0aW9ucyBmb3Igc3VwcG9ydGVkIHNlcnZpY2VzOgogICAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZTIKICAgIC0gY3Jvd2RzZWN1cml0eS9kb3ZlY290CiAgICAtIGNyb3dkc2VjdXJpdHkvaGFwcm94eQogICAgLSBjcm93ZHNlY3VyaXR5L215c3FsCiAgICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeAogICAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsCiAgICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC91c3IvbG9jYWwvYXBuc2NwL3N0b3JhZ2UvbG9ncy9hY2Nlc3NfbG9nCiAgLSAvdXNyL2xvY2FsL2FwbnNjcC9zdG9yYWdlL2xvZ3MvZXJyb3JfbG9nCmxhYmVsczoKICB0eXBlOiBhcGFjaGUyCi0tLQpmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9wZ3NxbC8qLmxvZwpsYWJlbHM6CiAgdHlwZTogcG9zdGdyZXMKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL21haWxsb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwotLS0KZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbXlzcWxkLmxvZwpsYWJlbHM6CiAgdHlwZTogbXlzcWwKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL3ZzZnRwZC5sb2cKbGFiZWxzOgogIHR5cGU6IHZzZnRwZApgYGAKCllvdSBjYW4gYWxzbyBtb25pdG9yIGFsbCB0aGUgY3JlYXRlZCBgTmV4dXNgIGJ5IHJlcGxhY2luZyBgL3Zhci9sb2cvYCBieSBgL2hvbWUvdmlydHVhbC88c2l0ZV9uYW1lPi92YXIvbG9nL2AuCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCgo=", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWFwaXNjcC1iZgpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMgogIC0gY3Jvd2RzZWN1cml0eS9kb3ZlY290CiAgLSBjcm93ZHNlY3VyaXR5L2hhcHJveHkKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeAogIC0gY3Jvd2RzZWN1cml0eS9wZ3NxbAogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQKZGVzY3JpcHRpb246ICJhcGlzQ1Agc3VwcG9ydCA6IGNvbGxlY3Rpb25zIGZvciBzZXJ2aWNlcyBzdXBwb3J0ZWQgYnkgYXBpc0NQICsgYXBpc0NQIGFkbWluIHBhZ2UgcGFyc2VyL3NjZW5hcmlvIGJydXRlZm9yY2UiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gYXBpc2NwCgo=", "description": "apisCP support : collections for services supported by apisCP + apisCP admin page parser/scenario bruteforce", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-apiscp-bf" ], "collections": [ "crowdsecurity/apache2", "crowdsecurity/dovecot", "crowdsecurity/haproxy", "crowdsecurity/mysql", "crowdsecurity/postfix", "crowdsecurity/pgsql", "crowdsecurity/vsftpd" ] }, "crowdsecurity/appsec-crs": { "path": "collections/crowdsecurity/appsec-crs.yaml", "version": "0.4", "versions": { "0.1": { "digest": "61d5e358aa86b872300e540be39b066c278567c4948bb74d4e4f339bbb126154", "deprecated": false }, "0.2": { "digest": "a9f36fac18d19edcb0c3a2a4ff3d58570fc407ac39fb9447e9dac7510184fd47", "deprecated": false }, "0.3": { "digest": "7f56cb3fa217f983d1648e6aea36d399be444e09046c0b5b23e7eb55480eaf89", "deprecated": false }, "0.4": { "digest": "a9f36fac18d19edcb0c3a2a4ff3d58570fc407ac39fb9447e9dac7510184fd47", "deprecated": false } }, "long_description": "IyBNb2RTZWN1cml0eSBDUlMKCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjLWxvZ3MKYXBwc2VjLWNvbmZpZ3M6CiAgLSBjcm93ZHNlY3VyaXR5L2NycwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2NycwpkZXNjcmlwdGlvbjogIkFwcHNlYzogTW9kc2VjdXJpdHkgY29yZSBydWxlIHNldCBydWxlcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gaHR0cAogIC0gYXBwc2VjCiAgLSBtb2RzZWN1cml0eQo=", "description": "Appsec: Modsecurity core rule set rules", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/appsec-logs" ], "appsec-rules": [ "crowdsecurity/crs" ], "appsec-configs": [ "crowdsecurity/crs" ] }, "crowdsecurity/appsec-generic-rules": { "path": "collections/crowdsecurity/appsec-generic-rules.yaml", "version": "0.4", "versions": { "0.1": { "digest": "f538ca65415d016977a2ed77939df0cecdea212bb16c3e1c22f1df0b1ec2775b", "deprecated": false }, "0.2": { "digest": "16e54590169a4094bd679c607d8714fe97984e86529448cf61975fe6c270be05", "deprecated": false }, "0.3": { "digest": "54c64c526b187a93140bbb8abf9b25b3c3f8028117fcd9859749d86808f2f2af", "deprecated": false }, "0.4": { "digest": "e985557ce1bcf99fcf4c7360bdc1085628a894880b1e0860bedd6426eb2e05b1", "deprecated": false } }, "long_description": "IyBBcHBTZWMgR2VuZXJpYyBSdWxlcwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIGdlbmVyaWMgc2NlbmFyaW9zIGZvciBhcHBzZWMuIFRoZXNlIGdlbmVyaWMgcnVsZXMgdHJ5IHRvIGRldGVjdCBhdHRhY2sgdmVjdG9ycyB0aGF0IG1pZ2h0IGJlIHVzZWQgdG8gZXhwbG9pdCBuZXdseSBkaXNjb3ZlcmVkIHZ1bG5lcmFiaWxpdGllcy4gRm9yIGluc3RhbmNlLCBhIHNjZW5hcmlvIGNvdWxkIGxvb2sgZm9yIGNhbGxzIHN1Y2ggYXMgYGNhdCAvZXRjL3Bhc3N3ZGAuIFRoZSBnb2FsIG9mIHRoaXMgY29sbGVjdGlvbiBpcyB0byBwcm92aWRlIHNvbWUgbGV2ZWwgb2YgcHJvdGVjdGlvbiBpbiBjYXNlcyB3aGVyZSBhIHNjZW5hcmlvIGZvciB0aGUgc3BlY2lmaWMgdnVsbmVyYWJpbGl0eSBpcyBhYnNlbnQu", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtZ2VuZXJpYy1ydWxlcwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtY29uZmlnCiAgLSBjcm93ZHNlY3VyaXR5L2dlbmVyaWMtZnJlZW1hcmtlci1zc3RpCmFwcHNlYy1jb25maWdzOgogIC0gY3Jvd2RzZWN1cml0eS9nZW5lcmljLXJ1bGVzCiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1kZWZhdWx0CnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZwYXRjaApkZXNjcmlwdGlvbjogIkEgY29sbGVjdGlvbiBvZiBnZW5lcmljIGF0dGFjayB2ZWN0b3JzIGZvciBhZGRpdGlvbmFsIHByb3RlY3Rpb24uIgphdXRob3I6IGNyb3dkc2VjdXJpdHk=", "description": "A collection of generic attack vectors for additional protection.", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/appsec-logs" ], "scenarios": [ "crowdsecurity/appsec-vpatch" ], "appsec-rules": [ "crowdsecurity/base-config", "crowdsecurity/generic-freemarker-ssti" ], "appsec-configs": [ "crowdsecurity/generic-rules", "crowdsecurity/appsec-default" ] }, "crowdsecurity/appsec-virtual-patching": { "path": "collections/crowdsecurity/appsec-virtual-patching.yaml", "version": "2.4", "versions": { "0.1": { "digest": "a165d638c8d826a932e4ca4e70ec5379d558a0bee1356e871c7c92cc2df714fc", "deprecated": false }, "0.2": { "digest": "4bacd3307cc84a5498d0939c83df3eccf40f430d4eedbdc1f7e7ae1fb8b71676", "deprecated": false }, "0.3": { "digest": "28962f063f10702629018df810167378d8250185ab8d64f4f5d1454b14dd1d4f", "deprecated": false }, "0.4": { "digest": "669b4be106d8d3e7754eeafba093db2228f2750dc399d8d9a41c3bb8256712fb", "deprecated": false }, "0.5": { "digest": "b15a1c03f30928de35d1744f77a32dd4efe06517a9d14a640c13035124922a20", "deprecated": false }, "0.6": { "digest": "9ef6be9953b564972004433adab368203163324bc71f236e0589b567b7c8f97b", "deprecated": false }, "0.7": { "digest": "129a0eed7b8997130d904d6fbf1ba165927c17075b9c541eeb4cb150c6540fa4", "deprecated": false }, "0.8": { "digest": "c01f361d48f93381b296a9c528992adee4637df7e161881ba8f41752cea70abd", "deprecated": false }, "0.9": { "digest": "9dd886832f31bace922431d965094f1c1b38320ea0a84c1badc4a9e895a630d9", "deprecated": false }, "1.0": { "digest": "da6cc931742c52dd5594b7b30cc9f8a0c974d1d3edbfd778c1919d7212ed9693", "deprecated": false }, "1.1": { "digest": "4d3d9a150db5cd5735c794c5031858e62bdac6d2db7515cf3562860af448ddfd", "deprecated": false }, "1.2": { "digest": "3867ac305d5120a69e41b00ec6176702b5d28a99086b7bab3b43ae84ce7b9f0f", "deprecated": false }, "1.3": { "digest": "f255eae826b30e3f55b2abd06fad49a20eb3c7f479a557bb140d5894703eef4d", "deprecated": false }, "1.4": { "digest": "8340b80826f3265925d371ea3c1fb714fc44d0effacf8f61939a52284edead40", "deprecated": false }, "1.5": { "digest": "eef32a81c61cdd4527beca1d6e97aa0d6263ed19766aa6dfdbc68862a42d0844", "deprecated": false }, "1.6": { "digest": "2519bff9f2587cc4978ee747ad7bc5abff0df3cb196c79eee5061bc8bf76ce93", "deprecated": false }, "1.7": { "digest": "acea1f3ced4acc7073d8976ecb61fa60add9716deb267776a03b097f4cf2d7da", "deprecated": false }, "1.8": { "digest": "2b370a30949b679cf0fff192026a8f0155b88c79d4a81a642620b29f4090bf1c", "deprecated": false }, "1.9": { "digest": "e3756e1e6a6767094855fd5a333933ca3018b9ad91088b3e4aa2acfc50857f21", "deprecated": false }, "2.0": { "digest": "c09ee7339dbed0c05974f8ef4d04770f31e7898aef1438a73f29cffb364f5fe1", "deprecated": false }, "2.1": { "digest": "fc1ef8a2e1323bce88166aa776062c6aa25b22da058200d60d541209fdd82157", "deprecated": false }, "2.2": { "digest": "ca70bd5441148709346929b7a8ccb9a5e9cbd7a4d5756991a9c6e6fa99245cec", "deprecated": false }, "2.3": { "digest": "51a32651bd5fe6642a0e7a26930ecebadb72625088c611e4b12582fdfc8536b0", "deprecated": false }, "2.4": { "digest": "b95e84a811b4f1bfcb342d7627fbacb259a995bddd553d3acbfc2851fcbdfe8f", "deprecated": false } }, "long_description": "IyBBcHBTZWMgVmlydHVhbCBQYXRjaGluZwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIHZpcnR1YWwgcGF0Y2hpbmcgZm9yIGNvbW1vbmx5IGV4cGxvaXRlZCB2dWxuZXJhYmlsaXRpZXMsIGFuZCBpcyBpbnNwaXJlZCBieSB0aGUgW0NJU0EgS25vd24gRXhwbG9pdGVkIFZ1bG5lcmFiaWxpdGllcyBDYXRhbG9nXShodHRwczovL3d3dy5jaXNhLmdvdi9rbm93bi1leHBsb2l0ZWQtdnVsbmVyYWJpbGl0aWVzLWNhdGFsb2cpLiBUaGUgZ29hbCBpcyB0byBwcm92aWRlIHZpcnR1YWwgcGF0Y2hpbmcgY2FwYWJpbGl0aWVzIGZvciB0aGUgbW9zdCBvZnRlbiBleHBsb2l0ZWQgdnVsbmVyYWJpbGl0aWVzLCBhdm9pZGluZyBmYWxzZSBwb3NpdGl2ZXMgd2hpbGUgY2F0Y2hpbmcgcGVvcGxlIHNjb3V0aW5nIHlvdXIgYXBwbGljYXRpb25zIGZvciBqdWljeSB2dWxuZXJhYmlsaXRpZXMuCg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtY29uZmlnCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1lbnYtYWNjZXNzCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi0zNTkxNAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMjUxNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTE5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00Mjc5MwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM4MjA1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yNDQ4OQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEyOTg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTA1NjIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTY1NTMKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEwMDMwMzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTY1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDkwNzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWxhcmF2ZWwtZGVidWctbW9kZQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIwLTE3NDk2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0xMzg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00NjgwNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjM4OTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA3OAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwODIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0xMjEyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1zeW1mb255LXByb2ZpbGVyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjIwMjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MTk4CmFwcHNlYy1jb25maWdzOgogIC0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1kZWZhdWx0CnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZwYXRjaApkZXNjcmlwdGlvbjogImEgZ2VuZXJpYyB2aXJ0dWFsIHBhdGNoaW5nIGNvbGxlY3Rpb24sIHN1aXRhYmxlIGZvciBtb3N0IHdlYiBzZXJ2ZXJzLiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5Cg==", "description": "a generic virtual patching collection, suitable for most web servers.", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/appsec-logs" ], "scenarios": [ "crowdsecurity/appsec-vpatch" ], "appsec-rules": [ "crowdsecurity/base-config", "crowdsecurity/vpatch-env-access", "crowdsecurity/vpatch-CVE-2023-40044", "crowdsecurity/vpatch-CVE-2017-9841", "crowdsecurity/vpatch-CVE-2020-11738", "crowdsecurity/vpatch-CVE-2022-27926", "crowdsecurity/vpatch-CVE-2022-35914", "crowdsecurity/vpatch-CVE-2022-46169", "crowdsecurity/vpatch-CVE-2023-20198", "crowdsecurity/vpatch-CVE-2023-22515", "crowdsecurity/vpatch-CVE-2023-33617", "crowdsecurity/vpatch-CVE-2023-34362", "crowdsecurity/vpatch-CVE-2023-3519", "crowdsecurity/vpatch-CVE-2023-42793", "crowdsecurity/vpatch-CVE-2023-50164", "crowdsecurity/vpatch-CVE-2023-38205", "crowdsecurity/vpatch-CVE-2023-24489", "crowdsecurity/vpatch-CVE-2021-3129", "crowdsecurity/vpatch-CVE-2021-22941", "crowdsecurity/vpatch-CVE-2019-12989", "crowdsecurity/vpatch-CVE-2022-44877", "crowdsecurity/vpatch-CVE-2018-10562", "crowdsecurity/vpatch-CVE-2023-6553", "crowdsecurity/vpatch-CVE-2018-1000861", "crowdsecurity/vpatch-CVE-2019-1003030", "crowdsecurity/vpatch-CVE-2022-22965", "crowdsecurity/vpatch-CVE-2023-23752", "crowdsecurity/vpatch-CVE-2023-49070", "crowdsecurity/vpatch-laravel-debug-mode", "crowdsecurity/vpatch-CVE-2023-28121", "crowdsecurity/vpatch-CVE-2020-17496", "crowdsecurity/vpatch-CVE-2023-1389", "crowdsecurity/vpatch-CVE-2023-7028", "crowdsecurity/vpatch-CVE-2023-46805", "crowdsecurity/vpatch-CVE-2024-23897", "crowdsecurity/vpatch-CVE-2023-22527", "crowdsecurity/vpatch-CVE-2023-35078", "crowdsecurity/vpatch-CVE-2023-35082", "crowdsecurity/vpatch-CVE-2022-22954", "crowdsecurity/vpatch-CVE-2024-1212", "crowdsecurity/vpatch-symfony-profiler", "crowdsecurity/vpatch-connectwise-auth-bypass", "crowdsecurity/vpatch-CVE-2024-22024", "crowdsecurity/vpatch-CVE-2024-27198" ], "appsec-configs": [ "crowdsecurity/virtual-patching", "crowdsecurity/appsec-default" ] }, "crowdsecurity/asterisk": { "path": "collections/crowdsecurity/asterisk.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4dcfaad1205510572bc715811b4f70a4ab12ad2a54a7ceac202ce9f2517502cd", "deprecated": false } }, "long_description": "IyMgQXN0ZXJpc2sgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBhc3RlcmlzayA6CiAtIGFzdGVyaXNrIGxvZyBwYXJzZXIKIC0gYXN0ZXJpc2sgdXNlciBlbnVtZXJhdGlvbiBzY2VuYXJpbwogLSBhc3RlcmlzayBicnV0ZWZvcmNlIHNjZW5hcmlvCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2FzdGVyaXNrLyoubG9nCmxhYmVsczoKICB0eXBlOiBhc3RlcmlzawpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24KCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXN0ZXJpc2stbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2FzdGVyaXNrX2JmCiAgLSBjcm93ZHNlY3VyaXR5L2FzdGVyaXNrX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogImFzdGVyaXNrIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlZm9yY2UvdXNlciBlbnVtZXJhdGlvbiBzY2VuYXJpb3MgIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGFzdGVyaXNrCiAgLSBicnV0ZWZvcmNlCgo=", "description": "asterisk support : parser and bruteforce/user enumeration scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/asterisk-logs" ], "scenarios": [ "crowdsecurity/asterisk_bf", "crowdsecurity/asterisk_user_enum" ] }, "crowdsecurity/auditd": { "path": "collections/crowdsecurity/auditd.yaml", "version": "0.6", "versions": { "0.1": { "digest": "784496b8295720e314a9a5da7bbc6645605781a4cb46595ebb4c04b158468768", "deprecated": false }, "0.2": { "digest": "b102e29804978190bc98a8c1b9240d3818c8f951d6878038855df2105aacb371", "deprecated": false }, "0.3": { "digest": "f2f94b96a57723a8017ef35c1ded8f56458b0c6bd4ace3da3e26e4f88b6fa439", "deprecated": false }, "0.4": { "digest": "13671c6d74df80a651e3f8d3e5a637950bfa54c2efcf444692d2d6b0e10d4011", "deprecated": false }, "0.5": { "digest": "f0e852bed7179bd9e82595036714e49ec124d199d3dac02b20fe44c9aa1fdc92", "deprecated": false }, "0.6": { "digest": "22934d51878ef76b5cece7d8af7788803d9c735f9f4a1926e1beaac56259f5f6", "deprecated": false } }, "long_description": "Ondhcm5pbmc6IFRoaXMgdmVyc2lvbiByZXF1aXJlcyBjcm93ZHNlYyB2ZXJzaW9uID49IDEuNSA6d2FybmluZzoKCiMjIEF1ZGl0ZCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIGF1ZGl0ZDoKIC0gYXVkaXRkIGxvZyBwYXJzZXIKIC0gcG9zdCBleHBsb2l0YXRpb24gYmVoYXZpb3IgZGV0ZWN0aW9uCgojIyMgQmFja2Rvb3IgaW5pdGlhbCBleGVjdXRpb24gZGV0ZWN0aW9uCgogLSBkZXRlY3QgYSBwcm9jZXNzIGNhbGxpbmcgYHdnZXRgL2BjdXJsYCBhbmQgZXhlY3V0aW5nIHRoZSBkb3dubG9hZCBzY3JpcHQvYmluYXJ5IHZlcnkgcXVpY2tseSBhZnRlcgogLSBkZXRlY3QgaW52b2NhdGlvbiBvZiBvYmZ1c2NhdGVkIHBheWxvYWRzIChpZS4gYGJhc2U2NCBkZWNvZGUgfCBpbnRlcnByZXRlcmApCiAtIGRldGVjdCBpbnZvY2F0aW9uIG9mIHNjcmlwdHMvYmluYXJpZXMgZnJvbSBoaWRkZW4gZGlyZWN0b3JpZXMKCiAtIGRldGVjdCBiYWNrZG9vcnMgdHJ5aW5nIHRvICJraWxsIGNvbXBldGl0b3JzIiA6CiAgIC0gcmVwZWF0ZWQvZmFzdCBpbnZva2F0aW9uIG9mIGBybWAgCiAgIC0gcmVwZWF0ZWQvZmFzdCBpbnZva2F0aW9uIG9mIGBraWxsYCAvIGBwa2lsbGAKCiMjIyBMb2NhbCBleHBsb2l0YXRpb24KCiAtIGRldGVjdCBhIHJvb3Qgc3VpZCBiaW5hcnkgdGhhdCBjcmFzaGVzIHNvb24gYWZ0ZXIgc3RhcnR1cCB3aXRoIGEgU0lHU0VHViwgU0lHQUJSVCwgU0lHQlVTIG9yIFNJR1RSQVAuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXVkaXQvKi5sb2cKbGFiZWxzOgogIHR5cGU6IGF1ZGl0ZApgYGAKCiMjIFdhcm5pbmcKClRoZSBzY2VuYXJpbydzIGVmZmVjdGl2ZW5lc3MgcmVsaWVzIG9uIHlvdXIgYGF1ZGl0ZGAgY29uZmlndXJhdGlvbiBsb2dnaW5nIEVYRUNWRSA6CgpgYGBiYXNoCmF1ZGl0Y3RsIC1hIGV4aXQsYWx3YXlzIC1GIGFyY2g9YjY0IC1TIGV4ZWN2ZQphdWRpdGN0bCAtYSBleGl0LGFsd2F5cyAtRiBhcmNoPWIzMiAtUyBleGVjdmUKYGBgCgpBcyBhbiBleGFtcGxlLCB5b3UgY2FucmVzdHJpY3QgaXQgdG8gYSBzcGVjaWZpYyB1aWQgKGllIGAtRiBldWlkPTMzYCkgaWYgeW91IHdhbnQgdG8gbW9uaXRvciBvbmx5IHlvdXIgd2ViIHNlcnZlci4KCkFzIGFuIGV4YW1wbGUsIHNlZSBbRmxvcmlhbiBSb3RoJ3MgZXhhbXBsZSBhdWRpdGQgY29uZmlnXShodHRwczovL2dpdGh1Yi5jb20vTmVvMjN4MC9hdWRpdGQvYmxvYi9tYXN0ZXIvYXVkaXQucnVsZXMpLgoKIyMgTm90aWZpY2F0aW9uIHRlbXBsYXRlCgpUbyBoYXZlIG5pY2UtbG9va2luZyBub3RpZmljYXRpb25zIG9uIGF1ZGl0ZCBhbGVydHMsIHlvdSBjYW4gdXNlIHRoZSBmb2xsb3dpbmcgZm9ybWF0IHRlbXBsYXRlOgoKYGBgeWFtbApmb3JtYXQ6IHwKICB7eyByYW5nZSAuIC19fQogIHt7JGFsZXJ0IDo9IC4gfX0KICAqe3skYWxlcnQuU2NlbmFyaW99fSoKICB7eyByYW5nZSAuRXZlbnRzIH19CiAgYHt7LkdldE1ldGEgImV4ZSJ9fWAgaW52b2tlZCBieSBwYXJlbnQgcHJvY2VzcyBge3suR2V0TWV0YSAicGFyZW50X3Byb2duYW1lIn19YCAodWlkPXt7LkdldE1ldGEgInVpZCJ9fSkKICB7eyBlbmQgLX19CiAge3stIGVuZCB9fQpgYGAKCllvdSBzaG91bGRuJ3QgdXNlIGFuIGV4aXN0aW5nIG5vdGlmaWNhdGlvbiB0ZW1wbGF0ZSwgYXMgaXQgd2lsbCBub3QgZGlzcGxheSB0aGUgZnVsbCBpbmZvcm1hdGlvbiBhcyBpdCBpcyB0YWlsb3JlZCB0byBJUCBiYXNlIGFsZXJ0cy4KCk9uY2UgeW91IGhhdmUgc2V0dXAgeW91ciBub3RpZmljYXRpb24gdGVtcGxhdGUsIHlvdSAqKk1VU1QqKiBhZGQgYSBwcm9maWxlIHRvIGVpdGhlciBgcHJvZmlsZXMueWFtbGAgb3IgYHByb2ZpbGVzLnlhbWwubG9jYWxgCgpgYGB5YW1sCm5hbWU6IHBpZF9hbGVydApmaWx0ZXJzOgogLSBBbGVydC5HZXRTY29wZSgpID09ICJwaWQiCmRlY2lzaW9uczogW10Kbm90aWZpY2F0aW9uczoKICAtIHNsYWNrX2RlZmF1bHQKIyMgUGxlYXNlIGVkaXQgdGhlIGFib3ZlIGxpbmUgdG8gbWF0Y2ggeW91ciBub3RpZmljYXRpb24gbmFtZQpvbl9zdWNjZXNzOiBicmVhawotLS0KYGBg", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXVkaXRkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hdWRpdGQtcG9zdGV4cGxvaXQtcm0KICAtIGNyb3dkc2VjdXJpdHkvYXVkaXRkLXBvc3RleHBsb2l0LXBraWxsCiAgLSBjcm93ZHNlY3VyaXR5L2F1ZGl0ZC1wb3N0ZXhwbG9pdC1leGVjLWZyb20tbmV0CiAgLSBjcm93ZHNlY3VyaXR5L2F1ZGl0ZC1zdXMtZXhlYwogIC0gY3Jvd2RzZWN1cml0eS9hdWRpdGQtYmFzZTY0LWV4ZWMtYmVoYXZpb3IKICAtIGNyb3dkc2VjdXJpdHkvYXVkaXRkLXN1aWQtY3Jhc2gKcG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvYXVkaXRkLXdoaXRlbGlzdGVkLXByb2Nlc3MKZGVzY3JpcHRpb246ICJhdWRpdGQgc3VwcG9ydCA6IHBhcnNlcnMgYW5kIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBhdWRpdGQKICAtIGNvbXBsaWFuY2UKICAtIHBvc3RleHBsb2l0YXRpb24KCgo=", "description": "auditd support : parsers and scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/auditd-logs" ], "postoverflows": [ "crowdsecurity/auditd-whitelisted-process" ], "scenarios": [ "crowdsecurity/auditd-postexploit-rm", "crowdsecurity/auditd-postexploit-pkill", "crowdsecurity/auditd-postexploit-exec-from-net", "crowdsecurity/auditd-sus-exec", "crowdsecurity/auditd-base64-exec-behavior", "crowdsecurity/auditd-suid-crash" ] }, "crowdsecurity/aws-cis-benchmark": { "path": "collections/crowdsecurity/aws-cis-benchmark.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cb39befddc3658a98283e8b506c349b50c61023a09f1c4a939acd0a6f5c697d3", "deprecated": false } }, "long_description": "Ondhcm5pbmc6IFRoaXMgdmVyc2lvbiByZXF1aXJlcyBjcm93ZHNlYyB2ZXJzaW9uIDEuNSA6d2FybmluZzoKCiMjIEFXUyBDSVMgQmVuY2htYXJrIGNvbGxlY3Rpb24KClRoaXMgY29sbGVjdGlvbnMgcHJvdmlkZXMgc2NlbmFyaW8gdG8gY29tcGx5IHdpdGggdGhlIHZhcmlvdXMgYWxhcm1zIHJlcXVpcmVtZW50cyBzcGVjaWZpZWQgaW4gdGhlIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9zZWN1cml0eWh1Yi9sYXRlc3QvdXNlcmd1aWRlL3NlY3VyaXR5aHViLXN0YW5kYXJkcy1jaXMuaHRtbCkKCiMjIE5vdGlmaWNhdGlvbnMKClRoaXMgY29sbGVjdGlvbiBpcyBtb3N0bHkgaW50ZW5kZWQgZm9yIG5vdGlmaWNhdGlvbiBwdXJwb3NlcywgeW91J2xsIG5lZWQgdG8gdXBkYXRlIHlvdXIgYC9ldGMvY3Jvd2RzZWMvcHJvZmlsZXMueWFtbGAgdG8gYWRkIHN1cHBvcnQgZm9yIGFsZXJ0cyB3aXRob3V0IHJlbWVkaWF0aW9uLgoKRm9yIGV4YW1wbGUsIHRvIHNlbmQgYSBzbGFjayBub3RpZmljYXRpb24sIGFkZCB0aGlzIHRvIHRoZSB0b3Agb2YgdGhlIHByb2ZpbGUgY29uZmlndXJhdGlvbiBmaWxlOgpgYGB5YW1sCm5hbWU6IGF3c19jbG91ZHRyYWlsX25vdGlmCmZpbHRlcnM6CiAtIEFsZXJ0LkdldFNjZW5hcmlvKCkgc3RhcnRzV2l0aCAiY3Jvd2RzZWN1cml0eS9hd3MtY2lzLWJlbmNobWFyay0iCm5vdGlmaWNhdGlvbnM6CiAgLSBodHRwX2Nsb3VkdHJhaWxfbm90aWYKb25fc3VjY2VzczogYnJlYWsKLS0tCmBgYAoKTmV4dCwgZWRpdCBgL2V0Yy9jcm93ZHNlYy9ub3RpZmljYXRpb25zL2h0dHAueWFtbGAgKHdlIGFyZSB1c2luZyB0aGUgcmF3IEhUVFAgbm90aWZpY2F0aW9uIHBsdWdpbiBoZXJlIGJlY2F1c2UgdGhlIHNsYWNrIG5vdGlmaWNhdGlvbiBwbHVnaW4gb25seSBzdXBwb3J0IHBsYWluIHRleHQgd2l0aG91dCBhbnkgZm9ybWF0dGluZyk6CmBgYHlhbWwKdHlwZTogaHR0cApuYW1lOiBodHRwX2Nsb3VkdHJhaWxfbm90aWYKbG9nX2xldmVsOiBpbmZvCmZvcm1hdDogfAoge3stICRhbGVydHNfY291bnQgOj0gbGVuIC4gLX19CiB7CiAiYXR0YWNobWVudHMiOiBbewogImNvbG9yIjogIiNFMDFFNUEiLAogImJsb2NrcyI6IFsKICAge3stIHJhbmdlICRpbmRleCwgJGVsZW0gOj0gLiAtfX0KICAge3stICRyZWdpb24gOj0gR2V0TWV0YSAuICJyZWdpb24iIC19fQogICB7ey0gJGV2ZW50X3V1aWQgOj0gR2V0TWV0YSAuICJldmVudF9pZCIgLX19CiAgIHt7LSAkYWNjb3VudF9pZCA6PSBHZXRNZXRhIC4gImFjY291bnRfaWQiIC19fQogICB7ey0gJGV2ZW50X25hbWUgOj0gR2V0TWV0YSAuICJldmVudF9uYW1lIiAtfX0KICAge3stICR1c2VyIDo9IEdldE1ldGEgLiAidXNlcl9hcm4iIC19fQogICB7CiAgICAgInR5cGUiOiAiaGVhZGVyIiwKICAgICAidGV4dCI6IHsKICAgICAgICJ0eXBlIjogInBsYWluX3RleHQiLAogICAgICAgImVtb2ppIjogdHJ1ZSwKICAgICAgICJ0ZXh0IjogIjpyb3RhdGluZ19saWdodDogQ2xvdWR0cmFpbCBBbGFybSA6cm90YXRpbmdfbGlnaHQ6IgogICAgIH0KICAgfSwKICAgewogICAgICJ0eXBlIjogInNlY3Rpb24iLAogICAgICJ0ZXh0IjogewogICAgICAgInR5cGUiOiAibXJrZHduIiwKICAgICAgICJ0ZXh0IjogIjxodHRwczovL3t7aW5kZXggJHJlZ2lvbiAwfX0uY29uc29sZS5hd3MuYW1hem9uLmNvbS9jbG91ZHRyYWlsL2hvbWU/cmVnaW9uPXt7aW5kZXggJHJlZ2lvbiAwfX0jL2V2ZW50cy97e2luZGV4ICRldmVudF91dWlkIDB9fXxWaWV3IHRoZSBjbG91ZHRyYWlsIGV2ZW50IGluIHRoZSBBV1MgY29uc29sZT4iCiAgICAgfQogICB9LAogICB7CiAgICAgInR5cGUiOiAiaGVhZGVyIiwKICAgICAgInRleHQiOiB7CiAgICAgICAgInR5cGUiOiAicGxhaW5fdGV4dCIsCiAgICAgICAgInRleHQiOiAiQWxlcnQgRGV0YWlscyIKICAgICAgfQogICB9LAogICB7CiAgICAgInR5cGUiOiAic2VjdGlvbiIsCiAgICAgInRleHQiOiB7CiAgICAgICAidHlwZSI6ICJtcmtkd24iLAogICAgICAgInRleHQiOiAiKlNjZW5hcmlvIE5hbWUqOiB7eyRlbGVtLlNjZW5hcmlvfX1cbiAqU291cmNlIElQKjoge3skZWxlbS5Tb3VyY2UuVmFsdWV9fVxuICpBY2NvdW50IElEKjoge3tpbmRleCAkYWNjb3VudF9pZCAwfX1cbiAqRXZlbnQgTmFtZSo6IHt7aW5kZXggJGV2ZW50X25hbWUgMH19XG4gKlVzZXIqOiB7e2luZGV4ICR1c2VyIDB9fSIKICAgICB9CiAgIH0sCiAgIHsKICAgICAidHlwZSI6ICJoZWFkZXIiLAogICAgICJ0ZXh0IjogewogICAgICAgInR5cGUiOiAicGxhaW5fdGV4dCIsCiAgICAgICAidGV4dCI6ICJFdmVudHMgZGV0YWlscyIKICAgICB9CiAgIH0sCiAgIHsKICAgICAidHlwZSI6ICJzZWN0aW9uIiwKICAgICAidGV4dCI6IHsKICAgICAgICJ0eXBlIjogIm1ya2R3biIsCiAgICAgICAidGV4dCI6ICJ7ey0gcmFuZ2UgJGVsZW0uRXZlbnRzIC19fSB7ey0gcmFuZ2UgLk1ldGEgLX19KiAqe3suS2V5fX0qOiB7ey5WYWx1ZX19IFxuIHt7ZW5kfX0ge3tlbmR9fSIKICAgICB9CiAgIH0sCiAgIHsKICAgICAidHlwZSI6ICJkaXZpZGVyIgogICB9CiAgIHt7LSBpZiBsdCAkaW5kZXggKHN1YiAkYWxlcnRzX2NvdW50IDEpIC19fQogICAsCiAgIHt7LSBlbmQgLX19CiAgIHt7IGVuZCB9fQogXQogfQogXQogfQp1cmw6IDxTTEFDS19XRUJIT09LX1VSTD4KbWV0aG9kOiBQT1NUCi0tLQpgYGAKCk1vcmUgaW5mb3JtYXRpb25zIGFib3V0IHRoZSBub3RpZmljYXRpb24gc3lzdGVtIGNhbiBiZSBmb3VuZCBpbiBbb3VyIGRvY3VtZW50YXRpb25dKGh0dHBzOi8vZG9jcy5jcm93ZHNlYy5uZXQvZG9jcy9uZXh0L25vdGlmaWNhdGlvbl9wbHVnaW5zL2ludHJvKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCnNvdXJjZToga2luZXNpcwpzdHJlYW1fbmFtZTogY2xvdWR0cmFpbC1zdHJlYW0KZnJvbV9zdWJzY3JpcHRpb246IHRydWUKbGFiZWxzOgogdHlwZTogYXdzLWNsb3VkdHJhaWwKYGBg", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkdHJhaWwKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hd3MtY2lzLWJlbmNobWFyay1jbG91ZHRyYWlsLWNvbmZpZy1jaGFuZ2UKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmstY29uZmlnLWNvbmZpZy1jaGFuZ2UKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmstY29uc29sZS1hdXRoLWZhaWwKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmstaWFtLXBvbGljeS1jaGFuZ2UKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmsta21zLWRlbGV0aW9uCiAgLSBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWxvZ2luLW5vLW1mYQogIC0gY3Jvd2RzZWN1cml0eS9hd3MtY2lzLWJlbmNobWFyay1uYWNsLWNoYW5nZQogIC0gY3Jvd2RzZWN1cml0eS9hd3MtY2lzLWJlbmNobWFyay1uZ3ctY2hhbmdlCiAgLSBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXJvb3QtdXNhZ2UKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmstcm91dGUtdGFibGUtY2hhbmdlCiAgLSBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXMzLXBvbGljeS1jaGFuZ2UKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNpcy1iZW5jaG1hcmstc2VjdXJpdHktZ3JvdXAtY2hhbmdlCiAgLSBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXVuYXV0aG9yaXplZC1jYWxsCiAgLSBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXZwYy1jaGFuZ2UKZGVzY3JpcHRpb246ICJBV1MgQ0lTIEJlbmNobWFyazogY2xvdWR0cmFpbCBwYXJzZXIgYW5kIGFsZXJ0aW5nIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBhd3MKICAtIENJUyBiZW5jaG1hcmsKICAtIGNvbXBsaWFuY2UKCg==", "description": "AWS CIS Benchmark: cloudtrail parser and alerting scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/aws-cloudtrail" ], "scenarios": [ "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change", "crowdsecurity/aws-cis-benchmark-config-config-change", "crowdsecurity/aws-cis-benchmark-console-auth-fail", "crowdsecurity/aws-cis-benchmark-iam-policy-change", "crowdsecurity/aws-cis-benchmark-kms-deletion", "crowdsecurity/aws-cis-benchmark-login-no-mfa", "crowdsecurity/aws-cis-benchmark-nacl-change", "crowdsecurity/aws-cis-benchmark-ngw-change", "crowdsecurity/aws-cis-benchmark-root-usage", "crowdsecurity/aws-cis-benchmark-route-table-change", "crowdsecurity/aws-cis-benchmark-s3-policy-change", "crowdsecurity/aws-cis-benchmark-security-group-change", "crowdsecurity/aws-cis-benchmark-unauthorized-call", "crowdsecurity/aws-cis-benchmark-vpc-change" ] }, "crowdsecurity/aws-cloudfront": { "path": "collections/crowdsecurity/aws-cloudfront.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7c24fc8b7c755194e9dcea51ada580b26c11e114c5c1003825cdcdf3c9619aa2", "deprecated": false } }, "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkZnJvbnQKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKZGVzY3JpcHRpb246ICJBV1MgQ2xvdWRGcm9udCBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIEFXUwogIC0gQ2xvdWRGcm9udAogIC0gY3Jhd2wKICAtIHNjYW4KCg==", "description": "AWS CloudFront support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/aws-cloudfront" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/aws-console": { "path": "collections/crowdsecurity/aws-console.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6016dec00d38c1716ed6c11e6c35981dd99bbde726593da257d9fdd5e7748d84", "deprecated": false } }, "long_description": "Ondhcm5pbmc6IFRoaXMgdmVyc2lvbiByZXF1aXJlcyBjcm93ZHNlYyB2ZXJzaW9uID49IDEuNSA6d2FybmluZzoKCiMgQXdzIGNvbnNvbGUgY29sbGVjdGlvbgoKVGhpcyBjb2xsZWN0aW9uIGdyb3VwcwoqIGFuIGF3cyBjbG91ZHRyYWlsIHBhcnNlciAKKiBhbiBhd3MgYnJ1dGUgZm9yY2UgY29uc29sZSBkZXRlY3Rpb24gc2NlbmFyaW8KKiBhbiBhd3Mgbm9uIHdvcmtpbmcgaG91ciBhbmQgbm9uIHdvcmtpbmcgZGF5IGNvbnNvbGUgbG9naW4gZGV0ZWN0aW9uCgpMb29rIGF0IGBjcm93ZHNlY3VyaXR5L2F3cy1jbG91ZHRyYWlsYCBmb3IgZGV0YWlscyBhYm91dCBhY3F1aXNpdGlvbiBjb25maWd1cmF0aW9uLg==", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkdHJhaWwKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hd3MtYmYKICAtIGNyb3dkc2VjdXJpdHkvYXdzLW53by1sb2dpbgpkZXNjcmlwdGlvbjogImF3cyBjbG91ZHRyYWlsIHBhcnNlciBhbmQgYXdzIGNvbnNvbGUgYnJ1dGVmb3JjZSIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBhd3MKCg==", "description": "aws cloudtrail parser and aws console bruteforce", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/aws-cloudtrail" ], "scenarios": [ "crowdsecurity/aws-bf", "crowdsecurity/aws-nwo-login" ] }, "crowdsecurity/aws-postexploit": { "path": "collections/crowdsecurity/aws-postexploit.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c69a44ec8b86aa40e38d2817cd4eb2a1a9fb99233b1ac1428580c8cc3889f782", "deprecated": false } }, "long_description": "IyBBd3MgY29sbGVjdGlvbgoKVGhpcyBjb2xsZWN0aW9uIGdyb3VwcyBhbiBhd3MgY2xvdWR0cmFpbCBwYXJzZXIgYW5kIHR3byBhd3MKcG9zdGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBkZXRlY3Rpb24gc2NlbmFyaW8uCgpUaGlzIGNvbGxlY3Rpb24gaXMgaW50ZW5kZWQgZm9yIGNyb3dkc2VjIGZyb20gdmVyc2lvbiAxLjUuCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkdHJhaWwKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hd3MtY2xvdWR0cmFpbC1wb3N0ZXhwbG9pdApkZXNjcmlwdGlvbjogImF3cyBjbG91ZHRyYWlsIHBhcnNlciBhbmQgYXdzIHBvc3RleHBsb2l0IHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBhd3MKCg==", "description": "aws cloudtrail parser and aws postexploit scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/aws-cloudtrail" ], "scenarios": [ "crowdsecurity/aws-cloudtrail-postexploit" ] }, "crowdsecurity/base-http-scenarios": { "path": "collections/crowdsecurity/base-http-scenarios.yaml", "version": "0.9", "versions": { "0.1": { "digest": "7ee043a9d2e063cad751e6ce5d048f02518a76d39ec81aebed3bae736b0ced9e", "deprecated": false }, "0.2": { "digest": "affdb706e66ffd924086b24e94734589672fb531f80fe366ab06a8c3228962e2", "deprecated": false }, "0.3": { "digest": "543df5abb020afb51f3ab9d83cdc031e95572983e72f32a59b9f6f75cac990c3", "deprecated": false }, "0.4": { "digest": "15018789eeb01f907fad18a16a1bfd3dc4be972455b22b86c73fd95ef334a072", "deprecated": false }, "0.5": { "digest": "98c63493ca04367acd2d889d54141f9bcf22573301b161d6d268ca053159e94e", "deprecated": false }, "0.6": { "digest": "2d70781df8c630d36e5f4800bde77dd7e130481e9c658aa0b3aae7ae95e15271", "deprecated": false }, "0.7": { "digest": "539db14da32a19da683fcfd9c0c92263be5b463e037a3ce35851039c8b512f08", "deprecated": false }, "0.8": { "digest": "dd439becb69e8457354287d0d978476e15e256bc9c4c7143fa4b9981770bf311", "deprecated": false }, "0.9": { "digest": "a8b3855c42316452d5133deb76e2fc6acafa7a1dd02c6ae59fab5369595a2911", "deprecated": false } }, "long_description": "Kipjb250YWlucyBubyBwYXJzZXIsIG1lYW50IHRvIGJlIGVtYmVkZGVkKioKCkEgY29sbGVjdGlvbiBvZiBkZWZlbnNpdmUgKGltcGxlbWVudGF0aW9uIGluZGVwZW5kZW50KSBzY2VuYXJpb3MgZm9yIGh0dHAgc2VydmljZXMgOgogLSBhZ2dyZXNzaXZlIGNyYXdsIGRldGVjdGlvbgogLSBzY2FubmluZy9wcm9iaW5nIGRldGVjdGlvbgogLSBiYWQgdXNlci1hZ2VudCBkZXRlY3Rpb24KIC0gcGF0aCB0cmF2ZXJzYWwgZGV0ZWN0aW9uCiAtIHNlbnNpdGl2ZSBkYXRhIGFjY2VzcyBhdHRlbXB0cyBkZXRlY3Rpb24KIC0gU1FMIGluamVjdGlvbiBkZXRlY3Rpb24KIC0gYWRtaW5pc3RyYXRpb24gaW50ZXJmYWNlIHByb2JpbmcgZGV0ZWN0aW9uCgo6d2FybmluZzogVGhpcyBjb2xsZWN0aW9uIGlzIF9ub3RfIGEgV0FGIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuCgoKCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jcmF3bC1ub25fc3RhdGljcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudAogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXBhdGgtdHJhdmVyc2FsLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zcWxpLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC14c3MtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJhY2tkb29ycy1hdHRlbXB0cwogIC0gbHRzaWNoL2h0dHAtdzAwdHcwMHQKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1nZW5lcmljLWJmCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtb3Blbi1wcm94eQogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWFkbWluLWludGVyZmFjZS1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtd29yZHByZXNzLXNjYW4KY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwX2Jhc2UKZGVzY3JpcHRpb246ICJodHRwIGNvbW1vbiA6IHNjYW5uZXJzIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gaHR0cAogIC0gY3Jhd2wKICAtIHNjYW4K", "description": "http common : scanners detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/http-logs" ], "scenarios": [ "crowdsecurity/http-crawl-non_statics", "crowdsecurity/http-probing", "crowdsecurity/http-bad-user-agent", "crowdsecurity/http-path-traversal-probing", "crowdsecurity/http-sensitive-files", "crowdsecurity/http-sqli-probing", "crowdsecurity/http-xss-probing", "crowdsecurity/http-backdoors-attempts", "ltsich/http-w00tw00t", "crowdsecurity/http-generic-bf", "crowdsecurity/http-open-proxy", "crowdsecurity/http-admin-interface-probing", "crowdsecurity/http-wordpress-scan" ], "contexts": [ "crowdsecurity/http_base" ], "collections": [ "crowdsecurity/http-cve" ] }, "crowdsecurity/caddy": { "path": "collections/crowdsecurity/caddy.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3501cb76beba2ec7f0ed44cf10e249e4db279903813e8b659c1d731c3a66ab2f", "deprecated": false } }, "long_description": "IyMgQ2FkZHkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBjYWRkeSBhZ2FpbnN0IGNvbW1vbiBodHRwIGF0dGFja3MgOgogLSBjYWRkeSBwYXJzZXIKIC0gYmFzZS1odHRwLXNjZW5hcmlvcyBjb2xsZWN0aW9uIHRvIGRldGVjdCBodHRwIGJhZCBiZWhhdmlvcnMKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9jYWRkeS8qLmxvZwogIHR5cGU6IGNhZGR5CmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvY2FkZHktbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogImNhZGR5IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGNhZGR5CiAgLSBjcmF3bAogIC0gc2Nhbgo=", "description": "caddy support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/caddy-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/cpanel": { "path": "collections/crowdsecurity/cpanel.yaml", "version": "0.3", "versions": { "0.1": { "digest": "708cb00f74feff6b8bc5109ba0dea0ed646229adbbb2174288ea7bd185b31e53", "deprecated": false }, "0.2": { "digest": "f2496391e82604dcba85c91ba79ec8204661aca4fdb38f6c46773f203c99b9fe", "deprecated": false }, "0.3": { "digest": "4f16f7015f9fcd4727413b3e742b4582d3c8fd565e1377e6dacdc6ed68e9735c", "deprecated": false } }, "long_description": "IyMgQ3BhbmVsIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgY3BhbmVsLiBDb250YWluczoKICogY3BhbmVsIGxvZyBwYXJzZXIKICogY3BhbmVsIHNjZW5hcmlvIHRvIGRldGVjdCBicnV0ZWZvcmNlCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL2hvbWUvPHVzZXJuYW1lPi9sb2dzL2NwYW5lbC9sb2dpbl9sb2cKbGFiZWxzOgogIHR5cGU6IGNwYW5lbApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvY3BhbmVsLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvY29uZmlnc2VydmVyLWxmZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvY3BhbmVsLWJmCiAgLSBjcm93ZHNlY3VyaXR5L2NwYW5lbC1iZi1hdHRlbXB0CiAgLSBjcm93ZHNlY3VyaXR5L2NvbmZpZ3NlcnZlci1sZmQtYmYKZGVzY3JpcHRpb246ICJjcGFuZWwgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGVmb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGNwYW5lbAogIC0gYnJ1dGVmb3JjZQo=", "description": "cpanel support : parser and bruteforce detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/cpanel-logs", "crowdsecurity/configserver-lfd-logs" ], "scenarios": [ "crowdsecurity/cpanel-bf", "crowdsecurity/cpanel-bf-attempt", "crowdsecurity/configserver-lfd-bf" ] }, "crowdsecurity/discord-crawler-whitelist": { "path": "collections/crowdsecurity/discord-crawler-whitelist.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f8d9ddc77d06de7b5a861a44190bbbb1cd16e71e835c7c85b39d2c03d01c7b33", "deprecated": false } }, "long_description": "IyBEaXNjb3JkIENyYXdsZXIgV2hpdGVsaXN0CgpUaGlzIGNvbGxlY3Rpb25zIHdpbGwgYWRkIGEgcG9zdG92ZXJmbG93IGNoZWNrIHRvIHNlZSBpZiB0aGUgSVAgaXMgYSBEaXNjb3JkIGNyYXdsZXIuIEN1cnJlbnRseSBpdCBjaGVja3MgZm9yIHRoZSBmb2xsb3dpbmcgZG9tYWluczoKICAtIHB0ci5kaXNjb3JkLmNvbQ==", "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvZGlzY29yZC1jcmF3bGVyLXdoaXRlbGlzdAogIC0gY3Jvd2RzZWN1cml0eS9yZG5zCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IERpc2NvcmQgUFRSIGRvbWFpbnMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3QKICAtIGNyYXdsZXIK", "description": "Whitelist Discord PTR domains", "author": "crowdsecurity", "labels": null, "postoverflows": [ "crowdsecurity/discord-crawler-whitelist", "crowdsecurity/rdns" ] }, "crowdsecurity/dovecot": { "path": "collections/crowdsecurity/dovecot.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7990a4b855273b5ceaa379d2979d796e070c96a398caeefbfa1933cc36f690be", "deprecated": false } }, "long_description": "IyMgRG92ZWNvdCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIGRvdmVjb3QKICogZG92ZWNvdCBsb2cgcGFyc2VycwogKiBkb3ZlY290IHNjZW5hcmlvIGJydXRlZm9yY2Ugc3BhbSBhdHRlbXB0CgpUaGlzIGNvbGxlY3Rpb24gbW9zdGx5IGFpbXMgYXQgZ2V0dGluZyBzaW1pbGFyIHNwYW0gcHJvdGVjdGlvbiBhcwp0aGUgbm9ybWFsIGZhaWwyYmFuIGRvdmVjb3QgY29uZmlndXJhdGlvbi4KCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9MdFNpY2gKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9tYWlsLmxvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKCm5vdGVzIDoKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZG92ZWNvdCBzdXBwb3J0IDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3BhbQogIC0gYnJ1dGVmb3JjZQo=", "description": "dovecot support : parser and spammer detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/dovecot-logs" ], "scenarios": [ "crowdsecurity/dovecot-spam" ] }, "crowdsecurity/endlessh": { "path": "collections/crowdsecurity/endlessh.yaml", "version": "0.1", "versions": { "0.1": { "digest": "43b070a6e5c49f66dc970d4a8cc8fb37cef90c5da5aa6276c012e343ba06f0e5", "deprecated": false } }, "long_description": "IyMgRW5kbGVzc2ggY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBbRW5kbGVzc2hdKGh0dHBzOi8vZ2l0aHViLmNvbS9za2VldG8vZW5kbGVzc2gpCiAqIGxvZyBwYXJzZXIKICogYnJ1dGUtZm9yY2Ugc2NlbmFyaW8KCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9iYW14MjMKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2VuZGxlc3NoLmxvZwpsYWJlbHM6CiAgdHlwZTogZW5kbGVzc2gKYGBgCgpZb3UgbmVlZCB0byBjb25maWd1cmUgRW5kbGVzc2ggdG8gd3JpdGUgbG9ncyB0byB0aGlzIHBhdGguCkkuZS4gYnkgaGF2aW5nIHRoaXMgbGluZSBpbiBgL3Vzci9saWIvc3lzdGVtZC9zeXN0ZW0vZW5kbGVzc2guc2VydmljZWA6CgpgYGAKU3RhbmRhcmRPdXRwdXQ9ZmlsZTovdmFyL2xvZy9lbmRsZXNzaC5sb2cKYGBgCg==", "content": "I3RoZSBsaXN0IG9mIHBhcnNlcnMgaXQgY29udGFpbnMKcGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtYmYKZGVzY3JpcHRpb246ICJlbmRsZXNzaCBzdXBwb3J0IDogbG9ncyBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3NoCiAgLSBlbmRsZXNzaAogIC0gYnJ1dGVmb3JjZQo=", "description": "endlessh support : logs parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/endlessh-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "crowdsecurity/endlessh-bf" ] }, "crowdsecurity/exchange": { "path": "collections/crowdsecurity/exchange.yaml", "version": "0.3", "versions": { "0.1": { "digest": "95cf2f72de900427c545793800c465716508b4e2953bdc0024b8d757fbbed8df", "deprecated": false }, "0.2": { "digest": "cc3b0e749e8fd9470d6274bc9cace5d7fa1fa2d09eac6c36a4c998600c449dae", "deprecated": false }, "0.3": { "digest": "33da539eede53d578b7f415591d69b9ffabdfdf59b33de2a5f9224e5b345785c", "deprecated": false } }, "long_description": "IyMgRXhjaGFuZ2UgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBNaWNyb3NvZnQgRXhjaGFuZ2U6CiAtIERldGVjdCBicnV0ZWZvcmNlIG9uIGFuIE9XQSBpbnN0YW5jZQogLSBEZXRlY3QgYnJ1dGVmb3JjZSBvbiB0aGUgU01UUCBzZXJ2aWNlIG9mIEV4Y2hhbmdlCgpOb3RlOgogLSBUaGlzIGNvbGxlY3Rpb24gd2lsbCByZWFkIHRoZSBleGNoYW5nZSB0cmFuc3BvcnQgbG9ncywgd2hpY2ggYXJlIG5vdCB3cml0dGVuIHRvIGRpc2sgaW4gcmVhbCB0aW1lLiBJbiBvcmRlciB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZSBpbiBsb3cgdHJhZmZpYyBlbnZpcm9ubWVudCwgc2V0IHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgcGFyYW1ldGVyIHRvIGB0cnVlYC4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XFRyYW5zcG9ydFJvbGVzXExvZ3NcRnJvbnRFbmRcUHJvdG9jb2xMb2dcU210cFJlY2VpdmVcKi5MT0cKbGFiZWxzOgogIHR5cGU6IGV4Y2hhbmdlLXNtdHAKLS0tCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XExvZ2dpbmdcSW1hcDRcKi5MT0cKbGFiZWxzOgogIHR5cGU6IGV4Y2hhbmdlLWltYXAKLS0tCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxQcm9ncmFtIEZpbGVzXE1pY3Jvc29mdFxFeGNoYW5nZSBTZXJ2ZXJcVjE1XExvZ2dpbmdcUG9wM1wqLkxPRwpsYWJlbHM6CiAgdHlwZTogZXhjaGFuZ2UtcG9wCi0tLQojT1dBIGZhaWxlZCBhdHRlbXB0cyBhcmUgbG9nZ2VkIGluIHRoZSBzYW1lIHdheSBhcyBSRFAgZmFpbGVkIGF1dGggCnNvdXJjZTogd2luZXZlbnRsb2cKZXZlbnRfY2hhbm5lbDogU2VjdXJpdHkKZXZlbnRfaWRzOgogLSA0NjI1CmV2ZW50X2xldmVsOiBpbmZvcm1hdGlvbgpsYWJlbHM6CiB0eXBlOiBldmVudGxvZwpgYGA=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZXhjaGFuZ2Utc210cC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWltYXAtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9leGNoYW5nZS1wb3AtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MKICAtIGNyb3dkc2VjdXJpdHkvaWlzCmRlc2NyaXB0aW9uOiAiRXhjaGFuZ2Ugc3VwcG9ydCA6IEJydXRlZm9yY2UgZGV0ZWN0aW9uIGZvciBPV0EsU01UUCxJTUFQIGFuZCBQT1AiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2luZG93cwogIC0gaWlzCiAgLSBleGNoYW5nZQogIC0gYnJ1dGVmb3JjZQoK", "description": "Exchange support : Bruteforce detection for OWA,SMTP,IMAP and POP", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/exchange-smtp-logs", "crowdsecurity/exchange-imap-logs", "crowdsecurity/exchange-pop-logs" ], "scenarios": [ "crowdsecurity/exchange-bf", "crowdsecurity/windows-bf" ], "collections": [ "crowdsecurity/windows", "crowdsecurity/iis" ] }, "crowdsecurity/exim": { "path": "collections/crowdsecurity/exim.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f4a5ec5e7a5d52b4686e3c58481e098a231adc603e559bb3cb9aab888545eaa4", "deprecated": false } }, "long_description": "IyMgRXhpbSBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIEV4aW0gbWFpbCBzZXJ2ZXIKICogZXhpbSBsb2cgcGFyc2VyCiAqIGV4aW0gc2NlbmFyaW8gZm9yIGJydXRlZm9yY2UgYW5kIHNwYW0gYXR0ZW1wdAoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9leGltX21haW5sb2cKbGFiZWxzOgogIHR5cGU6IGV4aW0KYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZXhpbS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZXhpbS1iZgogIC0gY3Jvd2RzZWN1cml0eS9leGltLXNwYW0KZGVzY3JpcHRpb246ICJleGltIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlZm9yY2Uvc3BhbSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK", "description": "exim support : parser and bruteforce/spam detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/exim-logs" ], "scenarios": [ "crowdsecurity/exim-bf", "crowdsecurity/exim-spam" ] }, "crowdsecurity/fastly": { "path": "collections/crowdsecurity/fastly.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6bac9453d3b274fc310b558fe41672ff09ac910463e3bea982b4f14cb3a7bf61", "deprecated": false } }, "long_description": "IyMgRmFzdGx5IGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgZmFzdGx5IGFnYWluc3QgY29tbW9uIGh0dHAgYXR0YWNrcyA6CiAtIGZhc3RseSBkZWZhdWx0IGxvZyBmb3JtYXQgcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYgZXRjLikKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9mYXN0bHkvKi5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwogIGV4dGVybmFsX2Zvcm1hdDogZmFzdGx5CmBgYAoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZmFzdGx5LWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKZGVzY3JpcHRpb246ICJmYXN0bHkgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmYXN0bHkKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2Fu", "description": "fastly support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/fastly-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/freebsd": { "path": "collections/crowdsecurity/freebsd.yaml", "version": "0.3", "versions": { "0.1": { "digest": "f2969de2e7c76a12e9c9f6a7797a62f184df6a2c188db2ac6b1e0914e342b59f", "deprecated": false }, "0.2": { "digest": "306667f291b1cb3b9fc27122c82cea3e59cb6e2f9597a1eee995b6f010fac7a1", "deprecated": false }, "0.3": { "digest": "985e9853fb5799730272b51c4495648e0fa6a1d8566a2e517aa1166d06a02e29", "deprecated": false } }, "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGZyZWVic2QqKgoKY29udGFpbnMgc3VwcG9ydCBmb3Igc3lzbG9nLCBkbyBub3QgcmVtb3ZlLgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGZyZWVic2Qgc3VwcG9ydCA6IHN5c2xvZytnZW9pcCtzc2giCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gZnJlZWJzZAoK", "description": "core freebsd support : syslog+geoip+ssh", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "collections": [ "crowdsecurity/sshd" ] }, "crowdsecurity/freeswitch": { "path": "collections/crowdsecurity/freeswitch.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3a7747ed253a57ef3f985cf18d1649fdea195db3608c6a162ccba43c3066b63a", "deprecated": false } }, "long_description": "IyMgZnJlZXN3aXRjaCBjb2xsZWN0aW9uCgojIyMgRGVzY3JpcHRpb24KClRoaXMgY29sbGVjdGlvbiB3aWxsIHBhcnNlIGZyZWVzd2l0Y2ggbG9ncyBhbmQgYWN0IHVwb24gdGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbjoKCiogYGZyZWVzd2l0Y2gtdXNlci1lbnVtZXJhdGlvbmAgOiB3aGVuIGFuIElQIHRyaWVzIHRvIGVudW1lcmF0ZSB1c2VycwoqIGBmcmVlc3dpdGNoLXNsb3ctdXNlci1lbnVtZXJhdGlvbmAgOiB3aGVuIGFuIElQIHRyaWVzIHRvIGVudW1lcmF0ZSB1c2VycyBzbG93bHkKKiBgZnJlZXN3aXRjaC1iZmAgOiB3aGVuIGFuIElQIGhhcyBtb3JlIHRoYW4gNSBmYWlsZWQgYXR0ZW1wdHMgdG8gYXV0aGVudGljYXRlCiogYGZyZWVzd2l0Y2gtc2xvdy1iZmAgOiB3aGVuIGFuIElQIGhhcyBtb3JlIHRoYW4gMjAgZmFpbGVkIGF0dGVtcHRzIHRvIGF1dGhlbnRpY2F0ZQoqIGBmcmVlc3dpdGNoLWFjbC1yZWplY3RgIDogd2hlbiBhbiBJUCBpcyByZWplY3RlZCBieSB0aGUgQUNMIDE1IHRpbWVzCgojIyMgRXhhbXBsZSBhY3F1aXMueWFtbAogICAgCmBgYHlhbWwKZmlsZW5hbWU6IC92YXIvbG9nL2ZyZWVzd2l0Y2gvZnJlZXN3aXRjaC5sb2cKbGFiZWxzOgogICAgdHlwZTogZnJlZXN3aXRjaApgYGA=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZnJlZXN3aXRjaApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVzd2l0Y2gtdXNlci1lbnVtZXJhdGlvbgogIC0gY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLWJmCiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVzd2l0Y2gtYWNsLXJlamVjdApkZXNjcmlwdGlvbjogImZyZWVzd2l0Y2ggY29sbGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB2b2lw", "description": "freeswitch collection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/freeswitch" ], "scenarios": [ "crowdsecurity/freeswitch-user-enumeration", "crowdsecurity/freeswitch-bf", "crowdsecurity/freeswitch-acl-reject" ] }, "crowdsecurity/haproxy": { "path": "collections/crowdsecurity/haproxy.yaml", "version": "0.1", "versions": { "0.1": { "digest": "41d5394188f55956e017cb3f851e93411dbf078b0176a0968dd7760b1ad5b2e5", "deprecated": false } }, "long_description": "IyMgSGFwcm94eSBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIGhhcHJveHkgaHR0cCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gaGFwcm94eSBodHRwIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmIGV0Yy4pCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2hhcHJveHkvKi5sb2cKbGFiZWxzOgogIHR5cGU6IGhhcHJveHkKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaGFwcm94eS1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiaGFwcm94eSBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBoYXByb3h5CiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "haproxy support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/haproxy-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/home-assistant": { "path": "collections/crowdsecurity/home-assistant.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4af5665511aa35371d1abf2007505863c4e166a1637a51a47c5f7db49f2bdf76", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaG9tZS1hc3Npc3RhbnQtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2hvbWUtYXNzaXN0YW50LWJmCmRlc2NyaXB0aW9uOiAiSG9tZSBhc3Npc3RhbnQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGhvbWUtYXNzaXN0YW50CiAgLSBicnV0ZWZvcmNlCg==", "description": "Home assistant support : logs and brute-force scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/home-assistant-logs" ], "scenarios": [ "crowdsecurity/home-assistant-bf" ] }, "crowdsecurity/http-cve": { "path": "collections/crowdsecurity/http-cve.yaml", "version": "2.6", "versions": { "0.1": { "digest": "30748e051a470c1bc91506ae63e8784cd054564f90ccc23eb655823fc30e3019", "deprecated": false }, "0.2": { "digest": "bc244c864674e59cd36ec4781bb85b5f94f77562a28a65e6bb64da789cf97379", "deprecated": false }, "0.3": { "digest": "8a33f5787f19100add139f53ae98978a2c265badaf99b09365a47d686baeb5b2", "deprecated": false }, "0.4": { "digest": "f5a38fc37ff6a5aa80a1411fe75ba27d9691ebf3da96b6d169d2fecc052fb528", "deprecated": false }, "0.5": { "digest": "f9be2b19b2c12d4b0d4fc10de95b3138c4ae19ccaa04975d1e6a242e1fc2abf4", "deprecated": false }, "0.6": { "digest": "d385131b7c0763a6fe71d6544599e69d79e6ff97c92b2b253470b9b1632bb71a", "deprecated": false }, "0.7": { "digest": "33d997a205be7dad55f5fadb1b56da3cd7a22b6333037af83132a948a6cc063f", "deprecated": false }, "0.8": { "digest": "9a6f6b6afb19f4ecafa4cb195d96c3380d9f2b5621424a1ee296ae34dc29f814", "deprecated": false }, "0.9": { "digest": "ff8e1e8b942d229cbe6de261b864fef4052b3c83018fe389b5441bd62c824d38", "deprecated": false }, "1.0": { "digest": "c10453ceeb22dcdf11fa386fe072c9aa6ede4a76e7cc9940caa429d8ec8814d5", "deprecated": false }, "1.1": { "digest": "d211c127d1295986dd11c1502295e538943baafcb04bab094b792f85531376f9", "deprecated": false }, "1.2": { "digest": "e1a9c0a6a058d043717ce66c649f632161d9ea788a77c9ce92ad50ab231c920c", "deprecated": false }, "1.3": { "digest": "537a00505f86acb335d66130e9e3d1cc867d99a26fe7d3a66904eb3ec57c3f43", "deprecated": false }, "1.4": { "digest": "e07c151e8686c9cf5ba5f5cb1513c8edeb1e4d6ee6a3672a835a0441c3cfcff7", "deprecated": false }, "1.5": { "digest": "97e3a10706edfa4ccb637673705d133e24ec8601f7199c7fd5884bd673778506", "deprecated": false }, "1.6": { "digest": "f38f6f62c92971e1537992406128a5438962f8bea6b9fdd9d8eacd5fd5cb6485", "deprecated": false }, "1.7": { "digest": "f7d7eb0b2c5257e689397ff696e85a56640f0819ef4695c47119927aefbf8c79", "deprecated": false }, "1.8": { "digest": "a00340eb67ac16be546794135dd64ee2ae1709989d1d31ae7633de771bcec529", "deprecated": false }, "1.9": { "digest": "74c4696ca67d82e18dd6188f8934699f0c3b10e8ccde318d9de2a6ca9c40f31c", "deprecated": false }, "2.0": { "digest": "282fb0e5941d39b850f3199498fe282c69293c7f29892c80e16d28e4c452608d", "deprecated": false }, "2.1": { "digest": "bf083cddb42468da403bdcba02efc6e287ef640512a0442f7b180dc091e1fb44", "deprecated": false }, "2.2": { "digest": "a80217f6b47bfb101bad21a25666123b1f940d1dcd31e1e1e320b6213fa9f4b0", "deprecated": false }, "2.3": { "digest": "00e148cb998efbf5668391f2971ec39ee3c2bcc8e0e6c952fe436709678abf72", "deprecated": false }, "2.4": { "digest": "9a1288c042d53f81c16653efae7084bbb83e56cec8a6eade98c702e2febb8d4e", "deprecated": false }, "2.5": { "digest": "c6c395c6d6d694ecfb8957e93bd8895a8c341511d070486cbd768056a323994d", "deprecated": false }, "2.6": { "digest": "dd2e8debbba19d19646b9a8010baf9bd901a4eec84a53a0cb62294b8da3e91ef", "deprecated": false } }, "long_description": "CgpBIGNvbGxlY3Rpb24gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBzb21lIHNwZWNpZmljIGh0dHAgQ1ZFcy4KCldvcmtzIHdpdGggW2FwYWNoZTJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb2xsZWN0aW9ucy9hcGFjaGUyKSwgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpLCBbdHJhZWZpa10oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2NvbGxlY3Rpb25zL3RyYWVmaWspIGV0Yy4KCjp3YXJuaW5nOiBXaGlsZSB0aGlzIGNvbGxlY3Rpb24gaXMgZnJlcXVlbnRseSB1cGRhdGVkIHdpdGggdHJlbmRpbmcgQ1ZFcywgaXQgaXMgX25vdF8gYSBXQUYgYW5kIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtaaW1icmEgQ1ZFLTIwMjItMzcwNDJdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM3MDQyKQogLSBbTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyXShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTA4MikKIC0gW0dMUEkgQ1ZFLTIwMjItMzU5MTRdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM1OTE0KQogLSBbRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODRdKGh0dHBzOi8vd3d3Lmhvcml6b24zLmFpL2ZvcnRpb3MtZm9ydGlwcm94eS1hbmQtZm9ydGlzd2l0Y2htYW5hZ2VyLWF1dGhlbnRpY2F0aW9uLWJ5cGFzcy10ZWNobmljYWwtZGVlcC1kaXZlLWN2ZS0yMDIyLTQwNjg0LykKIC0gW0NvbmZsdWVuY2UgQ1ZFLTIwMjItMjYxMzRdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQpCiAtIFtUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5KQogLSBbR2hvc3QgQ01TIENWRS0yMDIyLTQxNjk3XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTY5NykKIC0gW0NhY3RpIENWRS0yMDIyLTQ2MTY5XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00NjE2OSkKIC0gW0NlbnRvcyBXZWIgUGFuZWwgNyBDVkUtMjAyMi00NDg3N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDQ4NzcpCiAtIFtUZWxlcmlrIFVJIENWRS0yMDE5LTE4OTM1XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDE5LTE4OTM1KQogLSBbTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb25dKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4KQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxNV0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vc2VjdXJpdHkvY3ZlLTIwMjMtMjI1MTUtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1zZXJ2ZXItMTI5NTY4MjI3Ni5odG1sKQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxOF0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vcGFnZXMvdmlld3BhZ2UuYWN0aW9uP3BhZ2VJZD0xMzExNDczOTA3KQogLSBbT3duY2xvdWQgQ1ZFLTIwMjMtNDkxMDNdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIzLTQ5MTAzKQogLSBbUEhQIFVuaXR0ZXN0IEZyYW1ld29yayBDVkUtMjAxNy05ODQxXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTctOTg0MSkKCgoKCg==", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE4CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTQ5MTAzCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE3LTk4NDEKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRSBleHBsb2l0YXRpb24gaW4gaHR0cCBsb2dzIgp0YWdzOgogIC0gd2ViCiAgLSBleHBsb2l0CiAgLSBjdmUKICAtIGh0dHAK", "description": "Detect CVE exploitation in http logs", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-cve-2021-41773", "crowdsecurity/http-cve-2021-42013", "crowdsecurity/grafana-cve-2021-43798", "crowdsecurity/vmware-vcenter-vmsa-2021-0027", "crowdsecurity/fortinet-cve-2018-13379", "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", "crowdsecurity/f5-big-ip-cve-2020-5902", "crowdsecurity/thinkphp-cve-2018-20062", "crowdsecurity/apache_log4j2_cve-2021-44228", "crowdsecurity/jira_cve-2021-26086", "crowdsecurity/spring4shell_cve-2022-22965", "crowdsecurity/vmware-cve-2022-22954", "crowdsecurity/CVE-2022-37042", "crowdsecurity/CVE-2022-41082", "crowdsecurity/CVE-2022-35914", "crowdsecurity/CVE-2022-40684", "crowdsecurity/CVE-2022-26134", "crowdsecurity/CVE-2022-42889", "crowdsecurity/CVE-2022-41697", "crowdsecurity/CVE-2022-46169", "crowdsecurity/CVE-2022-44877", "crowdsecurity/CVE-2019-18935", "crowdsecurity/netgear_rce", "crowdsecurity/CVE-2023-22515", "crowdsecurity/CVE-2023-22518", "crowdsecurity/CVE-2023-49103", "crowdsecurity/CVE-2017-9841" ] }, "crowdsecurity/http-dos": { "path": "collections/crowdsecurity/http-dos.yaml", "version": "0.2", "versions": { "0.1": { "digest": "9b9657dd6f304e3660f4dd8e9e289ef3d7302cdad759c5efc72333c1e3e96020", "deprecated": false }, "0.2": { "digest": "3ffa21f9474ea37d7c7d70156d05d557c16a62b8ae08dce202ce5d288609fef7", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0aW5nIEhUVFAgRE9TCgpUaGlzIGNvbGxlY3Rpb24gb2Ygc2NlbmFyaW9zIGRldGVjdHMgc3BlY2lmaWMgSFRUUCBEb1MgdG9vbHMgdGhhdCBhcmUgbm90IGRldGVjdGVkIGJ5IGRlZmF1bHQgSFRUUCBzY2VuYXJpb3MuCgpUbyB3b3JrIGNvcnJlY3RseSwgaXQgcmVxdWlyZXMgdGhlIGFzc29jaWF0ZWQgSFRUUCBjb2xsZWN0aW9uIG9mIHlvdXIgd2Vic2VydmVyIHRvIGJlIHByZXNlbnQsIHN1Y2ggYXMgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpIG9yIFthcGFjaGUyXShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvYXBhY2hlMikuCgpHaXZlbiB0aGUgdmVyeSBuYXR1cmUgb2YgdGhlIHNjZW5hcmlvcywgcHJvcGVyIHRlc3RpbmcgaXMgYWR2aXNlZCB0byBhdm9pZCBmYWxzZS1wb3NpdGl2ZXM6CgogLSBCeSBbcmVwbGF5aW5nICJjb2xkIiBsb2dzXShodHRwczovL2RvYy5jcm93ZHNlYy5uZXQvZG9jcy9uZXh0L3VzZXJfZ3VpZGVzL3JlcGxheV9tb2RlKSB0byBlbnN1cmUgbm8gZmFsc2UtcG9zaXRpdmVzIGFyZSBwcmVzZW50CiAtIEJ5IHNldHRpbmcgdGhlIHNjZW5hcmlvcyBpbiBbInNpbXVsYXRpb24gbW9kZSJdKGh0dHBzOi8vZG9jLmNyb3dkc2VjLm5ldC9kb2NzL25leHQvY3NjbGkvY3NjbGlfc2ltdWxhdGlvbi8pIGZvciBvYnNlcnZhYmlsaXR5Cgo=", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWRvcy1ieXBhc3MtY2FjaGUKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1kb3MtcmFuZG9tLXVyaQogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWRvcy1zd2l0Y2hpbmctdWEKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1kb3MtaW52YWxpZC1odHRwLXZlcnNpb25zCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2ViCiAgLSBkb3MKICAtIGh0dHAK", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-dos-bypass-cache", "crowdsecurity/http-dos-random-uri", "crowdsecurity/http-dos-switching-ua", "crowdsecurity/http-dos-invalid-http-versions" ] }, "crowdsecurity/iis": { "path": "collections/crowdsecurity/iis.yaml", "version": "0.1", "versions": { "0.1": { "digest": "045c579c8cbb0e1e15f76c22b6465d6113df4117e48ae018043c2c1c01cd4b42", "deprecated": false } }, "long_description": "IyMgSUlTIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiBmb3IgSUlTIDoKIC0gSVNTIHBhcnNlciAob25seSBXM0MgZm9ybWF0IGlzIHN1cHBvcnRlZCwgd2l0aCB0aGUgZGVmYXVsdCBmb3JtYXQpCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgZm9yIGNyYXdsLCBzY2FuIGV0Yy4KCk5vdGU6CiAtIElJUyB3aWxsIGJ1ZmZlciB0aGUgbG9ncyBpbiBtZW1vcnkgYmVmb3JlIHdyaXRpbmcgdGhlbSB0byB0aGUgbG9nIGZpbGUgKG9yIHRoZSBldmVudCBsb2cpLiBUaGUgZmx1c2ggaXMgZG9uZSBldmVyeSBtaW51dGUgb3IgZXZlcnkgNjRrQiBieSBkZWZhdWx0LCB0aGlzIGNhbiBsZWFkIHRvIHNvbWUgZmFsc2UgcG9zaXRpdmVzIG9uIGxvdyB0cmFmZmljIHdlYnNpdGVzLCBhcyBjcm93ZHNlYyB3aWxsIGJlIGEgc3VyZ2Ugb2YgbG9ncyBldmVyeSBtaW51dGUuIFRoaXMgY2FuIGJlIG1pdGlnYXRlZCBieSBzZXR0aW5nIHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgc2V0dGluZ3MgdG8gdHJ1ZSBpbiB0aGUgcmVsZXZhbnQgc2VjdGlvbiBvZiB5b3VyIGFjcXVpc2l0aW9uIGNvbmZpZy4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gaWYgeW91IGxvZyB0byBhIGZpbGU6CgpgYGB5YW1sCnVzZV90aW1lX21hY2hpbmU6IHRydWUgI1Byb2Nlc3MgbG9ncyBhcyBpZiB3ZSB3ZXJlIHJlcGxheWluZyB0aGVtIHRvIGdldCB0aGUgdGltZXN0YW1wIGZyb20gdGhlIApmaWxlbmFtZXM6CiAgLSBDOlxpbmV0cHViXGxvZ3NcTG9nRmlsZXNcKlwqLmxvZwpsYWJlbHM6CiAgdHlwZTogaWlzCmBgYAoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIGlmIHlvdSBsb2cgdG8gd2luZG93cyBldmVudHM6CmBgYHlhbWwKc291cmNlOiB3aW5ldmVudGxvZwpldmVudF9jaGFubmVsOiBNaWNyb3NvZnQtSUlTLUxvZ2dpbmcvTG9ncwpldmVudF9pZHM6CiAtIDYyMDAKZXZlbnRfbGV2ZWw6IGluZm9ybWF0aW9uCmxhYmVsczoKIHR5cGU6IGlpcwpgYGAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaWlzLWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKZGVzY3JpcHRpb246ICJJSVMgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyAiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2luZG93cwogIC0gaWlzCiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "IIS support : parser and generic http scenarios ", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/iis-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/iptables": { "path": "collections/crowdsecurity/iptables.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ba5c8e97c06b19e4c075e0285e6b60c1da3b86381c88c4bfea4b374378ced10a", "deprecated": false }, "0.2": { "digest": "d59e4198c2b88cccb6f9da9f9375348a1835d7f5a933d7452693ad0321ef1282", "deprecated": false } }, "long_description": "IyMgSXB0YWJsZXMvTmZ0YWJsZXMgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBwb3J0c2NhbiBkZXRlY3Rpb24gdmlhIGlwdGFibGVzL25mdGFibGVzIDoKIC0gaXB0YWJsZXMvbmZ0YWJsZXMgcGFyc2VyIChsaWtlIGluIGAtaiBMT0dgKQogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cva2Vybi5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCkRlYmlhbiAxMiBleGFtcGxlICh3aXRob3V0IHJzeXNsb2cpCgpgYGB5YW1sCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKIC0gIi1rIgpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKbm90ZXMgOgogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLXNjYW4tbXVsdGlfcG9ydHMKY29udGV4dHM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZpcmV3YWxsX2Jhc2UKZGVzY3JpcHRpb246ICJpcHRhYmxlcyBzdXBwb3J0IDogbG9ncyBhbmQgcG9ydC1zY2FucyBkZXRlY3Rpb24gc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwb3J0c2NhbgogIC0gaXB0YWJsZXMKCg==", "description": "iptables support : logs and port-scans detection scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/iptables-logs" ], "scenarios": [ "crowdsecurity/iptables-scan-multi_ports" ], "contexts": [ "crowdsecurity/firewall_base" ] }, "crowdsecurity/k8s-audit": { "path": "collections/crowdsecurity/k8s-audit.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b1f61b14b0f5411d78d1737375a01790e6c3b45feec2fbcb35595a39f17ecadd", "deprecated": false } }, "long_description": "Ondhcm5pbmc6IFRoaXMgdmVyc2lvbiByZXF1aXJlcyBjcm93ZHNlYyB2ZXJzaW9uIDEuNSA6d2FybmluZzoKCiMjIEt1YmVybmV0ZXMgQXVkaXQgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBLdWJlcm5ldGVzIGF1ZGl0IGxvZ3MgOgogLSBLdWJlcm5ldGVzIGF1ZGl0IGxvZ3MgcGFyc2VyCiAtIFNjZW5hcmlvcyB0byBkZXRlY3Qgc2VjdXJpdHkgcmVsYXRlZCBldmVudHMgKHByaXZpbGVnZWQgcG9kIGNyZWF0aW9uLCBleGVjIGludG8gYSBwb2QsIG1vdW50aW5nIGEgc2Vuc2l0aXZlIGhvc3QgZm9sZGVyLCAuLi4pCgpNb3N0IHNjZW5hcmlvcyBpbiB0aGlzIGNvbGxlY3Rpb24gd2lsbCAqbm90KiBsZWFkIHRvIGEgZGVjaXNpb24sIHRoZXkgYXJlIG1vc3RseSBpbnRlbmRlZCBmb3Igbm90aWZpY2F0aW9uIHB1cnBvc2VzLgoKIyMgTm90aWZpY2F0aW9ucwoKQXMgdGhpcyBjb2xsZWN0aW9uIGlzIG1vc3RseSBpbnRlbmRlZCBmb3Igbm90aWZpY2F0aW9ucywgeW91IHdpbGwgbmVlZCB0byB1cGRhdGUgeW91ciBgL2V0Yy9jcm93ZHNlYy9wcm9maWxlcy55YW1sYCB0byBhZGQgc3VwcG9ydCBmb3IgYWxlcnRzIHdpdGhvdXQgcmVtZWRpYXRpb24uCgpGb3IgZXhhbXBsZSwgaWYgeW91IHdhbnQgc2xhY2sgbm90aWZpY2F0aW9ucywgYWRkIHRoZSBmb2xsb3dpbmcgYXQgdGhlIHRvcCBvZiB0aGUgZmlsZToKYGBgeWFtbApuYW1lOiBrOHNfYXVkaXRfbm90aWZpY2F0aW9uCmZpbHRlcnM6CiAtIEFsZXJ0LlJlbWVkaWF0aW9uID09IGZhbHNlICYmIEFsZXJ0LkdldFNjZW5hcmlvKCkgc3RhcnRzV2l0aCAiY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQiCm5vdGlmaWNhdGlvbnM6CiAgLSBzbGFja19rOHNfYXVkaXQKb25fc3VjY2VzczogYnJlYWsKLS0tCmBgYAoKTmV4dCwgZWRpdCBgL2V0Yy9jcm93ZHNlYy9ub3RpZmljYXRpb25zL3NsYWNrLnlhbWxgIGFzIGZvbGxvdzoKYGBgeWFtbAp0eXBlOiBzbGFjawpuYW1lOiBzbGFja19rOHNfYXVkaXQKCmxvZ19sZXZlbDogaW5mbwoKZm9ybWF0OiB8CiAgS3ViZXJuZXRlcyBTZWN1cml0eSBBbGVydDogCiAge3tyYW5nZSAuIC19fQogIHt7JGFsZXJ0IDo9IC4gLX19CiAge3stICRyZXNvdXJjZV9uYW1lIDo9IEdldE1ldGEgJGFsZXJ0ICJyZXNvdXJjZV9uYW1lIiAtfX0KICB7ey0gJHJlc291cmNlX2tpbmQgOj0gR2V0TWV0YSAkYWxlcnQgImtpbmQiIC19fQogICAtIFNjZW5hcmlvOiB7eyRhbGVydC5TY2VuYXJpb319CiAgIC0gU291cmNlIElQOiB7e0dldE1ldGEgJGFsZXJ0ICJzb3VyY2VfaXAifX0KICAgLSBVc2VyOiB7e0dldE1ldGEgJGFsZXJ0ICJ1c2VyIn19CiAgIC0gTmFtZXNwYWNlOiB7e0dldE1ldGEgJGFsZXJ0ICJuYW1lc3BhY2UifX0KICAge3stIGlmICRyZXNvdXJjZV9uYW1lIH19CiAgIC0gUmVzb3VyY2UgTmFtZToge3tHZXRNZXRhICRhbGVydCAicmVzb3VyY2VfbmFtZSJ9fQogICB7ey0gZW5kIC19fQogICB7ey0gaWYgJHJlc291cmNlX25hbWUgfX0KICAgLSBSZXNvdXJjZSBLaW5kOiB7e0dldE1ldGEgJGFsZXJ0ICJraW5kIn19CiAgIHt7LSBlbmQgfX0KICAtLS0tCiAge3tlbmQgLX19CgoKd2ViaG9vazogPFdFQkhPT0tfVVJMPgpgYGAKCk1vcmUgaW5mb3JtYXRpb25zIGFib3V0IHRoZSBub3RpZmljYXRpb24gc3lzdGVtIGNhbiBiZSBmb3VuZCBpbiBbb3VyIGRvY3VtZW50YXRpb25dKGh0dHBzOi8vZG9jcy5jcm93ZHNlYy5uZXQvZG9jcy9uZXh0L25vdGlmaWNhdGlvbl9wbHVnaW5zL2ludHJvKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiBpZiB5b3UgbG9nIHRvIGEgZmlsZToKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvazhzL2F1ZGl0LmxvZwpsYWJlbHM6CiB0eXBlOiBrOHMtYXVkaXQKYGBgCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gaWYgeW91IHVzZSB0aGUgYGs4c19hdWRpdGAgZGF0YXNvdXJjZToKYGBgeWFtbApzb3VyY2U6IGs4c19hdWRpdApsaXN0ZW5fYWRkcjogMC4wLjAuMApsaXN0ZW5fcG9ydDogNDI0Mgp3ZWJob29rX3BhdGg6IC9hdWRpdC93ZWJob29rL2V2ZW50CmxhYmVsczoKIHR5cGU6IGs4cy1hdWRpdApgYGAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvazhzLWF1ZGl0CnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvazhzLWF1ZGl0LWFub255bW91cy1hY2Nlc3MKICAtIGNyb3dkc2VjdXJpdHkvazhzLWF1ZGl0LWFwaS1zZXJ2ZXItYnJ1dGVmb3JjZQogIC0gY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQtcG9kLWhvc3QtbmV0d29yawogIC0gY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQtcG9kLWV4ZWMKICAtIGNyb3dkc2VjdXJpdHkvazhzLWF1ZGl0LXBvZC1ob3N0LXBhdGgtdm9sdW1lCiAgLSBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1wcml2aWxlZ2VkLXBvZC1jcmVhdGlvbgogIC0gY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQtc2VydmljZS1hY2NvdW50LWFjY2Vzcy1kZW5pZWQKZGVzY3JpcHRpb246ICJLdWJlcm5ldGVzIGF1ZGl0IGxvZyBzdXBwb3J0OiBkZXRlY3Qgc2VjdXJpdHkgc2Vuc2l0aXZlIGV2ZW50cyBpbiBhIGNsdXN0ZXIiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0ga3ViZXJuZXRlcwogIC0gbm90aWZpY2F0aW9uCiAgLSBhdWRpdAoK", "description": "Kubernetes audit log support: detect security sensitive events in a cluster", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/k8s-audit" ], "scenarios": [ "crowdsecurity/k8s-audit-anonymous-access", "crowdsecurity/k8s-audit-api-server-bruteforce", "crowdsecurity/k8s-audit-pod-host-network", "crowdsecurity/k8s-audit-pod-exec", "crowdsecurity/k8s-audit-pod-host-path-volume", "crowdsecurity/k8s-audit-privileged-pod-creation", "crowdsecurity/k8s-audit-service-account-access-denied" ] }, "crowdsecurity/kasm": { "path": "collections/crowdsecurity/kasm.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4e228f3fca8480631574e00b5821384f846d1d9e636b6fa4461525a914ed790b", "deprecated": false } }, "long_description": "IyMjIEtBU00gd29ya3NwYWNlcyBwYXJzZXIKClRoaXMgY29sbGVjdGlvbiBhZGQgcGFyc2VyIHN1cHBvcnQgZm9yIGthc20ganNvbiBsb2cgb3V0cHV0LCBhbHNvIGEgYmFzZSBzY2VuYXJpbyB0byBkZXRlY3QgYnJ1dGVmb3JjZSBsb2dpbiBhdHRlbXB0cy4KCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL29wdC9rYXNtL2N1cnJlbnQvbG9nL2FwaV9zZXJ2ZXJfanNvbi5sb2cKbGFiZWxzOgogIHR5cGU6IGthc20KYGBg", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkva2FzbS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkva2FzbS1icnV0ZWZvcmNlCmRlc2NyaXB0aW9uOiAia2FzbSB3b3Jrc3BhY2VzIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlZm9yY2Ugc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0ga2FzbQogIC0gYnJ1dGVmb3JjZQo=", "description": "kasm workspaces support : parser and bruteforce scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/kasm-logs" ], "scenarios": [ "crowdsecurity/kasm-bruteforce" ] }, "crowdsecurity/linux": { "path": "collections/crowdsecurity/linux.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8d16483218a979b84549fb020b0342feea3d1f4951294b6994d33a9b7214842f", "deprecated": false }, "0.2": { "digest": "baaa37b12b4d734fab81ae01ff81c58ceb7a99304f21e6bb6ff86b871ed6d5eb", "deprecated": false } }, "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=", "description": "core linux support : syslog+geoip+ssh", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "collections": [ "crowdsecurity/sshd" ] }, "crowdsecurity/linux-lpe": { "path": "collections/crowdsecurity/linux-lpe.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a68ef0b517c988b50b3cdc0d84702b2f70e621d29378b9782b2e037bf6663458", "deprecated": false }, "0.2": { "digest": "fd4a1d641522646b438dcf6572eddee3196c21bbc4dc75907515fd25e4f27578", "deprecated": false } }, "long_description": "IyMgTG9jYWwgUHJpdmlsZWdlIEVzY2FsYXRpb24gRGV0ZWN0aW9uCgpUaGlzIGNvbGxlY3Rpb24gYWltcyBhdCBkZXRlY3RpbmcgKHdoZW4gcG9zc2libGUpIGxvY2FsIHByaXZpbGVnZSBlc2NhbGF0aW9uIGF0dGFja3MuCgogLSBDVkUtMjAyMS00MDM0IDogRGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBwa2V4ZWMgdnVsbmVyYWJpbGl0eQoKOndhcm5pbmc6IFBsZWFzZSBub3RlIHRob3NlIHNjZW5hcmlvcyBhcmUgZGV0ZWN0aW9uIG9ubHksIGFuZCBhcmUgdmVyeSBsaWtlbHkgdG8gYmUgYnlwYXNzZWQgYnkgc21hcnQgYXR0YWNrZXJzLCBkbyBub3QgcmVseSBzb2xlbHkgb24gdGhlbSA6d2FybmluZzoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9hdXRoLmxvZwogIC0gL3Zhci9sb2cva2Vybi5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCklmIHlvdSB3YW50IHRvIGdldCBrZXJuZWwgbG9nIHRocm91Z2ggam91cm5hbGN0bApgYGAKc291cmNlOiBqb3VybmFsY3RsCmpvdXJuYWxjdGxfZmlsdGVyOgogIC0gIi1rIgpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYAoKbm90ZXMgOgogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCiAtICBDVkUtMjAyMy00OTExIG5lZWRzIGtlcm5lbCBsb2cgZGV0ZWN0aW9uLCBlaXRoZXIga2Vybi5sb2cgb3IgdGhyb3VnaCBqb3VybmFsY3RsIGZpbHRlcmluZwoK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGtleGVjLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvc2VnZmF1bHQtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIxLTQwMzQKICAtIGNyb3dkc2VjdXJpdHkvQ1ZFLTIwMjMtNDkxMQpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvbGludXgKZGVzY3JpcHRpb246ICJMaW51eCBMb2NhbCBQcml2aWxlZ2UgRXNjYWxhdGlvbiBjb2xsZWN0aW9uIDogZGV0ZWN0IHRyaXZpYWwgTFBFcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gcHJpdnNlYwogIC0gbHBlCgoK", "description": "Linux Local Privilege Escalation collection : detect trivial LPEs", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/pkexec-logs", "crowdsecurity/segfault-logs" ], "scenarios": [ "crowdsecurity/CVE-2021-4034", "crowdsecurity/CVE-2023-4911" ], "collections": [ "crowdsecurity/linux" ] }, "crowdsecurity/litespeed": { "path": "collections/crowdsecurity/litespeed.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c3bfb3dea73e8880ca0598b4ede129f0468361cadabd7ce214f92598348da97e", "deprecated": false } }, "long_description": "IyMgTGl0ZXNwZWVkIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgbGl0ZXNwZWVkIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBsaXRlc3BlZWQgcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCiAtIEJydXRlZm9yY2UgYWdhaW5zdCBsaXRlc3BlZWQgYWRtaW4gVUkKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdXNyL2xvY2FsL2xzd3MvWU9VUlZIT1NUL2xvZ3MvKi5sb2cKICAtIC91c3IvbG9jYWwvbHN3cy9hZG1pbi9sb2dzLyoubG9nCiAgLSAvdXNyL2xvY2FsL2xzd3MvbG9ncy8qLmxvZwpsYWJlbHM6CiAgdHlwZTogbGl0ZXNwZWVkCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbGl0ZXNwZWVkLWxvZ3MKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtaHR0cC1zY2VuYXJpb3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtYWRtaW4tYmYKZGVzY3JpcHRpb246ICJsaXRlc3BlZWQgc3VwcG9ydCA6IHBhcnNlciBhbmQgZ2VuZXJpYyBodHRwIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaXRlc3BlZWQKICAtIGNyYXdsCiAgLSBzY2FuCgo=", "description": "litespeed support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/litespeed-logs" ], "scenarios": [ "crowdsecurity/litespeed-admin-bf" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/magento": { "path": "collections/crowdsecurity/magento.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9ed2119aafbc789322dcde0e88a1df2912764b98c5e978edb001b67e610f31ad", "deprecated": false } }, "long_description": "IyMgTWFnZW50byBjb2xsZWN0aW9uCgpUaGlzIE1hZ2VudG8gY29sbGVjdGlvbiBzdXBwb3J0cyA6CiAtIFBhcnNlciBmb3IgdGhlIFtDcm93ZFNlYyBNYWdlbnRvIEV4dGVuc2lvbl0oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2JvdW5jZXJzL2NzLW1hZ2VudG8tYm91bmNlcikKIC0gV2ViIGF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIENyZWRpdCBjYXJkIHN0dWZmaW5nIGRldGVjdGlvbiBmcm9tIGEgc2luZ2xlIElQCiAtIERpc3RyaWJ1dGVkIENyZWRpdCBjYXJkIHN0dWZmaW5nIGZyb20gc2FtZSBjb3VudHJ5CgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvd3d3L2h0bWwvbWFnZW50bzIvdmFyL2xvZy9jcm93ZHNlYy1ldmVudHMubG9nCmxhYmVsczoKICB0eXBlOiBtYWdlbnRvLWV4dGVuc2lvbgpgYGAKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgoKCltIZXJlIGlzIHRoZSBkb2N1bWVudGF0aW9uXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1tYWdlbnRvLWJvdW5jZXIvYmxvYi9tYWluL2RvYy9VU0VSX0dVSURFLm1kI2V2ZW50cykgdG8gZW5hYmxlIGBFdmVudCBMb2dnaW5nYCBpbiB5b3VyIE1hZ2VudG8gQm91bmNlci4=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvbWFnZW50by1leHRlbnNpb24tbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2dlb2lwLWVucmljaApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtbWFnZW50by1iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWNvdW50cnkKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1tYWdlbnRvLWNjcy1ieS1hcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzCmRlc2NyaXB0aW9uOiAiTWFnZW50byBjb2xsZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIG1hZ2VudG8KICAtIGh0dHAKCg==", "description": "Magento collection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "crowdsecurity/magento-extension-logs", "crowdsecurity/dateparse-enrich", "crowdsecurity/geoip-enrich" ], "scenarios": [ "crowdsecurity/http-magento-bf", "crowdsecurity/http-magento-ccs-by-country", "crowdsecurity/http-magento-ccs-by-as", "crowdsecurity/http-magento-ccs" ] }, "crowdsecurity/mariadb": { "path": "collections/crowdsecurity/mariadb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "88ec0daef18bbbce68c6ae2c0593cf152973221efb630a745f7cbb34feb80ff8", "deprecated": false } }, "long_description": "IyMgTWFyaWFEQiBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIG1hcmlhZGIgc2VydmljZSA6CiAtIG1hcmlhZGIgbG9ncyBwYXJzZXIKIC0gYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKbGFiZWxzOgogIHR5cGU6IG1hcmlhZGIKYGBgCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1iZgpkZXNjcmlwdGlvbjogIm1hcmlhZGIgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbWFyaWFkYgogIC0gYnJ1dGVmb3JjZQo=", "description": "mariadb support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mariadb-logs" ], "scenarios": [ "crowdsecurity/mariadb-bf" ] }, "crowdsecurity/modsecurity": { "path": "collections/crowdsecurity/modsecurity.yaml", "version": "0.1", "versions": { "0.1": { "digest": "530454a9dbdb3800f62de4b8ba7d6ed2160b4e533d577c52393f5f286df2b615", "deprecated": false } }, "long_description": "IyMgTW9kc2VjdXJpdHkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBtb2RzZWN1cml0eSAodGVzdGVkIG9ubHkgd2l0aCBBcGFjaGUpOgogLSBtb2RzZWN1cml0eSBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5YAogLSBtb2RzZWN1cml0eSBzY2VuYXJpbzogYGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXBhY2hlMi8qLmxvZwogIC0gL3Zhci9sb2cvbmdpbngvKi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vZHNlY3VyaXR5CmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIm1vZHNlY3VyaXR5IHN1cHBvcnQgOiBtb2RzZWN1cml0eSBwYXJzZXIgYW5kIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3ZWIKICAtIHdhZg==", "description": "modsecurity support : modsecurity parser and scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/modsecurity" ], "scenarios": [ "crowdsecurity/modsecurity" ] }, "crowdsecurity/mssql": { "path": "collections/crowdsecurity/mssql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "109bf56d5781fca733b958588338370d2196a2c3e490eccb94c56df6341a3ba8", "deprecated": false } }, "long_description": "IyMgTVNTUUwgQ29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBNU1NRTCA6CiAtIG1zc3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAKICMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApzb3VyY2U6IHdpbmV2ZW50bG9nCmV2ZW50X2NoYW5uZWw6IEFwcGxpY2F0aW9uCmV2ZW50X2lkczoKIC0gMTg0NTYKZXZlbnRfbGV2ZWw6IGluZm9ybWF0aW9uCmxhYmVsczoKIHR5cGU6IGV2ZW50bG9nCmBgYAoKbm90ZXM6CiAtICBZb3UgbmVlZCB0byBlbmFibGUgZmFpbGVkIGxvZ2luIGxvZ3MgKHdoaWNoIHNob3VsZCBiZSBvbiBieSBkZWZhdWx0KQ==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L21zc3FsLWJmCmRlc2NyaXB0aW9uOiAibXNzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBtc3NxbAogIC0gYnJ1dGVmb3JjZQo=", "description": "mssql support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mssql-logs" ], "scenarios": [ "crowdsecurity/mssql-bf" ] }, "crowdsecurity/mysql": { "path": "collections/crowdsecurity/mysql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "77e63a6deedaedc15457691e8631633c15663e796f9e896331d64aa3614fdafc", "deprecated": false } }, "long_description": "IyMgTXlTUUwgQ29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBteXNxbCBzZXJ2aWNlcyA6CiAtIG15c3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAKICMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKbGFiZWxzOgogIHR5cGU6IG15c3FsCmBgYAoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAibXlzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbXlzcWwKICAtIGJydXRlZm9yY2UK", "description": "mysql support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/mysql-logs" ], "scenarios": [ "crowdsecurity/mysql-bf" ] }, "crowdsecurity/naxsi": { "path": "collections/crowdsecurity/naxsi.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cd093e3b26795e8ae86898a585ef77509dc988c4841ea49ba61795a7c849b06e", "deprecated": false } }, "long_description": "IyMgTmF4c2kgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRldGVjdCB2aXJ0dWFsIHBhdGNoIHZpb2xhdGlvbnMgOgogLSBuYXhzaSBsb2dzIHBhcnNlcgogLSB2cGF0Y2ggaGlnaCBpZCAoPjk5OTkpIHRyaWdnZXIgcnVsZQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueApgYGAKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9uYXhzaS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmF4c2ktZXhwbG9pdC12cGF0Y2gKZGVzY3JpcHRpb246ICJuYXhzaSBzdXBwb3J0IDogcGFyc2VyIGFuZCB2cGF0Y2ggc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuYXhzaQogIC0gZXhwbG9pdAoK", "description": "naxsi support : parser and vpatch scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-logs", "crowdsecurity/naxsi-logs" ], "scenarios": [ "crowdsecurity/naxsi-exploit-vpatch" ] }, "crowdsecurity/nextcloud": { "path": "collections/crowdsecurity/nextcloud.yaml", "version": "0.3", "versions": { "0.1": { "digest": "970735016eb78b0d0c722d7ed426b0edc1efd603547bf8cd5d68c57484e7a855", "deprecated": false }, "0.2": { "digest": "a60b9e37b9f440f290632cdc20832b5a53ce9b59b3ce1d926b4ef40b49776c34", "deprecated": false }, "0.3": { "digest": "d2da4c1ec583f676030446419b7cc2e1b02935965c1ba7f10ffe8fce0e1f4182", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTmV4dGNsb3VkXShodHRwczovL25leHRjbG91ZC5jb20pIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBOZXh0Y2xvdWQgcGFyc2VyCiAtIE5leHRjbG91ZCBicnV0ZWZvcmNlLCBlbnVtZXJhdGlvbiBhbmQgdHJ1c3RlZCBkb21haW4gZGV0ZWN0aW9uCgo+IENvbnRyaWJ1dGVkIGJ5IEjDpXZhcmQgTW9lbiBhbmQgYTFhZAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCgogRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci93d3cvbmV4dGNsb3VkL2RhdGEvbmV4dGNsb3VkLmxvZwpsYWJlbHM6CiAgdHlwZTogTmV4dGNsb3VkCmBgYAoKYGBgeWFtbAotLS0Kc291cmNlOiBqb3VybmFsY3RsCmpvdXJuYWxjdGxfZmlsdGVyOgogIC0gIlNZU0xPR19JREVOVElGSUVSPU5leHRjbG91ZCIKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKLSBVc2UgdGhlIGZpbGVuYW1lIHZlcnNpb24gaWYgeW91IGhhdmUgdGhlIGRlZmF1bHQgW3NldHRpbmddKGh0dHBzOi8vZG9jcy5uZXh0Y2xvdWQuY29tL3NlcnZlci9zdGFibGUvYWRtaW5fbWFudWFsL2NvbmZpZ3VyYXRpb25fc2VydmVyL2NvbmZpZ19zYW1wbGVfcGhwX3BhcmFtZXRlcnMuaHRtbD9oaWdobGlnaHQ9bG9nbGV2ZWwjbG9nZ2luZykgb2YgbG9nZ2luZyB0byBmaWxlCi0gVXNlIHRoZSBqb3VybmFsY3RsIHZlcnNpb24gaWYgeW91IGFyZSBzZW5kaW5nIGxvZ3MgdG8gc3lzbG9nIG9yIHN5c3RlbWQgYW5kIHJlYWQgdGhlIGxvZ3MgZnJvbSBqb3VybmFsZAo=", "content": "LS0tCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC13aGl0ZWxpc3QKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9uZXh0Y2xvdWQtYmYKZGVzY3JpcHRpb246ICJOZXh0Y2xvdWQgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZWZvcmNlCiAgLSBuZXh0Y2xvdWQK", "description": "Nextcloud support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nextcloud-logs", "crowdsecurity/nextcloud-whitelist" ], "scenarios": [ "crowdsecurity/nextcloud-bf" ] }, "crowdsecurity/nginx": { "path": "collections/crowdsecurity/nginx.yaml", "version": "0.2", "versions": { "0.1": { "digest": "5ef06c9a84fbea5b01d901a6a23d5de8de811da5036e5ec4f6a8d00fb096805b", "deprecated": false }, "0.2": { "digest": "334f7e5626a83c576af2dec1360b760991d09b6f418590a174748a4ca00bd1e4", "deprecated": false } }, "long_description": "IyMgTmdpbnggY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBuZ2lueCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gbmdpbnggcGFyc2VyIChzdXBwb3J0IGFsc28gaW5ncmVzcyBuZ2lueCBjb250cm9sbGVyIGRlZmF1bHQgW2xvZ19mb3JtYXRdKGh0dHBzOi8va3ViZXJuZXRlcy5naXRodWIuaW8vaW5ncmVzcy1uZ2lueC91c2VyLWd1aWRlL25naW54LWNvbmZpZ3VyYXRpb24vbG9nLWZvcm1hdC8pKQogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L25naW54LXJlcS1saW1pdC1leGNlZWRlZApkZXNjcmlwdGlvbjogIm5naW54IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBjcmF3bAogIC0gc2NhbgoK", "description": "nginx support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-logs" ], "scenarios": [ "crowdsecurity/nginx-req-limit-exceeded" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/nginx-proxy-manager": { "path": "collections/crowdsecurity/nginx-proxy-manager.yaml", "version": "0.1", "versions": { "0.1": { "digest": "fcde72227c4fc913f5472fff55e041aef913a0a4a0143f0ad8ef29bdc2e4e7f9", "deprecated": false } }, "long_description": "IyMgTmdpbnggUHJveHkgTWFuYWdlciBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIG5naW54IGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBbTmdpbnggUHJveHkgTWFuYWdlcl0oaHR0cHM6Ly9naXRodWIuY29tL05naW54UHJveHlNYW5hZ2VyL25naW54LXByb3h5LW1hbmFnZXIpIHBhcnNlcgogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIH4vZGF0YS9sb2dzLyoubG9nCmxhYmVsczoKICB0eXBlOiBuZ2lueC1wcm94eS1tYW5hZ2VyCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGNvbmZpZ3VyYXRpb24sIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtcHJveHktbWFuYWdlci1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiTmdpbnggUHJveHkgTWFuYWdlciBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBuZ2lueAogIC0gbmdpbngtcHJveHkKICAtIGNyYXdsCiAgLSBzY2Fu", "description": "Nginx Proxy Manager support : parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/nginx-proxy-manager-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/odoo": { "path": "collections/crowdsecurity/odoo.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7b9b2323ffda7ffd8a48aea52b8424bc12a58d0047bb9bebb2cf030c5fa088c9", "deprecated": false } }, "long_description": "IyMgT2RvbyBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIE9kb28gYWdhaW5zdCBjb21tb24gYXR0YWNrczoKIC0gT2RvbyBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcyBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKIC0gZGV0ZWN0IHVzZXIgZW51bWVyYXRpb24KCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvb2Rvby8qLmxvZwpsYWJlbHM6CiAgdHlwZTogb2RvbwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvb2Rvby1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvb2Rvby1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJPZG9vIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlL3VzZXIgZW51bWVyYXRpb24gZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGVycAogIC0gb2RvbwogIC0gYnJ1dGVmb3JjZQo=", "description": "Odoo support : parser and brute-force/user enumeration detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/odoo-logs" ], "scenarios": [ "crowdsecurity/odoo-bf_user-enum" ] }, "crowdsecurity/opnsense": { "path": "collections/crowdsecurity/opnsense.yaml", "version": "0.4", "versions": { "0.1": { "digest": "2e389ca4cda774d45d19657579cee7bd735b62147875f333b8cd072ed4b91a04", "deprecated": false }, "0.2": { "digest": "bfac0c94acc89565c80ed1be59b655d8ba718b0b0097bf9da378ee4f24a4d02d", "deprecated": false }, "0.3": { "digest": "754157043e75342b8d6f4e0ae195657027473055072f7d22720d557a2f2e1c0d", "deprecated": false }, "0.4": { "digest": "6cef916d409c4c75d69b22b5c65d2dc9ff83246cdb03e0650895ae7f213c04ab", "deprecated": false } }, "long_description": "IyMgT1BOc2Vuc2UgY29sbGVjdGlvbgoKVGhpcyBPUE5zZW5zZSBjb2xsZWN0aW9uIHN1cHBvcnRzIDoKIC0gc3NoIHBhcnNlcnMgJiBicnV0ZWZvcmNlIGRldGVjdGlvbgogLSB3ZWIgYXV0aGVudGljYXRpb24gYnJ1dGVmb3JjZSBkZXRlY3Rpb24KIC0gcG9ydCBzY2FuIGRldGVjdGlvbgo=", "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVic2QKICAtIGNyb3dkc2VjdXJpdHkvb3Buc2Vuc2UtZ3VpCiAgLSBmaXJld2FsbHNlcnZpY2VzL3BmCmRlc2NyaXB0aW9uOiAiY29yZSBvcG5zZW5zZSBzdXBwb3J0IgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGZyZWVic2QK", "description": "core opnsense support", "author": "crowdsecurity", "labels": null, "collections": [ "crowdsecurity/freebsd", "crowdsecurity/opnsense-gui", "firewallservices/pf" ] }, "crowdsecurity/opnsense-gui": { "path": "collections/crowdsecurity/opnsense-gui.yaml", "version": "0.1", "versions": { "0.1": { "digest": "91be3b0655e3de8a1c82787dadf1521c1ad1489e5798b5b9e2cdf3df0fc7cd1d", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIGF1dGhlbnRpY2F0aW9uIGNvbGxlY3Rpb24KClN1cHBvcnQgdG8gZGV0ZWN0IGJydXRlZm9yY2Ugb24gdGhlIE9QTlNlbnNlIHdlYiBwb3J0YWwK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvb3Buc2Vuc2UtZ3VpLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9vcG5zZW5zZS1ndWktYmYKZGVzY3JpcHRpb246ICJPUE5TZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBvcG5zZW5zZQogIC0gYnJ1dGVmb3JjZQogIC0gc2NhbgoKCg==", "description": "OPNSense web authentication support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/opnsense-gui-logs" ], "scenarios": [ "crowdsecurity/opnsense-gui-bf" ] }, "crowdsecurity/palo-alto": { "path": "collections/crowdsecurity/palo-alto.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2976ac04400d43a55cbe7a7e6c62ba784c5e7b55bcf14c566d25e7218a87f526", "deprecated": false } }, "long_description": "IyMgUGFsbyBBbHRvIGNvbGxlY3Rpb24KClRoaXMgY29sbGVjdGlvbiBzdXBwb3J0OgogLSBQYXJzZXIgZm9yIFtQYWxvIEFsdG8gVGhyZWF0IExvZ10oaHR0cHM6Ly9kb2NzLnBhbG9hbHRvbmV0d29ya3MuY29tL3Bhbi1vcy85LTEvcGFuLW9zLWFkbWluL21vbml0b3JpbmcvdXNlLXN5c2xvZy1mb3ItbW9uaXRvcmluZy9zeXNsb2ctZmllbGQtZGVzY3JpcHRpb25zL3RocmVhdC1sb2ctZmllbGRzKQogLSBTY2VuYXJpbyB0cmlnZ2VyIGZvciBJUCByZXBvcnRlZCB3aXRoIGEgdGhyZWF0IHNldmVyaXR5IGhpZ2hlciBvciBlcXVhbCB0aGFuIGBtZWRpdW1gCgpOb3RlOiBJdCBpcyBleHBlY3RlZCBmb3IgdGhlIGFkbWluIHRvIGZvcndhcmQgUGFsbyBBbHRvIGxvZ3MgdG8gYW4gZXhpc3RpbmcgZmFjaWxpdHkgKG9yIGRpcmVjdGx5IHRvIENyb3dkU2VjIHN5c2xvZyBzZXJ2ZXIpIHRvIHJlYWQgdGhlIGxvZ3Mgb2YgUGFsbyBBbHRvIHdpdGggQ3Jvd2RTZWMuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gPHBhdGhfdG9fcGFsb19hbHRvX2xvZ19maWxlPgpsYWJlbHM6CiAgdHlwZTogcGFsby1hbHRvLXRocmVhdApgYGAKCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGFsby1hbHRvLXRocmVhdC1sb2cKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9wYWxvLWFsdG8tdGhyZWF0CmRlc2NyaXB0aW9uOiAiUGFsbyBBbHRvIHN1cHBvcnQgOiBQYXJzZXIgYW5kIHNjZW5hcmlvcyBmb3IgUGFsbyBBbHRvIFRocmVhdCBMb2ciCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gcGFsby1hbHRvCg==", "description": "Palo Alto support : Parser and scenarios for Palo Alto Threat Log", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/palo-alto-threat-log" ], "scenarios": [ "crowdsecurity/palo-alto-threat" ] }, "crowdsecurity/pfsense": { "path": "collections/crowdsecurity/pfsense.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b0e0d8b751b34cc9d63268169a51849182039aa17ea78093a80da9d302756b97", "deprecated": false }, "0.2": { "digest": "cc77813340e5e49379dcae520d2da5b2d5b9451eca6cbe7f5a68b6f9ad302d75", "deprecated": false } }, "long_description": "IyMgcGZTZW5zZSBjb2xsZWN0aW9uCgpUaGlzIHBmU2Vuc2UgY29sbGVjdGlvbiBzdXBwb3J0cyA6CiAtIHNzaCBwYXJzZXJzICYgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KIC0gd2ViIGF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIHBvcnQgc2NhbiBkZXRlY3Rpb24K", "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVic2QKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWkKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngKICAtIGZpcmV3YWxsc2VydmljZXMvcGYKZGVzY3JpcHRpb246ICJjb3JlIHBmc2Vuc2Ugc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCg==", "description": "core pfsense support", "author": "crowdsecurity", "labels": null, "collections": [ "crowdsecurity/freebsd", "crowdsecurity/pfsense-gui", "crowdsecurity/nginx", "firewallservices/pf" ] }, "crowdsecurity/pfsense-gui": { "path": "collections/crowdsecurity/pfsense-gui.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5e3c9d329eb515265634bcb8684180c2df2d01431273b6d1a9123e972109f408", "deprecated": false } }, "long_description": "IyMgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gY29sbGVjdGlvbgoKU3VwcG9ydCB0byBkZXRlY3QgYnJ1dGVmb3JjZSBvbiB0aGUgcGZTZW5zZSB3ZWIgcG9ydGFsCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bmc2Vuc2UtZ3VpLWJmCmRlc2NyaXB0aW9uOiAicGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBwZnNlbnNlCiAgLSBicnV0ZWZvcmNlCiAgLSBzY2FuCg==", "description": "pfSense web authentication support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/pfsense-gui-logs" ], "scenarios": [ "crowdsecurity/pfsense-gui-bf" ] }, "crowdsecurity/pgsql": { "path": "collections/crowdsecurity/pgsql.yaml", "version": "0.1", "versions": { "0.1": { "digest": "78408615dfdfa97075b37dc7533b3d682b57293053aae5522ee3cd7b5825be02", "deprecated": false } }, "long_description": "IyMgUG9zdGdyZVNRTCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvc3RncmVzcWwgc2VydmljZXMgOgogLSBwZ3NxbCBsb2dzIHBhcnNlcgogLSBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL3Bvc3RncmVzcWwvKi5sb2cKbGFiZWxzOgogIHR5cGU6IHBvc3RncmVzCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGdzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsLWJmCmRlc2NyaXB0aW9uOiAicG9zdGdyZXMgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gcGdzcWwKICAtIHBvc3RncmVzCiAgLSBicnV0ZWZvcmNlCg==", "description": "postgres support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/pgsql-logs" ], "scenarios": [ "crowdsecurity/pgsql-bf" ] }, "crowdsecurity/postfix": { "path": "collections/crowdsecurity/postfix.yaml", "version": "0.2", "versions": { "0.1": { "digest": "81767bab91a7a071d8d32f3227f2391744eef5ba6a4cf916a96ec8183d050ae0", "deprecated": false }, "0.2": { "digest": "b4cceea527807a9fe70f673ef34e0d7d4372267d665fbbe164f0d6a1a3531a2e", "deprecated": false } }, "long_description": "IyMgUG9zdGZpeCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvc3RmaXgKICogcG9zdGZpeCBsb2cgcGFyc2VycwogKiBwb3N0c2NyZWVuIGxvZyBwYXJzZXIKICogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdAogKiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0CgpUaGlzIGNvbGxlY3Rpb24gbW9zdGx5IGFpbXMgYXQgZ2V0dGluZyBhIHNpbWlsYXIgc3BhbSBwcm90ZWN0aW9uIGFzCnRoZSBub3JtYWwgZmFpbDJiYW4gcG9zdGZpeCBjb25maWd1cmF0aW9uIGFsdGhvdWdoIHBvc3RzY3JlZW4gbG9nCm1hbmFnZW1lbnQgaXNuJ3QgaW5jbHVkZWQgYnkgZGVmYXVsdCBieSBmYWlsMmJhbi4KCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbWFpbC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbQpkZXNjcmlwdGlvbjogInBvc3RmaXggc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK", "description": "postfix support : parser and spammer detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/postfix-logs", "crowdsecurity/postscreen-logs" ], "scenarios": [ "crowdsecurity/postfix-spam" ] }, "crowdsecurity/proftpd": { "path": "collections/crowdsecurity/proftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6f98f64784109c356578bf50c7b296c5936bddfd5a206f25d39f92f504ea04ad", "deprecated": false } }, "long_description": "IyMgUHJvRlRQRCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIHByb2Z0cGQgYWdhaW5zdCBjb21tb24gYXR0YWNrczoKIC0gcHJvZnRwZCBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKIC0gZGV0ZWN0IHVzZXIgZW51bWVyYXRpb24KCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvcHJvZnRwZC8qLmxvZwpsYWJlbHM6CiAgdHlwZTogcHJvZnRwZApgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcHJvZnRwZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvcHJvZnRwZC1iZgogIC0gY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogInByb2Z0cGQgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UvdXNlciBlbnVtZXJhdGlvbiBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHByb2Z0cGQKICAtIGJydXRlZm9yY2UKCg==", "description": "proftpd support : parser and brute-force/user enumeration detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/proftpd-logs" ], "scenarios": [ "crowdsecurity/proftpd-bf", "crowdsecurity/proftpd-bf_user-enum" ] }, "crowdsecurity/smb": { "path": "collections/crowdsecurity/smb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9b87e4588319834b833778cc10602d906194d96b3fd6f8fdd8d1db7adf1a4abe", "deprecated": false } }, "long_description": "IyMgU01CIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgc21iIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIHNtYiBwYXJzZXIKIC0gZGV0ZWN0IGJydXRlZm9yY2UKCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc2FtYmEvbG9nLioKbGFiZWxzOgogIHR5cGU6IHNtYgpgYGAKCgpub3RlcyA6CiAtICBZb3UgbWF5IHRhcmdldCBhIG1vcmUgc3BlY2lmaWMgbG9nLCB1c3VhbHkgbG9nLjxET01BSU4+CiAtICBCZSBzdXJlIHRvIGhhdmUgdGhlIGFwcHJvcHJpYXRlIGxvZyBsZXZlbCBpbiB5b3VyIHNtYi5jb25mCiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9zbWItYmYKZGVzY3JpcHRpb246ICJzbWIgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2Ugc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNtYgogIC0gYnJ1dGVmb3JjZQoK", "description": "smb support : parser and brute-force scenario", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/smb-logs" ], "scenarios": [ "crowdsecurity/smb-bf" ] }, "crowdsecurity/sshd": { "path": "collections/crowdsecurity/sshd.yaml", "version": "0.3", "versions": { "0.1": { "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3", "deprecated": false }, "0.2": { "digest": "72f6329808fafbb42da52cc6476a6e794d0a1ae5b3847e0060cf23593dd40352", "deprecated": false }, "0.3": { "digest": "31d549124634df1d13e67f0903b10c1816690589f4d6add6fec0ed74d30499bb", "deprecated": false } }, "long_description": "IyMgU1NIRCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIHNzaGQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIHNzaCBwYXJzZXIKIC0gc3NoIGJydXRlZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KIC0gc3NoICdzbG93JyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCgpub3RlcyA6CiAtICBJZiB5b3UgYXJlIHVzaW5nIGBzeXNsb2dgLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkCiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24KCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9iZl9iYXNlCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK", "description": "sshd support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/sshd-logs" ], "scenarios": [ "crowdsecurity/ssh-bf", "crowdsecurity/ssh-slow-bf" ], "contexts": [ "crowdsecurity/bf_base" ] }, "crowdsecurity/sshd-impossible-travel": { "path": "collections/crowdsecurity/sshd-impossible-travel.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7ed01cfd256c6e46819ed63812200c988280894a9497623fbd1591237f4c8da2", "deprecated": false } }, "long_description": "IyBUaGlzIGNvbGxlY3Rpb24gY292ZXJzIHNzaGQgYW5kIHdpbGwgKipOT1QqKiB0YWtlIHJlbWVkaWF0aW9uIGFjdGlvbnMgYnkgZGVmYXVsdC4KCkRldGVjdCBzdWNjZXNzZnVsIGxvZ2luIGZyb20gYSBjb3VudHJ5IHRvIGFub3RoZXIgY291bnRyeSBpbiBhIHNob3J0IHBlcmlvZCBvZiB0aW1lLiBUaGlzIGlzIGEgc3Ryb25nIGluZGljYXRvciBvZiBhIGNvbXByb21pc2VkIGFjY291bnQuCgpUaGUgcmVhc29uIHdoeSB3ZSBoYXZlIHNldCByZW1lZGlhdGlvbiB0byBmYWxzZSBieSBkZWZhdWx0IGlzIHdlIGRvbid0IHdhbnQgdG8gbG9jayBvdXQgbGVnaXRpbWF0ZSB1c2VycyBhbmQgd2FudCB5b3UgdG8gZnVsbHkgdW5kZXJzdGFuZCBob3cgdGhlIGNvbGxlY3Rpb24gd29ya3MgYmVmb3JlIHlvdSBqdW1wIGluIGZlZXQgZmlyc3QuCgpZb3UgY2FuIGVuYWJsZSByZW1lZGlhdGlvbiBieSBzZXR0aW5nIHJlbWVkaWF0aW9uIGxhYmVsIHdpdGhpbiBgY3Jvd2RzZWN1cml0eS9pbXBvc3NpYmxlLXRyYXZlbC55YW1sYCB0byBgdHJ1ZWAgd2l0aGluIHRoZSBgc2NlbmFyaW9zYCBmb2xkZXIuCgpZb3UgY2FuIGVuYWJsZSB1c2VyIHJlbWVkaWF0aW9uIGJ5IHNldHRpbmcgcmVtZWRpYXRpb24gbGFiZWwgd2l0aGluIGBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsLXVzZXIueWFtbGAgdG8gYHRydWVgIHdpdGhpbiB0aGUgYHNjZW5hcmlvc2AgZm9sZGVyIGFuZCB5b3UgbXVzdCBhZGQgYSBwcm9maWxlcyB0byBoYW5kbGUgdGhpcyBzY29wZSBleGFtcGxlOgoKYGBgeWFtbAojL2V0Yy9jcm93ZHNlYy9wcm9maWxlcy55YW1sLmxvY2FsCm5hbWU6IHVzZXJuYW1lX3RlbXBfYmFuCmZpbHRlcnM6CiAtICdBbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlICYmIEFsZXJ0LkdldFNjb3BlKCkgPT0gInVzZXJuYW1lIicKZGVjaXNpb25zOgogIC0gdHlwZTogdGVtcGJhbgogICAgc2NvcGU6ICJ1c2VybmFtZSIKICAgIGR1cmF0aW9uOiAxMmgKb25fc3VjY2VzczogYnJlYWsKYGBgCiMjIyMgSG93ZXZlciwgbW9zdCBib3VuY2VycyBkb250IGtub3cgaG93IHRvIGhhbmRsZSB1c2VyIHJlbWVkaWF0aW9uIEkgd2lsbCBhcHBlbmQgYSBibG9nIHBvc3Qgb24gaG93IHRvIGhhbmRsZSB0aGlzIGluIHRoZSBmdXR1cmUu", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1zdWNjZXNzLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9pbXBvc3NpYmxlLXRyYXZlbAogIC0gY3Jvd2RzZWN1cml0eS9pbXBvc3NpYmxlLXRyYXZlbC11c2VyCmRlc2NyaXB0aW9uOiAic3NoZCBzdWNjZXNzOiBwYXJzZXIgYW5kIGltcG9zc2libGUgdHJhdmVsIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBzc2gKICAtIGluc2lkZS10aHJlYXQK", "description": "sshd success: parser and impossible travel", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/sshd-success-logs" ], "scenarios": [ "crowdsecurity/impossible-travel", "crowdsecurity/impossible-travel-user" ] }, "crowdsecurity/supabase-compose": { "path": "collections/crowdsecurity/supabase-compose.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c96259bfa2e7e0d2782b945de44840f55721d05f3324ada1866fcbb0cdaa6462", "deprecated": false }, "0.2": { "digest": "5d79c29d476579ef89c2656b563ec30736200015707eeae5ff918872115ecd40", "deprecated": false } }, "long_description": "IyMgU3VwYWJhc2UgRG9ja2VyIENvbXBvc2UgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBbc2VsZiBob3N0ZWQgU3VwYWJhc2UgdmlhIGRvY2tlciBjb21wb3NlXShodHRwczovL2dpdGh1Yi5jb20vc3VwYWJhc2Uvc3VwYWJhc2UvYmxvYi9tYXN0ZXIvZG9ja2VyL2RvY2tlci1jb21wb3NlLnltbCkKICogUGFyc2VyIGZvciBLb25nIGFuZCBwb3N0Z3Jlc3FsCiAqIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCiAqIGJydXRlZm9yY2Ugc2NlbmFyaW9zIGZvciBwb3N0Z3Jlc3FsCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIHN1cGFiYXNlLWRiCmxhYmVsczoKICB0eXBlOiBwb3N0Z3JlcwotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIHN1cGFiYXNlLWtvbmcKbGFiZWxzOgogIHR5cGU6IG5naW54CmBgYAo=", "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L25naW54CnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L3N1cGFiYXNlLWRvY2tlci1wZ3NxbApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsLWJmCiAgLSBjcm93ZHNlY3VyaXR5L3Bnc3FsLXVzZXItZW51bQoKZGVzY3JpcHRpb246ICJzdXBhYmFzZSBkb2NrZXIgY29tcG9zZSBzdXBwb3J0IgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwZ3NxbAogIC0gcG9zdGdyZXMKICAtIGJydXRlZm9yY2UKICAtIG5naW54CiAgLSBzdXBhYmFzZQogIC0gZG9ja2VyLWNvbXBvc2UKICAtIGRvY2tlcgo=", "description": "supabase docker compose support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/supabase-docker-pgsql" ], "scenarios": [ "crowdsecurity/pgsql-bf", "crowdsecurity/pgsql-user-enum" ], "collections": [ "crowdsecurity/nginx" ] }, "crowdsecurity/suricata": { "path": "collections/crowdsecurity/suricata.yaml", "version": "0.1", "versions": { "0.1": { "digest": "6f5d4ed7c676be6082af86c8ff771a063808a5970cb56edb9c8161c9b8390466", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciB0aGUgW1N1cmljYXRhXShodHRwczovL3N1cmljYXRhLmlvLykgSURTL0lQUy4KVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIDoKIC0gUGFyc2VycyBmb3IgU3VyaWNhdGEgbG9ncyAoYm90aCBgZmFzdC5sb2dgIGFuZCBgZXZlLmpzb25gIGZvcm1hdHMpCiAtIFNjZW5hcmlvcyBmb3IgU3VyaWNhdGEgYWxlcnRzIDoKICAgLSB0cmlnZ2VyIGJhbiBvbiAqTWFqb3IqIChzZXZlcml0eToxKSBydWxlcwogICAtIHRyaWdnZXIgYmFuIG9uID4yICoqZGlzdGluY3QqKiBydWxlcyBvZiBzZXZlcml0eSAyCgoKTm90ZTogVGVzdGVkIHdpdGggU3VyaWNhdGEgNgoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZTogL3Zhci9sb2cvc3VyaWNhdGEvZXZlLmpzb24KbGFiZWxzOgogIHR5cGU6IHN1cmljYXRhLWV2ZWxvZ3MKYGBgCgoqKm9yKioKCmBgYHlhbWwKZmlsZW5hbWU6IC92YXIvbG9nL3N1cmljYXRhL2Zhc3QubG9nCmxhYmVsczoKICB0eXBlOiBzdXJpY2F0YS1mYXN0bG9ncwpgYGAKCm5vdGVzIDoKIC0gVXNpbmcgYm90aCBhY3F1aXNpdGlvbnMgc2ltdWx0YW5lb3VzbHkgd2lsbCBsZWFkIHRvIGRvdWJsZSBkZWNpc2lvbnMgb3IgdW5wcmVkaWN0YWJsZSBiZWhhdmlvci4gYGV2ZS5qc29uYCBzaG91bGQgYmUgcHJlZmVycmVkLgogLSBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWFsZXJ0cwpkZXNjcmlwdGlvbjogInN1cmljYXRhIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGF1dG9tYXRpYyByZW1lZGlhdGlvbiBvbiBoaWdoL21ham9yIGFsZXJ0cyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3VyaWNhdGEKICAtIElEUwoK", "description": "suricata support : parser and automatic remediation on high/major alerts", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/suricata-logs" ], "scenarios": [ "crowdsecurity/suricata-alerts" ] }, "crowdsecurity/synology-dsm": { "path": "collections/crowdsecurity/synology-dsm.yaml", "version": "0.2", "versions": { "0.1": { "digest": "cdd3722569d65100a93620001b867e7932407410b7de78b56f88c7a721f61ac6", "deprecated": false }, "0.2": { "digest": "6a2b5e562f0b6a4b9f1c03a05c73985e5326b7fa6d910f74a698fe182a951004", "deprecated": false } }, "long_description": "IyMgU3lub2xvZ3kgRFNNIGNvbGxlY3Rpb24KClRoaXMgU3lub2xvZ3kgRFNNIGNvbGxlY3Rpb24gc3VwcG9ydHMgOgogLSB3ZWIgYXV0aGVudGljYXRpb24gYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCg==", "content": "IyBTeW5vbG9neSBEU00gcGFyc2VycwpwYXJzZXJzOgogIC0gY3Jvd2RzZWN1cml0eS9zeW5vbG9neS1kc20tbG9ncwojIFN5bm9sb2d5IERTTSBjb2xsZWN0aW9ucwojY29sbGVjdGlvbnM6CiMgIC0gCiMgdGhlIGxpc3Qgb2YgcG9zdG92ZXJmbG93cyBpdCBjb250YWlucwojIHBvc3RvdmVyZmxvd3M6CiMgICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiMgdGhlIGxpc3Qgb2Ygc2NlbmFyaW9zIGl0IGNvbnRhaW5zCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3lub2xvZ3ktZHNtLWJmCmRlc2NyaXB0aW9uOiAiU3lub2xvZ3kgRFNNIHdlYiBhdXRoZW50aWNhdGlvbiBzdXBwb3J0IgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBzeW5vbG9neQogIC0gYnJ1dGVmb3JjZQogIC0gc2Nhbgo=", "description": "Synology DSM web authentication support", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/synology-dsm-logs" ], "scenarios": [ "crowdsecurity/synology-dsm-bf" ] }, "crowdsecurity/teamspeak3": { "path": "collections/crowdsecurity/teamspeak3.yaml", "version": "0.1", "versions": { "0.1": { "digest": "d5012c6747469f7c7d8dbf6f3f1e156593911d490b4cbe8f9cad237865858c7e", "deprecated": false } }, "long_description": "IyMgVGVhbXNwZWFrMyBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHRoZSBbVGVhbVNwZWFrXShodHRwczovL3RlYW1zcGVhay5jb20vZW4vKSBzZXJ2ZXIuClRoaXMgY29sbGVjdGlvbiBjb250YWlucyA6CiAtIFBhcnNlcnMgZm9yIFRlYW1TcGVhayBsb2dzCiAtIFNjZW5hcmlvIHRvIGRldGVjdCBicnV0ZSBmb3JjZSBhdHRhY2tzCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Vzci9sb2NhbC90ZWFtc3BlYWsvbG9ncy90czNzZXJ2ZXJfKi5sb2cKICAtIC9ob21lL3RlYW1zcGVhay9sb2cvc2VydmVyL3RzM3NlcnZlcl8qLmxvZwpsYWJlbHM6CiAgdHlwZTogdHMzCmBgYAoKbm90ZXMgOgogLSBUZWFtc3BlYWsgZG9lc24ndCBwcm92aWRlIGEgc3RhbmRhcmQgaW5zdGFsbGVyLCBzbyB0aGUgbG9nIHBhdGggaXMgcmVsYXRpdmUgdG8geW91ciBzZXR1cAo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdGVhbXNwZWFrMy1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvdGVhbXNwZWFrMy1iZgpkZXNjcmlwdGlvbjogInRlYW1zcGVhazMgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB0ZWFtc3BlYWszCiAgLSBicnV0ZWZvcmNlCg==", "description": "teamspeak3 support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/teamspeak3-logs" ], "scenarios": [ "crowdsecurity/teamspeak3-bf" ] }, "crowdsecurity/teleport": { "path": "collections/crowdsecurity/teleport.yaml", "version": "0.1", "versions": { "0.1": { "digest": "797254847c87721261c3898e36e8dfbb4fad9b88983e3311ef402808eef70241", "deprecated": false } }, "long_description": "VGVsZXBvcnQgY29sbGVjdGlvbiBpbmNsdWRlczoKLSBKU09OIFBhcnNlcgotIEF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2Ugc2NlbmFyaW9zIGZvciB3ZWJ1aSBhbmQgdHNoCi0gSW1wb3NzaWJsZSB0cmF2ZWwgZGV0ZWN0aW9uCgpUZWxlcG9ydCBzdXBwb3J0cyBtdWx0aXBsZSBzdG9yYWdlIGJhY2tlbmRzIGZvciBzdG9yaW5nIGF1ZGl0IGV2ZW50cy4gVGhlIGBkaXJgIGJhY2tlbmQgdXNlcyB0aGUgbG9jYWwgZmlsZXN5c3RlbSBvZiBhbiBBdXRoIFNlcnZpY2UgaG9zdC4gV2hlbiB0aGlzIGJhY2tlbmQgaXMgdXNlZCwgZXZlbnRzIGFyZSB3cml0dGVuIHRvIHRoZSBmaWxlc3lzdGVtIGluIEpTT04gZm9ybWF0LiBUaGUgZGlyIGJhY2tlbmQgcm90YXRlcyB0aGUgZXZlbnQgZmlsZSBhcHByb3hpbWF0ZWx5IG9uY2UgZXZlcnkgMjQgaG91cnMsIGJ1dCBuZXZlciBkZWxldGVzIGNhcHR1cmVkIGV2ZW50cy4KCkV4YW1wbGUgYWNxdWlzaXRpb246CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbGliL3RlbGVwb3J0L2xvZy8qLmxvZwpsYWJlbHM6CiAgdHlwZTogdGVsZXBvcnQKYGBgCgojIyMgSW1wb3NzaWJsZSB0cmF2ZWwgcmVtZWRpYXRpb24KClRoZSByZWFzb24gd2h5IHdlIGhhdmUgc2V0IHJlbWVkaWF0aW9uIHRvIGZhbHNlIGJ5IGRlZmF1bHQgaXMgd2UgZG9uJ3Qgd2FudCB0byBsb2NrIG91dCBsZWdpdGltYXRlIHVzZXJzIGFuZCB3YW50IHlvdSB0byBmdWxseSB1bmRlcnN0YW5kIGhvdyB0aGUgY29sbGVjdGlvbiB3b3JrcyBiZWZvcmUgeW91IGp1bXAgaW4gZmVldCBmaXJzdC4KCllvdSBjYW4gZW5hYmxlIHJlbWVkaWF0aW9uIGJ5IHNldHRpbmcgcmVtZWRpYXRpb24gbGFiZWwgd2l0aGluIGNyb3dkc2VjdXJpdHkvaW1wb3NzaWJsZS10cmF2ZWwueWFtbCB0byB0cnVlIHdpdGhpbiB0aGUgc2NlbmFyaW9zIGZvbGRlci4KCllvdSBjYW4gZW5hYmxlIHVzZXIgcmVtZWRpYXRpb24gYnkgc2V0dGluZyByZW1lZGlhdGlvbiBsYWJlbCB3aXRoaW4gY3Jvd2RzZWN1cml0eS9pbXBvc3NpYmxlLXRyYXZlbC11c2VyLnlhbWwgdG8gdHJ1ZSB3aXRoaW4gdGhlIHNjZW5hcmlvcyBmb2xkZXIgYW5kIHlvdSBtdXN0IGFkZCBhIHByb2ZpbGVzIHRvIGhhbmRsZSB0aGlzIHNjb3BlIGV4YW1wbGU6CgpgYGB5YW1sCiMvZXRjL2Nyb3dkc2VjL3Byb2ZpbGVzLnlhbWwubG9jYWwKbmFtZTogdXNlcm5hbWVfdGVtcF9iYW4KZmlsdGVyczoKIC0gJ0FsZXJ0LlJlbWVkaWF0aW9uID09IHRydWUgJiYgQWxlcnQuR2V0U2NvcGUoKSA9PSAidXNlcm5hbWUiJwpkZWNpc2lvbnM6CiAgLSB0eXBlOiB0ZW1wYmFuCiAgICBzY29wZTogInVzZXJuYW1lIgogICAgZHVyYXRpb246IDEyaApvbl9zdWNjZXNzOiBicmVhawpgYGAKCiMjIyMgSG93ZXZlciwgbW9zdCBib3VuY2VycyBkb250IGtub3cgaG93IHRvIGhhbmRsZSB1c2VyIHJlbWVkaWF0aW9uIEkgd2lsbCBhcHBlbmQgYSBibG9nIHBvc3Qgb24gaG93IHRvIGhhbmRsZSB0aGlzIGluIHRoZSBmdXR1cmUu", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdGVsZXBvcnQtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3RlbGVwb3J0LWJmCiAgLSBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsCiAgLSBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsLXVzZXIKZGVzY3JpcHRpb246ICJUZWxlcG9ydCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gdGVsZXBvcnQKICAtIGJydXRlZm9yY2UK", "description": "Teleport support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/teleport-logs" ], "scenarios": [ "crowdsecurity/teleport-bf", "crowdsecurity/impossible-travel", "crowdsecurity/impossible-travel-user" ] }, "crowdsecurity/thehive": { "path": "collections/crowdsecurity/thehive.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3d6910c9ee4fd1c7395018de8ecd98a9128c858eb8799e631b754055711b1c29", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1iZgpkZXNjcmlwdGlvbjogIlRoZWhpdmUgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHNvYwogIC0gc2VjdXJpdHkKICAtIHRoZWhpdmUKICAtIGJydXRlZm9yY2UK", "description": "Thehive support : parser and brute-force detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/thehive-logs" ], "scenarios": [ "crowdsecurity/thehive-bf" ] }, "crowdsecurity/traefik": { "path": "collections/crowdsecurity/traefik.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b7b9feedcd49009ce80e4ab12c2642e68054222a7e7bb8611f2f45d5d3600ef2", "deprecated": false } }, "long_description": "IyMgVHJhZWZpayBjb2xsZWN0aW9uCgo+IENvLWF1dGhvcmVkIHdpdGggKGh0dHBzOi8vZ2l0aHViLmNvbS9nbWVsb2RpZSkKCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgdHJhZWZpayBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSB0cmFlZmlrIHBhcnNlciAoc3VwcG9ydHMgQ0xGIGFuZCBKU09OKQogLSBiYXNlIGh0dHAgc2NlbmFyaW9zIChjcmF3bCwgNDA0IHNjYW4sIGJmKQoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy90cmFlZmlrLyoubG9nCmxhYmVsczoKICB0eXBlOiB0cmFlZmlrCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "IyBjby1hdXRob3JlZCB3aXRoIGdtZWxvZGllIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L3RyYWVmaWstbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogInRyYWVmaWsgc3VwcG9ydDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHRyYWVmaWsKICAtIGh0dHAKICAtIGJydXRlZm9yY2UKCg==", "description": "traefik support: parser and generic http scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/traefik-logs" ], "collections": [ "crowdsecurity/base-http-scenarios" ] }, "crowdsecurity/unifi": { "path": "collections/crowdsecurity/unifi.yaml", "version": "0.1", "versions": { "0.1": { "digest": "55ad6aac392ac93a0d866522c1fd88ba30c7c4ad99e334a9c46b741f948f27e6", "deprecated": false } }, "long_description": "IyMgVW5pZmkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBVbmlmaSBnZWFyIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgotIFVuaWZpIHN5c2xvZyBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L3VuaWZpLWxvZ3NgCi0gRHJvcGJlYXIgcGFyc2VyOiBgY3Jvd2RzZWN1cml0eS9kcm9wYmVhci1sb2dzYAotIFNTSCBicnV0ZWZvcmNlIHNjZW5hcmlvIDogYGNyb3dkc2VjdXJpdHkvc3NoLWJmYAotIElwdGFibGVzIHBhcnNlcjogYGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9nc2AKLSBQb3J0IHNjYW4gZGV0ZWN0aW9uOiBgY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzYAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCnNvdXJjZTogc3lzbG9nCmxpc3Rlbl9hZGRyOiAwLjAuMC4wCmxpc3Rlbl9wb3J0OiA0MjQyCmxhYmVsczoKIHR5cGU6IHVuaWZpCmBgYAoKCm5vdGVzIDoKIC0gIFdoaWxlIHRoZSB1bmlmaSBnZWFyIHVzZXMgc3lzbG9nIHRvIHNlbmQgdGhlIGxvZ3MsIHRoZSBmb3JtYXQgaXMgbm9uLWNvbXBsaWFudCB3aXRoIHRoZSBSRkMsIHNvIHlvdSBuZWVkIHRvIHNldCB0aGUgdHlwZSB0byBgdW5pZmlgCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdW5pZmktbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kcm9wYmVhci1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9pcHRhYmxlcwpkZXNjcmlwdGlvbjogIlVuaWZpIHN1cHBvcnQ6IHN5c2xvZyBwYXJzZXIgKyBwb3J0IHNjYW4gKyBTU0ggQkYgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHVuaWZpCiAgLSBzc2gKICAtIGJydXRlZm9yY2UKICAtIGRyb3BiZWFyCiAgLSBwb3J0c2Nhbgo=", "description": "Unifi support: syslog parser + port scan + SSH BF detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/unifi-logs", "crowdsecurity/dropbear-logs" ], "scenarios": [ "crowdsecurity/ssh-bf" ], "collections": [ "crowdsecurity/iptables" ] }, "crowdsecurity/vsftpd": { "path": "collections/crowdsecurity/vsftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "7cb60c9ce9772d4dc7227cc415a55114b8f4e3c07e27c17a666e56e11cb04b32", "deprecated": false } }, "long_description": "IyMgVnNGVFBEIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgVlNGVFBEIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgotIFZTRlRQRCBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L3ZzZnRwZC1sb2dzYAotIGJydXRlZm9yY2Ugc2NlbmFyaW8gOiBgY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmZgCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvdnNmdHBkLyoubG9nCmxhYmVsczoKICB0eXBlOiB2c2Z0cGQKYGBgCgoKbm90ZXMgOgogLSAgSWYgeW91IGFyZSB1c2luZyBgc3lzbG9nYCwgc2V0IHR5cGUgdG8gYHN5c2xvZ2AgaW5zdGVhZAogLSAgRGVwZW5kaW5nIG9uIHlvdXIgZGlzdHJpYnV0aW9uL09TLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlCiAtICBPbmx5IHJlbGV2YW50IGlmIHlvdSBhcmUgbWFudWFsbHkgaW5zdGFsbGluZyBjb2xsZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmYKZGVzY3JpcHRpb246ICJWU0ZUUEQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gZnRwCiAgLSBicnV0ZWZvcmNlCg==", "description": "VSFTPD support : logs and brute-force scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/vsftpd-logs" ], "scenarios": [ "crowdsecurity/vsftpd-bf" ] }, "crowdsecurity/whitelist-good-actors": { "path": "collections/crowdsecurity/whitelist-good-actors.yaml", "version": "0.1", "versions": { "0.1": { "digest": "70f9b1723423de3918bfa3f33fa9c266da71c897b6173ff21e2fb73f9a24245e", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIHdoaXRlbGlzdCBhbGwgZ29vZCBhY3RvcnMgOgogLSByZG5zIHRvIHVzZSBpdCBpbiB3aGl0ZWxpc3RzIHRoYXQgbmVlZCByZG5zCiAtIHJkbnMgb2YgYWxsIGdvb2Qgc2VhcmNoIGVuZ2luZSBjcmF3bGVycyAoZ29vZ2xlYm90LCBiaW5nIGV0Yy4uLikKIC0gdHJ1c3RlZCBwYXJ0bmVycyBsaWtlIGNsb3VkZmxhcmU=", "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiAgLSBjcm93ZHNlY3VyaXR5L2Nkbi13aGl0ZWxpc3QKICAtIGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkdvb2QgYWN0b3JzIHdoaXRlbGlzdHMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3RzCiAgLSBwYXJ0bmVycwo=", "description": "Good actors whitelists", "author": "crowdsecurity", "labels": null, "postoverflows": [ "crowdsecurity/seo-bots-whitelist", "crowdsecurity/cdn-whitelist", "crowdsecurity/rdns" ] }, "crowdsecurity/whm": { "path": "collections/crowdsecurity/whm.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b2e05f1a3fb4a667f7bf39fa3224e3f77cc12a199f4fae209a9da173700fe768", "deprecated": false } }, "long_description": "IyMgV0hNIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgV0hNIG9uIHRoZSB2YXJpb3VzIGNvbW1vbiBzZXJ2aWNlcyBpbnN0YWxsZWQKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpUbyBoZWxwIHlvdSBsb2NhdGUgdGhlIGxvZ3Mgc3BlY2lmaWMgdG8gV0hNIG9yIENQYW5lbCBjb25maWd1cmF0aW9uIHJlZmVyIHRvIGh0dHBzOi8vZG9jcy5jcGFuZWwubmV0L2tub3dsZWRnZS1iYXNlL2NwYW5lbC1wcm9kdWN0L3RoZS1jcGFuZWwtbG9nLWZpbGVzLwoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCgpgYGB5YW1sCiMgWW91IGNhbiBsZWF2ZSB0aGUgZGVmYXVsdCBhcGFjaGUyIHBhdGggaW4gYWNxdWlzLnlhbWwgYXMgaXQgd2lsbCBkZWFsIHdpdGggeW91ciBzZXJ2ZXIgbG9ncwojIHRoaXMgZXh0cmEgYWNxdWlzaXRpb24gaXMgZm9yIGFwYWNoZTIgZXJyb3JzIGZvciB5b3VyIHZhcmlvdXMgdXNlcnMgZG9tYWlucyAKIyMgcHV0IGluIC9ldGMvY3Jvd2RzZWMvYWNxdWlzLmQvYXBhY2hlMndobS55YW1sIApmaWxlbmFtZXM6IAogIC0gL3Zhci9sb2cvYXBhY2hlMi9kb21sb2dzLyoKZXhjbHVkZV9yZWdleHBzOgogIC0gLipmdHB4ZmVybG9nLioKICAjIHlvdSBjYW4gZXhjbHVzZSBvdGhlciByZWdleHAgdGhhdCBhcmUgbm90IGFwYWNoZTIgbG9nIGZpbGVzCmxhYmVsczoKICB0eXBlOiBhcGFjaGUyCmBgYAoKYGBgeWFtbAojIGZ0cHhmZXIgdHlwaWNhbCBXSE0gb3ZlcnJpZGUgOiAKIyMgcHV0IGluIC9ldGMvY3Jvd2RzZWMvYWNxdWlzLmQvZnRweGZlci55YW1sIApmaWxlbmFtZXM6IAogIC0gL3Vzci9sb2NhbC9hcGFjaGUyL2RvbWxvZ3MvZnRweGZlcmxvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCiAgIyBkZXBlbmRpbmcgb24geW91ciBmdHAgc2VydmljZSB0aGUgdHlwZSBjYW4gYWxzbyBiZSBwcm9mdHBkIG9yIHZzZnRwZApgYGAKCmBgYHlhbWwKIyBjcGFuZWwgdHlwaWNhbCBXSE0gb3ZlcnJpZGUgOiAKIyMgcHV0IGluIC9ldGMvY3Jvd2RzZWMvYWNxdWlzLmQvY3BhbmVsLnlhbWwgCiMjIGFuZCBjb21tZW50IG91dCBjcGFuZWwgYWNxdWlzIGRlZmF1bHQgY29uZmlnIGluIC9ldGMvY3Jvd2RzZWMvYWNxdWlzLnlhbWwgaWYgbmVjZXNzYXJ5CmZpbGVuYW1lczogCiAgLSAvdXNyL2xvY2FsL2NwYW5lbC9sb2dzL2xvZ2luX2xvZwogIC0gL3Vzci9sb2NhbC9jcGFuZWwvbG9ncy9lcnJvcl9sb2cKICAtIC91c3IvbG9jYWwvY3BhbmVsL2xvZ3MvYWNjZXNzX2xvZwpsYWJlbHM6CiAgdHlwZTogY3BhbmVsCmBgYAoKYGBgeWFtbAojIENvbmZpZ1NlcnZlciBMRkQgcGF0aCA6IAojIyBwdXQgaW4gL2V0Yy9jcm93ZHNlYy9hY3F1aXMuZC9jb25maWdzZXJ2ZXItbGZkLnlhbWwgCmZpbGVuYW1lczogCiAgLSAvdmFyL2xvZy9sZmQubG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCgpgYGB5YW1sCiMgSW4gY2FzZSB5b3VyIERvdmVjb3QgbG9ncyBpbnRvIHN5c2xvZwojIHN5c2xvZyB3aWxsIGxpa2VseSByb3V0ZSBtYWlsIGxvZ3MgdG8gbWFpbGxvZwojIyBwdXQgaW4gL2V0Yy9jcm93ZHNlYy9hY3F1aXMuZC9kb3ZlY290LnlhbWwgCiMjIGFuZCBjb21tZW50IG91dCBjcGFuZWwgYXFjdWlzIGRlZmF1bHQgY29uZmlnIGluIC9ldGMvY3Jvd2RzZWMvYWNxdWlzLnlhbWwgaWYgbmVjZXNzYXJ5CiMjIGRlcGVuZGluZyBvbiB5b3VyIE9TIHRoZSBmaWxlIG1pZ2h0IGJlIC92YXIvbG9nL21haWxsb2cgb3IgL3Zhci9sb2cvbWFpbC5sb2cKZmlsZW5hbWVzOiAKICAtIC92YXIvbG9nL21haWxsb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZTIKICAtIGNyb3dkc2VjdXJpdHkvY3BhbmVsCiAgLSBjcm93ZHNlY3VyaXR5L2RvdmVjb3QKICAtIGNyb3dkc2VjdXJpdHkvZXhpbQogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZQogIC0gY3Jvd2RzZWN1cml0eS9saW51eAogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQogIC0gY3Jvd2RzZWN1cml0eS9teXNxbAogIC0gY3Jvd2RzZWN1cml0eS9wZ3NxbAogIC0gY3Jvd2RzZWN1cml0eS9wcm9mdHBkCiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkCiAgLSBmdWxsamFja3ovcHVyZWZ0cGQKICAtIGNyb3dkc2VjdXJpdHkvd2hpdGVsaXN0LWdvb2QtYWN0b3JzCmRlc2NyaXB0aW9uOiAiV0hNIGJyb2FkIHNlbGVjdGlvbiBvZiBjb2xsZWN0aW9ucyBwb3NzaWJseSBiZWluZyBpbnN0YWxsZWQiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2htCiAgLSBjcGFuZWwKICAtIGxpbnV4Cg==", "description": "WHM broad selection of collections possibly being installed", "author": "crowdsecurity", "labels": null, "collections": [ "crowdsecurity/apache2", "crowdsecurity/cpanel", "crowdsecurity/dovecot", "crowdsecurity/exim", "crowdsecurity/http-cve", "crowdsecurity/linux", "crowdsecurity/modsecurity", "crowdsecurity/mysql", "crowdsecurity/pgsql", "crowdsecurity/proftpd", "crowdsecurity/sshd", "crowdsecurity/vsftpd", "fulljackz/pureftpd", "crowdsecurity/whitelist-good-actors" ] }, "crowdsecurity/windows": { "path": "collections/crowdsecurity/windows.yaml", "version": "0.1", "versions": { "0.1": { "digest": "dca4187a260a723cfc7d47246cccfadab4249adca84f9e8b0cff7727f4503ae9", "deprecated": false } }, "long_description": "IyMgV2luZG93cyBjb2xsZWN0aW9uCgpUaGlzIGNvbGxlY3Rpb24gaW5zdGFsbHMgYSBwYXJzZXIgZm9yIHdpbmRvd3MgZXZlbnQgbG9ncyArIGZsYXQgZmlsZSwgYW5kIGEgcGFyc2VyL3NjZW5hcmlvIGZvciBhdXRoIGJydXRlZm9yY2UK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYXV0aAogIC0gY3Jvd2RzZWN1cml0eS9nZW9pcC1lbnJpY2gKICAtIGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaApzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKZGVzY3JpcHRpb246ICJjb3JlIHdpbmRvd3Mgc3VwcG9ydCA6IHdpbmRvd3MgZXZlbnQgbG9nICsgYmYgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIHdpbmRvd3MKCg==", "description": "core windows support : windows event log + bf detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-logs", "crowdsecurity/windows-auth", "crowdsecurity/geoip-enrich", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "crowdsecurity/windows-bf" ] }, "crowdsecurity/windows-cve": { "path": "collections/crowdsecurity/windows-cve.yaml", "version": "0.3", "versions": { "0.1": { "digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "deprecated": false }, "0.2": { "digest": "64a28a68af069438de9f54c6f31ffebf289d9bfe246bc42c06ef4228f65fa808", "deprecated": false }, "0.3": { "digest": "ef9545e3263afd26967b0dbed02330f1841b7f33161c6c7e72e016785b052cac", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIG9mIHdpbmRvd3Mgc3BlY2lmaWMgQ1ZFcyA6CgogLSBbTVNEVCBDVkUtMjAyMi0zMDE5MF0oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItMzAxOTApCgoKOndhcm5pbmc6IFRoaXMgY29sbGVjdGlvbiByZXF1aXJlcyBhIHdvcmtpbmcgW3N5c21vbl0oaHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvc3lzaW50ZXJuYWxzL2Rvd25sb2Fkcy9zeXNtb24pIGluc3RhbGxhdGlvbi4gVGhpcyBpcyBzdGlsbCBhIHByb29mLW9mLWNvbmNlcHQsIGFuZCB3aWxsIGdhaW4gbW9yZSBzY2VuYXJpb3Mgb3ZlciB0aW1lLgoKRXhhbXBsZSBhY3F1aXNpdGlvbiBjb25maWc6CmBgYApzb3VyY2U6IHdpbmV2ZW50bG9nCnByZXR0eV9uYW1lOiBzeXNtb24KZXZlbnRfY2hhbm5lbDogIk1pY3Jvc29mdC1XaW5kb3dzLVN5c21vbi9PcGVyYXRpb25hbCIKbGFiZWxzOgogdHlwZTogc3lzbW9uCmBgYA==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3N5c21vbi1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1DVkUtMjAyMi0zMDE5MC1tc2R0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIzMzk3CmRlc2NyaXB0aW9uOiAid2luZG93cyBDVkU6IHRyeSB0byBkZXRlY3QgbG9jYWwgQ1ZFIGV4cGxvaXRhdGlvbiBvbiB3aW5kb3dzLiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBsb2NhbAogIC0gZXhwbG9pdAoK", "description": "windows CVE: try to detect local CVE exploitation on windows.", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-logs", "crowdsecurity/sysmon-logs" ], "scenarios": [ "crowdsecurity/windows-CVE-2022-30190-msdt", "crowdsecurity/CVE-2023-23397" ] }, "crowdsecurity/windows-firewall": { "path": "collections/crowdsecurity/windows-firewall.yaml", "version": "0.2", "versions": { "0.1": { "digest": "597b15292d86f2aa7df95cc09fb9dc2f7d29aa541727f9704faa1095068889b2", "deprecated": false }, "0.2": { "digest": "d5bc6aef85dc2fb3e9589c3d4ee2f879a66b1551787d05f70ad11a2146d98373", "deprecated": false } }, "long_description": "IyMgV2luZG93cyBmaXJld2FsbCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIHBvcnRzY2FuIGRldGVjdGlvbiB2aWEgd2luZG93cyBmaXJld2FsbCBsb2dzIDoKIC0gV2luZG93cyBmaXJld2FsbCBsb2dzIHBhcnNlcgogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gQzpcXFdpbmRvd3NcXFN5c3RlbTMyXFxMb2dGaWxlc1xcRmlyZXdhbGxcXHBmaXJld2FsbC5sb2cKbGFiZWxzOgogIHR5cGU6IHdpbmRvd3MtZmlyZXdhbGwKYGBgCgpub3RlcyA6CiAtIFRoaXMgY29sbGVjdGlvbiB1c2VzIHRoZSBgY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzYCBzY2VuYXJpbyBiZWNhdXNlIHdlIGFyZSBiYWQgYXQgbmFtaW5nIDopIAogLSBCZWNhdXNlIFdpbmRvd3MgZW5hYmxlcyBzdGVhbHRoIG1vZGUgYnkgZGVmYXVsdCwgb25seSBzY2FuIHRhcmdldGVkIHRvIHBvcnQgdGhhdCBoYXZlIGEgbGlzdGVuZXJzIHdpbGwgYmUgbG9nZ2VkLCBzbyB3ZSB3aWxsIHByb2JhYmx5IG1pc3Mgc29tZSBhdHRhY2tzICh3ZSBkbyBOT1QgcmVjb21tYW5kIGRpc2FibGluZyBzdGVhbHRoIG1vZGUpIAo=", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2luZG93cy1maXJld2FsbC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtc2Nhbi1tdWx0aV9wb3J0cwpjb250ZXh0czoKICAtIGNyb3dkc2VjdXJpdHkvZmlyZXdhbGxfYmFzZQpkZXNjcmlwdGlvbjogIndpbmRvd3MgZmlyZXdhbGwgc3VwcG9ydCA6IGxvZ3MgYW5kIHBvcnQtc2NhbnMgZGV0ZWN0aW9uIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSB3aW5kb3dzCiAgLSBwb3J0c2NhbgoK", "description": "windows firewall support : logs and port-scans detection scenarios", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/windows-firewall-logs" ], "scenarios": [ "crowdsecurity/iptables-scan-multi_ports" ], "contexts": [ "crowdsecurity/firewall_base" ] }, "crowdsecurity/wireguard": { "path": "collections/crowdsecurity/wireguard.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0fa6e103d2206ee8037012e4c580323fde5bca957e4b8a70eb39e045c01a7d50", "deprecated": false } }, "long_description": "V2hpbHN0IENyb3dkU2VjdXJpdHkgZGVzaWduZWQgdGhpcyBjb2xsZWN0aW9uLCB3ZSBoaWdobHkgZGlzY291cmFnZSB0aGUgdXNlIG9mIGl0IChZZXMgd2Uga25vdyB2ZXJ5IG9kZCkuIFdpcmVndWFyZCBpcyBkZXNpZ25lZCB0byBiZSBoaWdoIHBlcmZvcm1hbnQgYW5kIHNlY3VyZSBieSBkZWZhdWx0IHByb3RvY29sIHVzaW5nIGtleSBwYWlycy4gVGhlIGxvZ3Mgd2VyZSBvbmx5IGRlc2lnbmVkIHRvIGJlIGZvciBkZWJ1Z2dpbmcgcHVycG9zZXMgdGhlbiB0dXJuZWQgYmFjayBvZmYuIElmIGEgdXNlciB3aXNoZXMgdG8gdXNlIHRoaXMgY29sbGVjdGlvbiBnbyBhaGVhZCBidXQgbm8gc3VwcG9ydCB3aWxsIGJlIG9mZmVyZWQgZnJvbSB0aGUgdGVhbSBpZiB5b3UgcnVuIGludG8gaXNzdWVzIHdpdGggd2lyZWd1YXJkIG9yIHRoZSBjb2xsZWN0aW9uLgoKSW4gb3JkZXIgZm9yIENyb3dkU2VjIHRvIGRldGVjdCBhdHRhY2tzIG9uIFdpcmVndWFyZCBpdCBuZWVkcyBsb2dzIGFuZCBzaW5jZSBXaXJlZ3VhcmQgYnkgZGVmYXVsdCBsb2dzIGNsb3NlIHRvIG5vdGhpbmcgd2UgbmVlZCB0byBlbmFibGUgV2lyZWd1YXJkJ3MgZHluZGJnIGxvZ2dpbmcgd2hpY2ggc2VuZHMgbG9nIG1lc3NhZ2VzIHRvIHRoZSBMaW51eCBrZXJuZWwgbWVzc2FnZSBidWZmZXIsIGBrbXNnYC4gClRoZXNlIHdpbGwgYmUgcGlja2VkIHVwIGJ5IHlvdXIgTGludXggZGlzdHJvJ3Mgc3lzbG9nIHNlcnZpY2UgKGF0IGxlYXN0IG9uIERlYmlhbiwgcHJvYmFibHkgYWxzbyBvbiBtb3N0IG90aGVycykgYW5kIGxvZ2dlZCBpbiBgL3Zhci9rZXJuLmxvZ2AuIE9uIG90aGVyIGRpc3Ryb3MgdGhleSB3aWxsIGJlIGxvZ2dlZCB0byBgL3Zhci9sb2cvbWVzc2FnZXNgLgoKVG8gZW5hYmxlIFdpcmVndWFyZCdzIGR5bmRiZyBsb2dnaW5nOgpgYGBjb25zb2xlCiQgc3VkbyBtb2Rwcm9iZSB3aXJlZ3VhcmQKJCBlY2hvIG1vZHVsZSB3aXJlZ3VhcmQgK3AgfCBzdWRvIHRlZSAvc3lzL2tlcm5lbC9kZWJ1Zy9keW5hbWljX2RlYnVnL2NvbnRyb2wKYGBgCgpNb3JlIGRldGFpbHMgb24gd2hhdCB3ZSdyZSBsb29raW5nIGZvciwgd2h5IGFuZCBvdGhlciB3YXlzIHRvIGRvIGxvZ2dpbmcgb24gV2lyZWd1YXJkLCBwbGVhc2UgZ28gdG86Cmh0dHBzOi8vd3d3LnByb2N1c3RvZGlidXMuY29tL2Jsb2cvMjAyMS8wMy93aXJlZ3VhcmQtbG9ncy8K", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvd2lyZWd1YXJkLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS93aXJlZ3VhcmQtYXV0aApkZXNjcmlwdGlvbjogIndpcmVndWFyZCBhdXRoIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gd2lyZWd1YXJkCiAgLSB2cG4K", "description": "wireguard auth detection", "author": "crowdsecurity", "labels": null, "parsers": [ "crowdsecurity/wireguard-logs", "crowdsecurity/syslog-logs" ], "scenarios": [ "crowdsecurity/wireguard-auth" ] }, "crowdsecurity/wordpress": { "path": "collections/crowdsecurity/wordpress.yaml", "version": "0.5", "versions": { "0.1": { "digest": "14f428b1d171a092d703478a891db27aaf83a3f6ba99199a3be4a64d193d718d", "deprecated": false }, "0.2": { "digest": "502dde075615e4b98edc705b43d3c3d52de6c0d4e62340b91ab5e8676c916668", "deprecated": false }, "0.3": { "digest": "c342ae222954a731b60b7c72548fe876de791b3722088ae57cee09d2b2fd7028", "deprecated": false }, "0.4": { "digest": "f45c1bb9daec2f8a81e125f75033a3a0198f4eb36c342985f831c77a3057f1bd", "deprecated": false }, "0.5": { "digest": "7d253f3f00afe40eabe8334d1e2be59739ab87f3dddc9f9653948b2073a6b92b", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB3b3JkcHJlc3MgYWdhaW5zdCBjb21tb25zIHNjYW5uZXIgYmVoYXZpb3JzIDoKIC0gd3AtbG9naW4ucGhwIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIHdwLWNvbmZpZy5waHAgcHJvYmluZwogLSBhdXRob3IgZW51bWVyYXRpb24KIC0gd29yZHByZXNzIHBocCBmaWxlIGVudW1lcmF0aW9uIC8gZGV0ZWN0aW9uCg==", "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc193cGNvbmZpZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc191c2VyLWVudW0KICAtIGNyb3dkc2VjdXJpdHkvaHR0cC13b3JkcHJlc3Mtc2NhbgpkZXNjcmlwdGlvbjogIndvcmRwcmVzczogQnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGFuZCBjb25maWcgcHJvYmluZyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gd29yZHByZXNzCiAgLSBicnV0ZWZvcmNlCg==", "description": "wordpress: Bruteforce protection and config probing", "author": "crowdsecurity", "labels": null, "scenarios": [ "crowdsecurity/http-bf-wordpress_bf", "crowdsecurity/http-wordpress_wpconfig", "crowdsecurity/http-wordpress_user-enum", "crowdsecurity/http-wordpress-scan" ] }, "darkclip/charon-ipsec": { "path": "collections/darkclip/charon-ipsec.yaml", "version": "0.1", "versions": { "0.1": { "digest": "936e0b860d53b0f5ec796488d4d70a6d0b97b4c480c297afcc0ee0326fa44edd", "deprecated": false } }, "long_description": "IyMgQ2hhcm9uIElQc2VjIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgQ2hhcm9uIElQc2VjIGFnYWluc3QgYnJ1dGVmb3JjZSBhdHRhY2tzOgoKLSBDaGFyb24gSVBzZWMgcGFyc2VycwotIENoYXJvbiBJUHNlYyBzY2VuYXJpb3MKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL2lwc2VjL2xhdGVzdC5sb2cKICAtIC92YXIvbG9nL2lwc2VjLmxvZwpmb3JjZV9pbm90aWZ5OiB0cnVlCnBvbGxfd2l0aG91dF9pbm90aWZ5OiB0cnVlCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCg==", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGRhcmtjbGlwL2NoYXJvbi1pcHNlYy1sb2dzCnNjZW5hcmlvczoKICAtIGRhcmtjbGlwL2NoYXJvbi1pcHNlYy1iZgogIC0gZGFya2NsaXAvY2hhcm9uLWlwc2VjLXNsb3ctYmYKZGVzY3JpcHRpb246ICJDaGFyb24gSVBTRUMgc3VwcG9ydDogcGFyc2VycyBhbmQgc2NlbmFyaW9zIgphdXRob3I6IGRhcmtjbGlwCnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBvcG5zZW5zZQogIC0gcGZzZW5zZQogIC0gY2hhcm9uCiAgLSBzdHJvbmdzd2FuCiAgLSB2cG4KICAtIGlwc2VjCiAgLSBicnV0ZWZvcmNl", "description": "Charon IPSEC support: parsers and scenarios", "author": "darkclip", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "darkclip/charon-ipsec-logs" ], "scenarios": [ "darkclip/charon-ipsec-bf", "darkclip/charon-ipsec-slow-bf" ] }, "firewallservices/lemonldap-ng": { "path": "collections/firewallservices/lemonldap-ng.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c7ee2139e599aa59a56e0db3b1946470426b0c766978d6dbc2cc8a76e8e22e4b", "deprecated": false } }, "content": "c2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy9sZW1vbmxkYXAtbmctYmYKcGFyc2VyczoKICAtIGZpcmV3YWxsc2VydmljZXMvbGVtb25sZGFwLW5nCmRlc2NyaXB0aW9uOiAiTGVtb25sZGFwOjpORyBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZWZ1cmNlIGRldGVjdGlvbiIKYXV0aG9yOiBmaXJld2FsbHNlcnZpY2VzCnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGVmb3JjZQo=", "description": "Lemonldap::NG support : parser and brutefurce detection", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/lemonldap-ng" ], "scenarios": [ "firewallservices/lemonldap-ng-bf" ] }, "firewallservices/pf": { "path": "collections/firewallservices/pf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d549e7f67cffe712b081a9467a84f94f9a57a3852a369e68d079b61eba83c264", "deprecated": false }, "0.2": { "digest": "955cbafa111bfceef4d61ff0b345d459fc806d8e3d110a1e429ce2575468034c", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCBwb3J0IHNjYW4gb24gUGZTZW5zZSAvIEZyZWVCU0QK", "content": "c2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCnBhcnNlcnM6CiAgLSBmaXJld2FsbHNlcnZpY2VzL3BmLWxvZ3MKY29udGV4dHM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZpcmV3YWxsX2Jhc2UKZGVzY3JpcHRpb246ICJQYXJzZXIgYW5kIHNjZW5hcmlvIGZvciBQYWNrZXQgRmlsdGVyIGxvZ3MiCmF1dGhvcjogZmlyZXdhbGxzZXJ2aWNlcwp0YWdzOgogIC0gZmlyZXdhbGwKICAtIHBmc2Vuc2UKICAtIGZyZWVic2QKICAtIHBvcnRzY2FuCg==", "description": "Parser and scenario for Packet Filter logs", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/pf-logs" ], "scenarios": [ "firewallservices/pf-scan-multi_ports" ], "contexts": [ "crowdsecurity/firewall_base" ] }, "firewallservices/zimbra": { "path": "collections/firewallservices/zimbra.yaml", "version": "0.1", "versions": { "0.1": { "digest": "23dcbf45a7677927d72361f7d0d0210763fd1e4bc019c276b98092966ab14b5c", "deprecated": false } }, "long_description": "IyMgWmltYnJhIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBwYXJzZSBaaW1icmEncyBsb2dzIGFuZCBkZXRlY3QgYnJ1dCBmb3JjZSBvbiB0aGUgZm9sbG93aW5nIHNlcnZpY2VzCi0gd2ViIGF1dGhlbnRpY2F0aW9uIGZvcm0KLSBTTVRQCi0gSU1BUAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9vcHQvemltYnJhL2xvZy9tYWlsYm94LmxvZwpsYWJlbHM6CiAgdHlwZTogemltYnJhCmBgYAoKCm5vdGVzIDoKIC0gIElmIHlvdSBhcmUgdXNpbmcgYHN5c2xvZ2AsIHNldCB0eXBlIHRvIGBzeXNsb2dgIGluc3RlYWQKIC0gIERlcGVuZGluZyBvbiB5b3VyIGRpc3RyaWJ1dGlvbi9PUywgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZQogLSAgT25seSByZWxldmFudCBpZiB5b3UgYXJlIG1hbnVhbGx5IGluc3RhbGxpbmcgY29sbGVjdGlvbgo=", "content": "cGFyc2VyczoKICAtIGZpcmV3YWxsc2VydmljZXMvemltYnJhLWxvZ3MKc2NlbmFyaW9zOgogIC0gZmlyZXdhbGxzZXJ2aWNlcy96aW1icmEtYmYKZGVzY3JpcHRpb246ICJ6aW1icmEgc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogZmlyZXdhbGxzZXJ2aWNlcwp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UKICAtIHppbWJyYQo=", "description": "zimbra support : parser and spammer detection", "author": "firewallservices", "labels": null, "parsers": [ "firewallservices/zimbra-logs" ], "scenarios": [ "firewallservices/zimbra-bf" ] }, "firix/authentik": { "path": "collections/firix/authentik.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3aad9afc16c8be4f1480f3dfbf7b992a571e065cf535775a891c657d67ddbec6", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbQXV0aGVudGlrXShodHRwczovL2dvYXV0aGVudGlrLmlvKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gQXV0aGVudGlrIHBhcnNlcgogLSBBdXRoZW50aWsgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKSWYgdXNpbmcgTE9HX0ZJTEUgZW52aXJvbm1lbnQgdmFyaWFibGU6CmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvYXV0aGVudGlrLmxvZwpsYWJlbHM6CiAgdHlwZTogYXV0aGVudGlrCmBgYAoKRGlyZWN0bHkgbW9uaXRvcmluZyBEb2NrZXIKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIGF1dGhlbnRpawpsYWJlbHM6CiAgdHlwZTogYXV0aGVudGlrCmBgYAo=", "content": "cGFyc2VyczoKICAtIGZpcml4L2F1dGhlbnRpay1sb2dzCnNjZW5hcmlvczoKICAtIGZpcml4L2F1dGhlbnRpay1iZgpjb2xsZWN0aW9uczoKZGVzY3JpcHRpb246ICJBdXRoZW50aWsgU3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGZpcml4CnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGUtZm9yY2UKICAtIGF1dGhlbnRpawo=", "description": "Authentik Support : parser and brute-force detection", "author": "firix", "labels": null, "parsers": [ "firix/authentik-logs" ], "scenarios": [ "firix/authentik-bf" ] }, "fulljackz/proxmox": { "path": "collections/fulljackz/proxmox.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a671536baca4ae612eede90a29e39e7079a03d4d16fea9a534fab79c50b30deb", "deprecated": false } }, "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKc2NlbmFyaW9zOgogIC0gZnVsbGphY2t6L3Byb3htb3gtYmYKZGVzY3JpcHRpb246ICJQcm94bW94IFdlYiBpbnRlcmZhY2Ugc3VwcG9ydCA6IHBhcnNlciBmb3IgYnJ1dGUgZm9yY2UgZGV0ZWN0aW9uIG9uIFByb3htb3ggVkUgV2ViIFVJIgphdXRob3I6IGZ1bGxqYWNregp0YWdzOgogIC0gUHJveG1veCAKICAtIGJydXRlZm9yY2UKCg==", "description": "Proxmox Web interface support : parser for brute force detection on Proxmox VE Web UI", "author": "fulljackz", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "fulljackz/proxmox-logs" ], "scenarios": [ "fulljackz/proxmox-bf" ] }, "fulljackz/pureftpd": { "path": "collections/fulljackz/pureftpd.yaml", "version": "0.1", "versions": { "0.1": { "digest": "efffdc3d30f38ea0e236f6fe55d0997b046ab25f44bef64fbf37ab5fb9b184ed", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBQVVJFRlRQRCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKLSBQVVJFRlRQRCBwYXJzZXI6IGBmdWxsamFja3ovcHVyZWZ0cGQtbG9nc2AKLSBicnV0ZWZvcmNlIHNjZW5hcmlvIDogYGZ1bGxqYWNrei9wdXJlZnRwZC1iZmAK", "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzCnNjZW5hcmlvczoKICAtIGZ1bGxqYWNrei9wdXJlZnRwZC1iZgpkZXNjcmlwdGlvbjogIlB1cmVmdHBkIHN1cHBvcnQgOiBwYXJzZXIgZm9yIGJydXRlIGZvcmNlIGRldGVjdGlvbiBvbiBQdXJlZnRwZCIKYXV0aG9yOiBmdWxsamFja3oKdGFnczoKICAtIFB1cmVmdHBkCiAgLSBicnV0ZWZvcmNlCgo=", "description": "Pureftpd support : parser for brute force detection on Pureftpd", "author": "fulljackz", "labels": null, "parsers": [ "crowdsecurity/syslog-logs", "fulljackz/pureftpd-logs" ], "scenarios": [ "fulljackz/pureftpd-bf" ] }, "gauth-fr/immich": { "path": "collections/gauth-fr/immich.yml", "version": "0.1", "versions": { "0.1": { "digest": "b18a419be300518ec1c82139f892af0d854dda2ff38ef13310568d48f632d5d1", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSW1taWNoXShodHRwczovL2ltbWljaC5hcHApIGluc3RhbmNlIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBJbW1pY2ggcGFyc2VyCiAtIEltbWljaCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpJZiB1c2luZyBMT0dfRklMRSBlbnZpcm9ubWVudCB2YXJpYWJsZToKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9pbW1pY2gvaW1taWNoX3NlcnZlci5sb2cKbGFiZWxzOgogIHR5cGU6IGltbWljaApgYGAKCkZvciBEb2NrZXIgZGlyZWN0bHkKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIGltbWljaF9zZXJ2ZXIKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogaW1taWNoCmBgYAo=", "content": "cGFyc2VyczoKICAtIGdhdXRoLWZyL2ltbWljaC1sb2dzCnNjZW5hcmlvczoKICAtIGdhdXRoLWZyL2ltbWljaC1iZgpkZXNjcmlwdGlvbjogIkltbWljaCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogZ2F1dGgtZnIKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gaW1taWNoCg==", "description": "Immich support : parser and brute-force detection", "author": "gauth-fr", "labels": null, "parsers": [ "gauth-fr/immich-logs" ], "scenarios": [ "gauth-fr/immich-bf" ] }, "hitech95/nginx-mail": { "path": "collections/hitech95/nginx-mail.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0dd42652366dd9cc2dcdc8bee7977cc45b51fba865796fb699b0bf5ca010d736", "deprecated": false } }, "long_description": "IyMgTmdpbnggTWFpbCBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gZm9yIE5naW54IG1haWwgcHJveHkKICogTmdpbnggTWFpbCBjb3JlIG1vZHVsZSBsb2cgcGFyc2VycwogKiBOZ2lueCBNYWlsIGF1dGggbW9kdWxlIHNjZW5hcmlvIGJydXRlZm9yY2Ugc3BhbSBhdHRlbXB0CgpJdCBpcyByZWNvbW1lbmRlZCBoYXZpbmcgdGhlIGBjcm93ZHNlY3VyaXR5L25naW54YCBjb2xsZWN0aW9uIGluc3RhbGxlZCEKCj4gQ29udHJpYnV0aW9uIGJ5IGh0dHBzOi8vZ2l0aHViLmNvbS9oaXRlY2g5NQoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25naW54LyoubG9nCiAgLSAuL3Rlc3RzL25naW54L25naW54LmxvZwojdGhpcyBpcyBub3QgYSBzeXNsb2cgbG9nLCBpbmRpY2F0ZSB3aGljaCBraW5kIG9mIGxvZ3MgaXQgaXMKbGFiZWxzOgogIHR5cGU6IG5naW54CmBgYAoKSWYgeW91IGFyZSBydW5uaW5nIE5naW54IGluc2lkZSBkb2NrZXIsIGxpa2UgW21haWx1XShodHRwczovL21haWx1LmlvLyk6CgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZTogCiAtICBtYWlsdS1mcm9udApsYWJlbHM6CiAgdHlwZTogbmdpbngKYGBgCgpub3RlcyA6CiAtICBEZXBlbmRpbmcgb24geW91ciBkaXN0cmlidXRpb24vT1MsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2UKIC0gIE9ubHkgcmVsZXZhbnQgaWYgeW91IGFyZSBtYW51YWxseSBpbnN0YWxsaW5nIGNvbGxlY3Rpb24K", "content": "cGFyc2VyczoKICAtIGhpdGVjaDk1L25naW54LW1haWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBoaXRlY2g5NS9tYWlsLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJuZ2lueCBlbWFpbCBjb3JlIDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBoaXRlY2g5NQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UKICAtIGVtYWlsCg==", "description": "nginx email core : parser and spammer detection", "author": "hitech95", "labels": null, "parsers": [ "hitech95/nginx-mail-logs" ], "scenarios": [ "hitech95/mail-generic-bf" ] }, "inherent-io/keycloak": { "path": "collections/inherent-io/keycloak.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b57e28a782a618fd349ddba5deb1af5795dc75e72022b443de287ec98ec6daa0", "deprecated": false }, "0.2": { "digest": "f3ddcd12543d906393577d99474efffe23262d640dce5f7b405de93794cc6627", "deprecated": false } }, "long_description": "S2V5Y2xvYWsgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2tleWNsb2FrL2tleWNsb2FrLmxvZwpsYWJlbHM6CiAgdHlwZToga2V5Y2xvYWsKYGBgCgpEaXJlY3RseSBtb25pdG9yaW5nIERvY2tlcgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0ga2V5Y2xvYWsKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZToga2V5Y2xvYWsKLS0tCg==", "content": "cGFyc2VyczoKICAtIGluaGVyZW50LWlvL2tleWNsb2FrLWxvZ3MKc2NlbmFyaW9zOgogIC0gaW5oZXJlbnQtaW8va2V5Y2xvYWstYmYKICAtIGluaGVyZW50LWlvL2tleWNsb2FrLXNsb3ctYmYKZGVzY3JpcHRpb246ICJLZXljbG9hayBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogaW5oZXJlbnQtaW8KdGFnczoKICAtIGtleWNsb2FrCiAgLSBicnV0ZWZvcmNlCg==", "description": "Keycloak support : parser and brute-force detection", "author": "inherent-io", "labels": null, "parsers": [ "inherent-io/keycloak-logs" ], "scenarios": [ "inherent-io/keycloak-bf", "inherent-io/keycloak-slow-bf" ] }, "jbowdre/miniflux": { "path": "collections/jbowdre/miniflux.yml", "version": "0.1", "versions": { "0.1": { "digest": "cbee1547c09e002b2030a6b59a8b706fdd222e79f38c0fadaa46380f53735262", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTWluaWZsdXhdKGh0dHBzOi8vbWluaWZsdXguYXBwLykgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIE1pbmlmbHV4IHBhcnNlcgogLSBNaW5pZmx1eCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gbWluaWZsdXgKbGFiZWxzOgogIHR5cGU6IG1pbmlmbHV4CmBgYAoKTm90ZToKLSBNaW5pZmx1eCBkb2Vzbid0IHdyaXRlIHRpbWVzdGFtcHMgaW4gbG9ncyBieSBkZWZhdWx0LiBZb3UgbXVzdCBzZXQgYExPR19EQVRFX1RJTUU9MWAgdG8gZW5hYmxlIHRpbWVzdGFtcHMuCg==", "content": "cGFyc2VyczoKICAtIGpib3dkcmUvbWluaWZsdXgtbG9ncwpzY2VuYXJpb3M6CiAgLSBqYm93ZHJlL21pbmlmbHV4LWJmCmRlc2NyaXB0aW9uOiAiTWluaWZsdXggc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGpib3dkcmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gbWluaWZsdXgK", "description": "Miniflux support : parser and brute-force detection", "author": "jbowdre", "labels": null, "parsers": [ "jbowdre/miniflux-logs" ], "scenarios": [ "jbowdre/miniflux-bf" ] }, "jusabatier/apereo-cas": { "path": "collections/jusabatier/apereo-cas.yaml", "version": "0.1", "versions": { "0.1": { "digest": "44e11d3facd2d5ff4b39d72367f688a1dc995270dd78b30ca9226e0a0b70ad3f", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBBcGVyZW8gQ0FTIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgoKKiBDQVMgYXVkaXRzIHBhcnNlcgoqIENBUyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCiogQ0FTICdzbG93JyBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCg==", "content": "cGFyc2VyczoKICAtIGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1hdWRpdC1sb2dzCnNjZW5hcmlvczoKICAtIGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1iZgogIC0ganVzYWJhdGllci9hcGVyZW8tY2FzLXNsb3ctYmYKZGVzY3JpcHRpb246ICJBUEVSRU8tQ0FTIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBqdXNhYmF0aWVyCnRhZ3M6CiAgLSBBcGVyZW8gQ0FTCiAgLSBicnV0ZWZvcmNlCg==", "description": "APEREO-CAS support : parser and brute-force detection", "author": "jusabatier", "labels": null, "parsers": [ "jusabatier/apereo-cas-audit-logs" ], "scenarios": [ "jusabatier/apereo-cas-bf", "jusabatier/apereo-cas-slow-bf" ] }, "lourys/pterodactyl": { "path": "collections/lourys/pterodactyl.yaml", "version": "0.1", "versions": { "0.1": { "digest": "081021627594cbedcd4523e84b910f71f113feb36f3de50acd1474dd94985916", "deprecated": false } }, "long_description": "IyMgUHRlcm9kYWN0eWwgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBwdGVyb2RhY3R5bCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gQnJ1dGVmb3JjZSBhZ2FpbnN0IHNmdHAKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApmaWxlbmFtZXM6CiAgLSAvdmFyL2xvZy9wdGVyb2RhY3R5bC93aW5ncy5sb2cKbGFiZWxzOgogIHR5cGU6IHB0ZXJvZGFjdHlsCmBgYA==", "content": "cGFyc2VyczoKICAtIGxvdXJ5cy9wdGVyb2RhY3R5bC13aW5ncy1sb2dzCmNvbGxlY3Rpb25zOgpzY2VuYXJpb3M6CiAgLSBsb3VyeXMvcHRlcm9kYWN0eWwtd2luZ3MtYmYKZGVzY3JpcHRpb246ICJwdGVyb2RhY3R5bCB3aW5ncyBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIHdpbmdzIGJydXRlZm9yY2UiCmF1dGhvcjogbG91cnlzCnRhZ3M6CiAgLSBwdGVyb2RhY3R5bAogIC0gd2luZ3MKICAtIGJydXRlLWZvcmNlCg==", "description": "pterodactyl wings support : parser and generic wings bruteforce", "author": "lourys", "labels": null, "parsers": [ "lourys/pterodactyl-wings-logs" ], "scenarios": [ "lourys/pterodactyl-wings-bf" ] }, "mstilkerich/bind9": { "path": "collections/mstilkerich/bind9.yaml", "version": "0.1", "versions": { "0.1": { "digest": "4ee8361d2f94b53c29a518291fbf548d6fdd336c1dee37942d2c305771796957", "deprecated": false } }, "long_description": "IyMgQmluZDkgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBiaW5kOQogKiBMb2cgcGFyc2VyIGZvciBzdXBwb3J0aW5nIGJvdGggbG9ncyBpbiBzeXNsb2cgYW5kIHNlcGFyYXRlIGJpbmQ5IGxvZ2ZpbGUKICogU2NlbmFyaW8gdGhhdCBkZXRlY3RzIGJpbmQ5IHNlY3VyaXR5IHBvbGljeSB2aW9sYXRpb25zCgpUaGlzIGNvbGxlY3Rpb24gc2hvdWxkIGFkZHJlc3MgdGhlIHNhbWUgZXZlbnRzIGFzIHRoZSBmYWlsMmJhbiBuYW1lZC1yZWZ1c2VkCmphaWwuCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkFjcXVpc2l0aW9uIGNvbmZpZ3VyYXRpb24gZGVwZW5kcyBvbiB3aGV0aGVyIGJpbmQ5IGlzIGNvbmZpZ3VyZWQgdG8gbG9nIHRvCnN5c2xvZywgc2VwYXJhdGUgbG9nIGZpbGVzLCBvciBib3RoLgoKRm9yIGEgc2VwYXJhdGUgbG9nIGZpbGUsIHNldCB0aGUgbG9nIHR5cGUgdG8gYG5hbWVkYDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbmFtZWQvc2VjdXJpdHkubG9nCmxhYmVsczoKICB0eXBlOiBuYW1lZApgYGAKCklmIHlvdSBhcmUgdXNpbmcgc3lzbG9nLCBzZXQgdHlwZSB0byBgc3lzbG9nYCBpbnN0ZWFkLgo=", "content": "cGFyc2VyczoKICAtIG1zdGlsa2VyaWNoL2JpbmQ5LWxvZ3MKc2NlbmFyaW9zOgogIC0gbXN0aWxrZXJpY2gvYmluZDktcmVmdXNlZApkZXNjcmlwdGlvbjogImJpbmQ5IHN1cHBvcnQgOiBzZWN1cml0eSBwb2xpY3kgdmlvbGF0aW9ucyBkZXRlY3Rpb24iCmF1dGhvcjogbXN0aWxrZXJpY2gKdGFnczoKICAtIGxpbnV4Cg==", "description": "bind9 support : security policy violations detection", "author": "mstilkerich", "labels": null, "parsers": [ "mstilkerich/bind9-logs" ], "scenarios": [ "mstilkerich/bind9-refused" ] }, "mwinters-stuff/mailu-admin": { "path": "collections/mwinters-stuff/mailu-admin.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a3921dac9fd22d94069f6ae0dabaf00b26777e36467100077e3c1b3336c86d52", "deprecated": false }, "0.2": { "digest": "166621702256cf4adc70f359ec7a6921ef139bd26f10699d77a4abeb6a487487", "deprecated": false } }, "long_description": "Q29sbGVjdGlvbiBmb3IgdGhlIG1haWx1IGFkbWluIGNvbnRhaW5lciBwYXJzZXIgYW5kIHNlY2VuYXJpby4KCk1haWx1IGlzIGEgc2ltcGxlIHlldCBmdWxsLWZlYXR1cmVkIG1haWwgc2VydmVyIGFzIGEgc2V0IG9mIERvY2tlciBpbWFnZXMuIAoKVGhpcyBjb2xsZWN0aW9uIGlkZW50aWZpZXMgdGhlIG1haWx1LWFkbWluIGNvbnRhaW5lciBsb2dzIHRoYXQgc2hvdwp3aGVuIGxvZ2luIGF0dGVtcHRzIChicnV0ZSBmb3JjZSkgYXJlIHJhdGUgbGltaXRlZC4KV2Vic2l0ZTogaHR0cHM6Ly9tYWlsdS5pbwoKCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBtYWlsdS9hZG1pbgpsYWJlbHM6CiAgdHlwZTogbWFpbHUtYWRtaW4KYGBgCg==", "content": "cGFyc2VyczoKICAtIG13aW50ZXJzLXN0dWZmL21haWx1LWFkbWluLWxvZ3MKc2NlbmFyaW9zOgogIC0gbXdpbnRlcnMtc3R1ZmYvbWFpbHUtYWRtaW4tYmYKZGVzY3JpcHRpb246ICJtYWlsdSBhZG1pbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBzY2VuYXJpbyIKYXV0aG9yOiBtd2ludGVycy1zdHVmZgp0YWdzOgogIC0gbGludXgKICAtIG1haWx1Cg==", "description": "mailu admin support : parser and scenario", "author": "mwinters-stuff", "labels": null, "parsers": [ "mwinters-stuff/mailu-admin-logs" ], "scenarios": [ "mwinters-stuff/mailu-admin-bf" ] }, "openappsec/openappsec": { "path": "collections/openappsec/openappsec.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c940f93ab8715abf6788e3052596e1c279ae59689d50aaecc4be693e05b603a2", "deprecated": false } }, "long_description": "IyMgT3Blbi1hcHBzZWMgY29sbGVjdGlvbgoKQSBjb2xsZWN0aW9uIGZvciBvcGVuLWFwcHNlYyB0aGF0IGFsbG93IHRvIGJhbiBJUHMgdGhhdCBtYWRlIHJlcXVlc3RzIHRoYXQgb3Blbi1hcHBzZWMgYmxvY2tlZCBpbiB0aGUgd2FmLgpUaGlzIGNvbGxlY3Rpb24gaGFuZGxlIG1vc3Qgb2YgdGhlIGB3YWFwSW5jaWRlbnRUeXBlYCB0aGF0IG9wZW4tYXBwc2VjIGNhbiBnZW5lcmF0ZS4KIC0gYFNRTCBJbmplY3Rpb25gCiAtIGBQYXRoIFRyYXZlcnNhbGAKIC0gYExEQVAgSW5qZWN0aW9uYAogLSBgUmVtb3RlIENvZGUgRXhlY3V0aW9uYAogLSBgVnVsbmVyYWJpbGl0eSBTY2FubmluZ2AKIC0gYENyb3NzIFNpdGUgU2NyaXB0aW5nYAogLSBgWE1MIEV4dGVybmFsIEVudGl0eWAKIC0gYEV2YXNpb24gVGVjaG5pcXVlc2AKIC0gYEdlbmVyYWxgCiAtIGBVUkwgaW5zdGVhZCBvZiBmaWxlYAogLSBgQ3Jvc3MgU2l0ZSBSZXF1ZXN0IEZvcmdlcnlgCiAtIGBDcm9zcyBTaXRlIFJlZGlyZWN0YAogLSBgT3BlbiBSZWRpcmVjdGAKIC0gYFNjaGVtYSBWYWxpZGF0aW9uYAogLSBgQm90IFByb3RlY3Rpb25gCiAtIGBFcnJvciBEaXNjbG9zdXJlYAogLSBgRXJyb3IgTGltaXRgCiAtIGBJbGxlZ2FsIGh0dHAgbWV0aG9kIHZpb2xhdGlvbmAKIC0gYEh0dHAgbGltaXQgdmlvbGF0aW9uYAogLSBgUmVxdWVzdCBSYXRlIExpbWl0YAoKCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbApzb3VyY2U6IGZpbGUKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbmFub19hZ2VudC9jcC1uYW5vLWh0dHAtdHJhbnNhY3Rpb24taGFuZGxlci5sb2cqCmxhYmVsczoKICB0eXBlOiBvcGVuYXBwc2VjCmBgYA==", "content": "cGFyc2VyczoKICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy1sb2dzCnNjZW5hcmlvczoKICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy1sZGFwLWluamVjdGlvbgogIC0gb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXBhdGgtdHJhdmVyc2FsCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtcHJvYmluZwogIC0gb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXJjZQogIC0gb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXNxbC1pbmplY3Rpb24KICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy14c3MKICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy14eGUKICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy11cmwtaW5zdGVhZC1vZi1maWxlCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtc2NoZW1hLXZhbGlkYXRpb24KICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy1yZXF1ZXN0LXJhdGUtbGltaXQKICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy1vcGVuLXJlZGlyZWN0CiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtaHR0cC1tZXRob2QtdmlvbGF0aW9uCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtaHR0cC1saW1pdC12aW9sYXRpb24KICAtIG9wZW5hcHBzZWMvb3BlbmFwcHNlYy1nZW5lcmFsCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtZXZhc2lvbi10ZWNobmlxdWVzCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtZXJyb3ItZGlzY2xvc3VyZQogIC0gb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWVycm9yLWxpbWl0CiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtY3NyZgogIC0gb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWJvdC1wcm90ZWN0aW9uCiAgLSBvcGVuYXBwc2VjL29wZW5hcHBzZWMtY3Jvc3Mtc2l0ZS1yZWRpcmVjdApkZXNjcmlwdGlvbjogIm9wZW4tYXBwc2VjIHN1cHBvcnQgOiBvcGVuLWFwcHNlYyBwYXJzZXIgYW5kIHNjZW5hcmlvcyIKYXV0aG9yOiBvcGVuYXBwc2VjCnRhZ3M6CiAgLSBsaW51eAogIC0gd2ViCiAgLSB3YWY=", "description": "open-appsec support : open-appsec parser and scenarios", "author": "openappsec", "labels": null, "parsers": [ "openappsec/openappsec-logs" ], "scenarios": [ "openappsec/openappsec-ldap-injection", "openappsec/openappsec-path-traversal", "openappsec/openappsec-probing", "openappsec/openappsec-rce", "openappsec/openappsec-sql-injection", "openappsec/openappsec-xss", "openappsec/openappsec-xxe", "openappsec/openappsec-url-instead-of-file", "openappsec/openappsec-schema-validation", "openappsec/openappsec-request-rate-limit", "openappsec/openappsec-open-redirect", "openappsec/openappsec-http-method-violation", "openappsec/openappsec-http-limit-violation", "openappsec/openappsec-general", "openappsec/openappsec-evasion-techniques", "openappsec/openappsec-error-disclosure", "openappsec/openappsec-error-limit", "openappsec/openappsec-csrf", "openappsec/openappsec-bot-protection", "openappsec/openappsec-cross-site-redirect" ] }, "schiz0phr3ne/prowlarr": { "path": "collections/schiz0phr3ne/prowlarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "3b125f7cb02336af4db16850ba14589f3976f4a9907ac18d568e50a61d6b1bbf", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtQcm93bGFycl0oaHR0cHM6Ly9naXRodWIuY29tL1Byb3dsYXJyL1Byb3dsYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBQcm93bGFyciBwYXJzZXIKIC0gUHJvd2xhcnIgYnJ1dGUtZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb246CmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCmBgYApEZXBlbmRpbmcgb24geW91ciBpbnN0YWxsYXRpb24gbWV0aG9kLCB5b3UgbWF5IG5lZWQgdG8gY2hhbmdlIHRoZSBhY3F1aXNpdGlvbiB0ZW1wbGF0ZS4K", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9wcm93bGFyci1sb2dzCnNjZW5hcmlvczoKICAtIHNjaGl6MHBocjNuZS9wcm93bGFyci1iZgpkZXNjcmlwdGlvbjogIlByb3dsYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gcHJvd2xhcnIK", "description": "Prowlarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/prowlarr-logs" ], "scenarios": [ "schiz0phr3ne/prowlarr-bf" ] }, "schiz0phr3ne/radarr": { "path": "collections/schiz0phr3ne/radarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "577bcb650cb6069a638290703064efa15884614a3ba4736feae2adc37033a4dd", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtSYWRhcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9SYWRhcnIvUmFkYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBSYWRhcnIgcGFyc2VyCiAtIFJhZGFyciBicnV0ZS1mb3JjZSAmIGVudW1lcmF0aW9uIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0Kc291cmNlOiBmaWxlCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvc3lzbG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHlvdSBtYXkgbmVlZCB0byBjaGFuZ2UgdGhlIGFjcXVpc2l0aW9uIHRlbXBsYXRlLgo=", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9yYWRhcnItbG9ncwpzY2VuYXJpb3M6CiAgLSBzY2hpejBwaHIzbmUvcmFkYXJyLWJmCmRlc2NyaXB0aW9uOiAiUmFkYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gcmFkYXJyCg==", "description": "Radarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/radarr-logs" ], "scenarios": [ "schiz0phr3ne/radarr-bf" ] }, "schiz0phr3ne/sonarr": { "path": "collections/schiz0phr3ne/sonarr.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5a354d90be668eccf6b4c63e176778cb732c01641738a0b4a350ad3556c1fc3b", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtTb25hcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9Tb25hcnIvU29uYXJyKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBTb25hcnIgcGFyc2VyCiAtIFNvbmFyciBicnV0ZS1mb3JjZSAmIGVudW1lcmF0aW9uIGRldGVjdGlvbgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0Kc291cmNlOiBmaWxlCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvc3lzbG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHlvdSBtYXkgbmVlZCB0byBjaGFuZ2UgdGhlIGFjcXVpc2l0aW9uIHRlbXBsYXRlLgo=", "content": "cGFyc2VyczoKICAtIHNjaGl6MHBocjNuZS9zb25hcnItbG9ncwpzY2VuYXJpb3M6CiAgLSBzY2hpejBwaHIzbmUvc29uYXJyLWJmCmRlc2NyaXB0aW9uOiAiU29uYXJyIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9ucyIKYXV0aG9yOiBzY2hpejBwaHIzbmUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gc29uYXJyCg==", "description": "Sonarr support: parser and brute-force detections", "author": "schiz0phr3ne", "labels": null, "parsers": [ "schiz0phr3ne/sonarr-logs" ], "scenarios": [ "schiz0phr3ne/sonarr-bf" ] }, "thespad/sshesame": { "path": "collections/thespad/sshesame.yaml", "version": "0.1", "versions": { "0.1": { "digest": "761e58fae8abf3b8093560273f10dfca4f6681a01ba7e5a41b869b39b10dbfef", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gcGFyc2Ugc3NoZXNhbWUgaG9uZXlwb3QgbG9ncy4KCiogc3NoZXNhbWUgbG9nIHBhcnNlcgoqIHNzaGVzYW1lIGxvZ2luIGFuZCBjb21tYW5kIHNjZW5hcmlvcwoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc3NoZXNhbWUubG9nCmxhYmVsczoKICB0eXBlOiBzc2hlc2FtZQpgYGAKCiMjIE5vdGVzCgoqIFRoZSBwYXJzZXIgZXhwZWN0cyBzc2hlc2FtZSBsb2cgdGltZXN0YW1wcyB0byBiZSBlbmFibGVkCiogVGhlIGNvbW1hbmQgc2NlbmFyaW8gd2lsbCBpbW1lZGlhdGVseSBvdmVyZmxvdyBvbiBhbnkgY29tbWFuZCByZWNlaXZlZCBmcm9tIGEgcmVtb3RlIGNsaWVudAo=", "content": "cGFyc2VyczoKICAtIHRoZXNwYWQvc3NoZXNhbWUtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9kYXRlcGFyc2UtZW5yaWNoCnNjZW5hcmlvczoKICAtIHRoZXNwYWQvc3NoZXNhbWUtaG9uZXlwb3QKZGVzY3JpcHRpb246ICJDb2xsZWN0aW9uIGZvciBzc2hlc2FtZSBTU0ggaG9uZXlwb3QiCmF1dGhvcjogdGhlc3BhZAp0YWdzOgogIC0gc3NoZXNhbWUKICAtIHNzaAo=", "description": "Collection for sshesame SSH honeypot", "author": "thespad", "labels": null, "parsers": [ "thespad/sshesame-logs", "crowdsecurity/dateparse-enrich" ], "scenarios": [ "thespad/sshesame-honeypot" ] }, "timokoessler/gitlab": { "path": "collections/timokoessler/gitlab.yaml", "version": "0.1", "versions": { "0.1": { "digest": "41638aa525b599bf4cef982cf833362d6c698a8fe780d21534800dcf3dd7f7de", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtHaXRMYWJdKGh0dHBzOi8vYWJvdXQuZ2l0bGFiLmNvbSkgV2ViIFVJIGFnYWluc3QgY29tbW9uIGF0dGFja3M6CiAtIEdpdExhYiBwYXJzZXIKIC0gR2l0TGFiIGJydXRlLWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgpUZXN0ZWQgd2l0aCB0aGUgT21uaWJ1cyBwYWNrYWdlIHYxNCBhbmQgdjE1LgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbjoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9naXRsYWIvZ2l0bGFiLXJhaWxzL3Byb2R1Y3Rpb25fanNvbi5sb2cKbGFiZWxzOgogIHR5cGU6IGdpdGxhYgpgYGAKCm9yIGZvciBEb2NrZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogZ2l0bGFiCmBgYApEZXBlbmRpbmcgb24geW91ciBnaXRsYWIgaW5zdGFsbGF0aW9uIG1ldGhvZCwgcGF0aHMgdG8gbG9nIGZpbGVzIG1pZ2h0IGNoYW5nZS4KVGlwOiBEb24ndCBmb3JnZXQgdG8gYWRkIEdpdExhYnMgTmdpbnggbG9ncyB0byBDcm93ZFNlYy4=", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci9naXRsYWItbG9ncwpzY2VuYXJpb3M6CiAgLSB0aW1va29lc3NsZXIvZ2l0bGFiLWJmCmRlc2NyaXB0aW9uOiAiR2l0TGFiIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSBnaXRsYWI=", "description": "GitLab support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/gitlab-logs" ], "scenarios": [ "timokoessler/gitlab-bf" ] }, "timokoessler/mongodb": { "path": "collections/timokoessler/mongodb.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5b2ea020a1ac45b47a5b5981c6d913d52c83acb72bdd26b704b1b2c722f5a394", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbTW9uZ29EQl0oaHR0cHM6Ly93d3cubW9uZ29kYi5jb20vKSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBNb25nb0RCIHBhcnNlcgogLSBNb25nb0RCIGJydXRlLWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgpNb25nb0RCIHZlcnNpb24gNC40IG9yIGhpZ2hlciBpcyByZXF1aXJlZC4KCiMjIEFjcXVpc2l0aW9uIHRlbXBsYXRlCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGRvY2tlciBjb250YWluZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogbW9uZ29kYgpgYGAKCm9yIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL21vbmdvZGIvbW9uZ29kYi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vbmdvZGIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2Uu", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci9tb25nb2RiLWxvZ3MKc2NlbmFyaW9zOgogIC0gdGltb2tvZXNzbGVyL21vbmdvZGItYmYKZGVzY3JpcHRpb246ICJNb25nb0RCIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSBtb25nb2Ri", "description": "MongoDB support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/mongodb-logs" ], "scenarios": [ "timokoessler/mongodb-bf" ] }, "timokoessler/uptime-kuma": { "path": "collections/timokoessler/uptime-kuma.yaml", "version": "0.1", "versions": { "0.1": { "digest": "1168b907ae5a3817d3f6fdaa685a4e2bab130a92242cdb3a46dbe8923ae52022", "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB5b3VyIFtVcHRpbWUgS3VtYV0oaHR0cHM6Ly9naXRodWIuY29tL2xvdWlzbGFtL3VwdGltZS1rdW1hKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzOgogLSBVcHRpbWUgS3VtYSBwYXJzZXIKIC0gVXB0aW1lIEt1bWEgYnJ1dGUtZm9yY2UgJiBlbnVtZXJhdGlvbiBkZXRlY3Rpb24KCioqVXB0aW1lIEt1bWEgdmVyc2lvbiAxLjE1LjAgb3IgaGlnaGVyIGlzIHJlcXVpcmVkLioqCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uOgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gbXlfY29udGFpbmVyX25hbWUKbGFiZWxzOgogIHR5cGU6IHVwdGltZS1rdW1hCmBgYApEZXBlbmRpbmcgb24geW91ciBpbnN0YWxsYXRpb24gbWV0aG9kLCB5b3UgbWF5IG5lZWQgdG8gY2hhbmdlIHRoZSBhY3F1aXNpdGlvbiB0ZW1wbGF0ZS4=", "content": "cGFyc2VyczoKICAtIHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1sb2dzCnNjZW5hcmlvczoKICAtIHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1iZgpkZXNjcmlwdGlvbjogIlVwdGltZSBLdW1hIHN1cHBvcnQ6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IHRpbW9rb2Vzc2xlcgp0YWdzOgogIC0gbGludXgKICAtIGJydXRlLWZvcmNlCiAgLSB1cHRpbWUta3VtYQ==", "description": "Uptime Kuma support: parser and brute-force detection", "author": "timokoessler", "labels": null, "parsers": [ "timokoessler/uptime-kuma-logs" ], "scenarios": [ "timokoessler/uptime-kuma-bf" ] }, "xs539/bookstack": { "path": "collections/xs539/bookstack.yml", "version": "0.1", "versions": { "0.1": { "digest": "c8033c7adcf79cb88650944dd5d86c799660b7d74ec5b33e7942d7a5a7f94d14", "deprecated": false } }, "long_description": "IyMgQm9va3N0YWNrIGNvbGxlY3Rpb24KCkEgY29sbGVjdGlvbiB0byBkZWZlbmQgQm9va3N0YWNrIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBib29rc3RhY2sgZmFpbGVkIGxvZ2luCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gZm9yIHRoaXMgY29sbGVjdGlvbiA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2Jvb2tzdGFjay5sb2cKbGFiZWxzOgogIHR5cGU6IGJvb2tzdGFjawotLS0KYGBgCgpub3RlcyA6CiAtIFlvdSB3aWxsIG5lZWQgdG8gZW5hYmxlIFtGYWlsZWQgQWNjZXNzIExvZ2dpbmddKGh0dHBzOi8vd3d3LmJvb2tzdGFja2FwcC5jb20vZG9jcy9hZG1pbi9zZWN1cml0eS8jZmFpbGVkLWFjY2Vzcy1sb2dnaW5nKSAob2ZmIGJ5IGRlZmF1bHQpIAo=", "content": "cGFyc2VyczoKICAtIHhzNTM5L2Jvb2tzdGFjay1sb2dzCnNjZW5hcmlvczoKICAtIHhzNTM5L2Jvb2tzdGFjay1iZgpkZXNjcmlwdGlvbjogIkJvb2tzdGFjayBTdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogeHM1MzkKdGFnczoKICAtIEJvb2tzdGFjaw==", "description": "Bookstack Support : parser and brute-force detection", "author": "xs539", "labels": null, "parsers": [ "xs539/bookstack-logs" ], "scenarios": [ "xs539/bookstack-bf" ] }, "xs539/joplin-server": { "path": "collections/xs539/joplin-server.yml", "version": "0.1", "versions": { "0.1": { "digest": "dce7649eb24f0155bcdc443bfd26d88eb25ebe8a5d0775c66be08838e9d48db3", "deprecated": false } }, "long_description": "IyMgSm9wbGluIHNlcnZlciBjb2xsZWN0aW9uCgpBIGNvbGxlY3Rpb24gdG8gZGVmZW5kIEpvcGxpbiBzZXJ2ZXIgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIEpvcGxpbiBzZXJ2ZXIgZmFpbGVkIGxvZ2luCgoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCkV4YW1wbGUgYWNxdWlzaXRpb24gY29uZmlnOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2pvcGxpbi1zZXJ2ZXIubG9nCmxhYmVsczoKICB0eXBlOiBqb3BsaW4tc2VydmVyCi0tLQpgYGA=", "content": "cGFyc2VyczoKICAtIHhzNTM5L2pvcGxpbi1zZXJ2ZXItbG9ncwpzY2VuYXJpb3M6CiAgLSB4czUzOS9qb3BsaW4tc2VydmVyLWJmCmRlc2NyaXB0aW9uOiAiSm9wbGluIFNlcnZlciBTdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogeHM1MzkKdGFnczoKICAtIEpvcGxpbg==", "description": "Joplin Server Support : parser and brute-force detection", "author": "xs539", "labels": null, "parsers": [ "xs539/joplin-server-logs" ], "scenarios": [ "xs539/joplin-server-bf" ] } }, "contexts": { "crowdsecurity/appsec_base": { "path": "contexts/crowdsecurity/appsec_base.yaml", "version": "0.1", "versions": { "0.1": { "digest": "df177378b9b01c6c8b67ff5085eda9325c67b337e31d60c4ea95f743783a5e24", "deprecated": false } }, "content": "Y29udGV4dDoKICBydWxlczoKICAtIGV2dC5NZXRhLnJ1bGVfbmFtZQo=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/bf_base": { "path": "contexts/crowdsecurity/bf_base.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5b5d0f412ea7da0712fd8e298e9a03642051591adee3817ae529fafa6b66995c", "deprecated": false } }, "content": "I2EgZ2VuZXJpYyBjb250ZXh0IGZvciBicnV0ZWZvcmNlIGJhc2VkIHNjZW5hcmlvcwpjb250ZXh0OgogIHRhcmdldF91c2VyOgogICAgLSBldnQuTWV0YS50YXJnZXRfdXNlcgo=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/firewall_base": { "path": "contexts/crowdsecurity/firewall_base.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c294017b404dcdb7dfbab5df231fd581999a9af6470847add8cba5d79d049053", "deprecated": false }, "0.2": { "digest": "970ff38822f4cbd12321f533d5de42bad2ecef409837ab670e15bf4ce3526935", "deprecated": false } }, "content": "I2EgZ2VuZXJpYyBjb250ZXh0IGZvciBmaXJld2FsbCBiYXNlZCBzY2VuYXJpb3MKY29udGV4dDoKICBkc3RfcG9ydDogI0Rlc3RpbmF0aW9uIHBvcnQgdGhhdCB3YXMgdGFyZ2V0ZWQKICAgIC0gImV2dC5NZXRhLnNlcnZpY2UgaW4gWyd0Y3AnLCAndWRwJ10gPyBldnQuTWV0YS5zZXJ2aWNlICsgJzonICsgZXZ0LlBhcnNlZC5kc3RfcG9ydCA6ICcnIgo=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/http_base": { "path": "contexts/crowdsecurity/http_base.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a8f832e367aa06576e6c552e839b5e61bedfcb8098bd4049c6a0dff06ecab810", "deprecated": false }, "0.2": { "digest": "d0f465d5ff866a91637cd59bc9a18f881bbebf03f8360be9df8182035c927909", "deprecated": false } }, "content": "I3RoaXMgY29udGV4dCBmaWxlIGlzIGludGVuZGVkIHRvIHByb3ZpZGUgbWluaW1hbCBhbmQgdXNlZnVsIGluZm9ybWF0aW9uIGFib3V0IEhUVFAgc2NlbmFyaW9zLgpjb250ZXh0OgogIHRhcmdldF91cmk6CiAgLSBldnQuTWV0YS5odHRwX3BhdGgKICB1c2VyX2FnZW50OgogIC0gZXZ0Lk1ldGEuaHR0cF91c2VyX2FnZW50CiAgbWV0aG9kOgogIC0gZXZ0Lk1ldGEuaHR0cF92ZXJiCiAgc3RhdHVzOgogICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cwo=", "author": "crowdsecurity", "labels": null } }, "parsers": { "Dominic-Wagner/vaultwarden-logs": { "path": "parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "016236c174143284ded1df7e2180c4271b9e7e2e949560aed17b32a00da8c0d6", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6aWRlbnRpdHlcXVxbRVJST1JcXSBVc2VybmFtZSBvciBwYXNzd29yZCBpcyBpbmNvcnJlY3RcLiBUcnkgYWdhaW5cLiBJUDogJXtJUDpzb3VyY2VfaXB9XC4gVXNlcm5hbWU6ICV7RU1BSUxBRERSRVNTOnVzZXJuYW1lfVwuJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6YWRtaW5cXVxbRVJST1JcXSBJbnZhbGlkIGFkbWluIHRva2VuLiBJUDogJXtJUDpzb3VyY2VfaXB9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYWRtaW5fYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cWyV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUiCg==", "description": "Parse vaultwarden logs", "author": "Dominic-Wagner", "labels": null }, "LePresidente/adguardhome-logs": { "path": "parsers/s01-parse/LePresidente/adguardhome-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "52be900eea2c74174042277698eeaba67bb5111452ace2f454471d1eac87fc55", "deprecated": false }, "0.2": { "digest": "41414b5c633037500f61c1ee67f5e2233cb758629468be970180151c523b54f3", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQWRHdWFyZEhvbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9BZGd1YXJkVGVhbS9BZEd1YXJkSG9tZSkgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvQWRHdWFyZEhvbWUubG9nCmxhYmVsczoKICB0eXBlOiBhZGd1YXJkaG9tZQpgYGAKCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBBZEd1YXJkSG9tZQojY29udGFpbmVyX2lkOgojIC0gODQzZWU5MmQyMzFiCmxhYmVsczoKICB0eXBlOiBhZGd1YXJkaG9tZQpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2FkZ3VhcmRob21lLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBhZGd1YXJkaG9tZSBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2FkZ3VhcmRob21lJyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtEQVRFX1g6ZGF0ZX0gJXtUSU1FOnRpbWV9LiogUE9TVCAle0lQfSAvY29udHJvbC9sb2dpbjogZnJvbSBpcCAle0lQOnNvdXJjZV9pcH06IGludmFsaWQgdXNlcm5hbWUgb3IgcGFzc3dvcmQkJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBhZGd1YXJkaG9tZV9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7REFURV9YOmRhdGV9ICV7VElNRTp0aW1lfS4qIFBPU1QgJXtJUDpzb3VyY2VfaXB9IC9jb250cm9sL2xvZ2luOiBpbnZhbGlkIHVzZXJuYW1lIG9yIHBhc3N3b3JkJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYWRndWFyZGhvbWVfZmFpbGVkX2F1dGgKCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBhZGd1YXJkaG9tZQogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUi", "description": "Parse adguardhome logs", "author": "LePresidente", "labels": null }, "LePresidente/authelia-logs": { "path": "parsers/s01-parse/LePresidente/authelia-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "0d1e7a9e74dc9ce035f8bf45f84dbc8d4741b76f4440d663e8354b87f919913b", "deprecated": false }, "0.2": { "digest": "6180a4b745722e87d7cb946dfa8cbd3a2a70949b95c8e159fd4e3470bce944b3", "deprecated": false }, "0.3": { "digest": "62b1b7424d5fc1c5aad1da9307b05e1164d1b0948dc578228b67ba10e534225b", "deprecated": false }, "0.4": { "digest": "0a5fb148353cb12e099b21a52834965140daa22409fab2e4bfb8580e9a67a04a", "deprecated": false }, "0.5": { "digest": "a75c1e4c88511ef40f3d10e086e3a944dbccf20bfb28c6e0a634ffe413bb68f7", "deprecated": false }, "0.6": { "digest": "8654df176520c3b4978e0920e8b56af32116c288e5dd3f145f5e0d885d07f3e6", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQXV0aGVsaWFdKGh0dHBzOi8vd3d3LmF1dGhlbGlhLmNvbSkgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvQXV0aGVsaWEubG9nCmxhYmVsczoKICB0eXBlOiBhdXRoZWxpYQpgYGA=", "content": "ZGVidWc6IGZhbHNlCm5hbWU6IExlUHJlc2lkZW50ZS9hdXRoZWxpYS1sb2dzCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnYXV0aGVsaWEnIgpkZXNjcmlwdGlvbjogIlBhcnNlIEF1dGhlbGlhIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIEFVVEhFTElBX1VTRVI6ICcle0VNQUlMQUREUkVTU318JXtVU0VSTkFNRX0nCm5vZGVzOgogICMjIE1haW4gcGFyc2luZyBzZWN0aW9uIGVpdGhlciBpdCBrZXkgdmFsdWUgcGFpcnMgb3IgSlNPTgogIC0gZmlsdGVyOiBUcmltU3BhY2UoZXZ0LlBhcnNlZC5tZXNzYWdlKSBub3Qgc3RhcnRzV2l0aCAieyIgJiYgUGFyc2VLVihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgImF1dGhlbGlhIikgaW4gWyIiLCBuaWxdCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ19mb3JtYXQKICAgICAgICB2YWx1ZTogQ0xGCiAgLSBmaWx0ZXI6IGV2dC5Vbm1hcnNoYWxlZC5hdXRoZWxpYSA9PSBuaWwgJiYgVW5tYXJzaGFsSlNPTihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgImF1dGhlbGlhIikgaW4gWyIiLCBuaWxdCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ19mb3JtYXQKICAgICAgICB2YWx1ZTogSlNPTgoKICAjIyBEZXRlY3QgbXNnIGNvbnRhbnMgYXV0aGVudGljYXRpb24gYXR0ZW1wdCB0byBwYXJzZSBvdXQgdXNlciBpbmZvCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtXT1JEOmF1dGhfc3RhdHVzfSAoMUZBfER1b3xUT1RQKSBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IChtYWRlICk/YnkgdXNlciAnJXtBVVRIRUxJQV9VU0VSOnVzZXJ9JyIgCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdXRoZWxpYS5tc2cKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICBleHByZXNzaW9uOiAnZXZ0LlBhcnNlZC5hdXRoX3N0YXR1cyA9PSAiVW5zdWNjZXNzZnVsIiA/ICJhdXRoX2ZhaWxlZCIgOiAiYXV0aF9zdWNjZXNzIicKCiAgIyMgVGhpcyBzZWN0aW9uIGlzIGEgaGFjayB0byBhbGxvdyBhbGwgYXV0aGVsaWEgbG9ncyB0byBwYXNzIHRvIG5leHQgc3RhZ2UsIGlmIHlvdSBzZXQgb25zdWNjZXNzIG5leHQgc3RhZ2UgYXQgcm9vdCBsZXZlbCBhbGwgc3VjY2Vzc2Z1bCBhdHRlbXB0cyB3aWxsIG5vdCBiZSBwYXNzZWQsIHNvIHdlIGNvdWxkIGRvIHNvbWUgaW1wb3NzaWJsZSB0cmF2ZSBzY2VhbnJpb3MKICAtIGZpbHRlcjogZXZ0LlVubWFyc2hhbGVkLmF1dGhlbGlhICE9IG5pbAogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgICB2YWx1ZTogYXV0aGVsaWEKc3RhdGljczoKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuYXV0aGVsaWEudGltZQogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1dGhlbGlhLnJlbW90ZV9pcAo=", "description": "Parse Authelia logs", "author": "LePresidente", "labels": null }, "LePresidente/emby-logs": { "path": "parsers/s01-parse/LePresidente/emby-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "e4721455bd2732edce9a185498f865f42eaa945c76de2fc62666ecbcc8257aff", "deprecated": false }, "0.2": { "digest": "a059a5f6bd938262e7775f158a6a4fe0902ae44e0f4d853285613553be7ea236", "deprecated": false }, "0.3": { "digest": "60d30153bb280d5f3dfe1c16b3094e7e043200c379b7667b8fe1c19dba653978", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbZW1ieV0oaHR0cHM6Ly9lbWJ5Lm1lZGlhKSBMb2dzLgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9lbWJ5c2VydmVyLnR4dApsYWJlbHM6CiAgdHlwZTogZW1ieQpgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2VtYnktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGVtYnkgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdlbWJ5JyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9Lio/QVVUSC1FUlJPUjogJXtJUDpzb3VyY2VfaXB9IC0gSW52YWxpZCB1c2VybmFtZSBvciBwYXNzd29yZCBlbnRlcmVkXC4kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBlbWJ5X2ZhaWxlZF9hdXRoCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBlbWJ5CiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse emby logs", "author": "LePresidente", "labels": null }, "LePresidente/gitea-logs": { "path": "parsers/s01-parse/LePresidente/gitea-logs.yaml", "stage": "s01-parse", "version": "0.7", "versions": { "0.1": { "digest": "61733cf559c01d68ad3ee7d571c836273a0f26e03d1ac7d3b6c5f80783f802de", "deprecated": false }, "0.2": { "digest": "784d48685704bc9645dd7ee8bd9fa96b7c0dcdd3234cab06fc51770e21e44312", "deprecated": false }, "0.3": { "digest": "67f28ca6777dd1e64723ed3e6a70624d371f3ddd780e5f8fea5c9fa447441c55", "deprecated": false }, "0.4": { "digest": "23eb7133e86141d6cedc0b37ec89c43f7a4843b767d0b0c6b565be148040add7", "deprecated": false }, "0.5": { "digest": "463f551deeea42713d1b5e15767ac5da484bb65dbf951eddba53059899fd4ab6", "deprecated": false }, "0.6": { "digest": "99503f178fab36023d24660674b19059cb903dcbf11d516fa9acaec26185d3a0", "deprecated": false }, "0.7": { "digest": "4586255da9713d8ef92253fdcc4a70d475c70e4fa222c0c205a2d7120afea768", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbR2l0ZWFdKGh0dHBzOi8vZ2l0ZWEuaW8pIExvZ3MuCgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGVhLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0ZWEKYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2dpdGVhLWxvZ3MKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdnaXRlYSciCmRlc2NyaXB0aW9uOiAiUGFyc2UgZ2l0ZWEgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgR0lURUFfQ1VTVE9NVVNFUjogIigle0VNQUlMQUREUkVTU318JXtVU0VSTkFNRX0pIgogIEdJVEVBX0NVU1RPTURBVEU6ICIle0RBVEVfWH0gJXtUSU1FfSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7R0lURUFfQ1VTVE9NREFURTp0aW1lc3RhbXB9Lio/RmFpbGVkIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgZm9yICV7R0lURUFfQ1VTVE9NVVNFUjp1c2VybmFtZX0gZnJvbSAle0lQOnJlbW90ZV9pcH06JXtOVU1CRVI6cmVtb3RlX3BvcnR9LiogdXNlciBkb2VzIG5vdCBleGlzdCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogZ2l0ZWFfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtHSVRFQV9DVVNUT01EQVRFOnRpbWVzdGFtcH0uKj9GYWlsZWQgYXV0aGVudGljYXRpb24gYXR0ZW1wdCBmb3IgJXtHSVRFQV9DVVNUT01VU0VSOnVzZXJuYW1lfSBmcm9tIFxbJXtJUDpyZW1vdGVfaXB9XF0uKiB1c2VyIGRvZXMgbm90IGV4aXN0JyAKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogZ2l0ZWFfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtHSVRFQV9DVVNUT01EQVRFOnRpbWVzdGFtcH0uKj9GYWlsZWQgYXV0aGVudGljYXRpb24gYXR0ZW1wdCBmcm9tICV7SVA6cmVtb3RlX2lwfTole05VTUJFUjpyZW1vdGVfcG9ydH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGdpdGVhX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7R0lURUFfQ1VTVE9NREFURTp0aW1lc3RhbXB9Lio/RmFpbGVkIGF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgZnJvbSBcWyV7SVA6cmVtb3RlX2lwfVxdJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBnaXRlYV9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIl4le0dJVEVBX0NVU1RPTURBVEU6dGltZXN0YW1wfS4qP0ZhaWxlZCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGZvciAle0dJVEVBX0NVU1RPTVVTRVI6dXNlcm5hbWV9IGZyb20gJXtJUDpyZW1vdGVfaXB9OiV7TlVNQkVSOnJlbW90ZV9wb3J0fS4qIHVzZXIncyBwYXNzd29yZCBpcyBpbnZhbGlkIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBnaXRlYV9mYWlsZWRfYXV0aAoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogZ2l0ZWEKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2lwIgo=", "description": "Parse gitea logs", "author": "LePresidente", "labels": null }, "LePresidente/grafana-logs": { "path": "parsers/s01-parse/LePresidente/grafana-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "48c4f8429a9f158676fe5a9aef3fe32f3cd4972072a085527e773b9042385f95", "deprecated": false }, "0.2": { "digest": "dee3c33a24ca056cf3106bdfbf6ab9535160d607f276a0c0bf9026645430cd51", "deprecated": false }, "0.3": { "digest": "f0383cee1040d2b1a43e32d7849be73e14cf56f568c8a713c7a8305e717b1e2c", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbR3JhZmFuYV0oaHR0cHM6Ly9ncmFmYW5hLmNvbSkgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvZ3JhZmFuYS9ncmFmYW5hLmxvZwpsYWJlbHM6CiAgdHlwZTogZ3JhZmFuYQpgYGAKCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBncmFmYW5hCiNjb250YWluZXJfaWQ6CiMgLSA4NDNlZTkyZDIzMWIKbGFiZWxzOgogIHR5cGU6IGdyYWZhbmEKYGBg", "content": "I2RlYnVnOiBmYWxzZQpuYW1lOiBMZVByZXNpZGVudGUvZ3JhZmFuYS1sb2dzCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZ3JhZmFuYSciCmRlc2NyaXB0aW9uOiAiUGFyc2UgZ3JhZmFuYSBsb2dzIgpub2RlczoKICAjIyBNYWluIHBhcnNpbmcgc2VjdGlvbiBlaXRoZXIgaXQga2V5IHZhbHVlIHBhaXJzIG9yIEpTT04KICAtIGZpbHRlcjogVHJpbVNwYWNlKGV2dC5QYXJzZWQubWVzc2FnZSkgbm90IHN0YXJ0c1dpdGggInsiICYmIFBhcnNlS1YoZXZ0LlBhcnNlZC5tZXNzYWdlLCBldnQuVW5tYXJzaGFsZWQsICJncmFmYW5hIikgaW4gWyIiLCBuaWxdCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ19mb3JtYXQKICAgICAgICB2YWx1ZTogQ0xGCiAgLSBmaWx0ZXI6IGV2dC5Vbm1hcnNoYWxlZC5ncmFmYW5hID09IG5pbCAmJiBVbm1hcnNoYWxKU09OKGV2dC5QYXJzZWQubWVzc2FnZSwgZXZ0LlVubWFyc2hhbGVkLCAiZ3JhZmFuYSIpIGluIFsiIiwgbmlsXQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfZm9ybWF0CiAgICAgICAgdmFsdWU6IEpTT04KCiAjIyBEZXRlY3QgbXNnIGNvbnRhbnMgYXV0aGVudGljYXRpb24gYXR0ZW1wdCB0byBwYXJzZSBvdXQgdXNlciBpbmZvCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtXT1JEOmF1dGhfc3RhdHVzfSggdXNlcm5hbWUgb3IgcGFzc3dvcmQpPyIgCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5ncmFmYW5hLm1zZwogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIGV4cHJlc3Npb246ICdldnQuUGFyc2VkLmF1dGhfc3RhdHVzID09ICJVbmF1dGhvcml6ZWQiIHx8IGV2dC5QYXJzZWQuYXV0aF9zdGF0dXMgPT0gIkludmFsaWQiICA/ICJhdXRoX2ZhaWxlZCIgOiAiYXV0aF9zdWNjZXNzIicKCiAgIyMgVGhpcyBzZWN0aW9uIGlzIGEgaGFjayB0byBhbGxvdyBhbGwgZ3JhZmFuYSBsb2dzIHRvIHBhc3MgdG8gbmV4dCBzdGFnZSwgaWYgeW91IHNldCBvbnN1Y2Nlc3MgbmV4dCBzdGFnZSBhdCByb290IGxldmVsIGFsbCBzdWNjZXNzZnVsIGF0dGVtcHRzIHdpbGwgbm90IGJlIHBhc3NlZCwgc28gd2UgY291bGQgZG8gc29tZSBpbXBvc3NpYmxlIHRyYXZlIHNjZWFucmlvcwogIC0gZmlsdGVyOiBldnQuVW5tYXJzaGFsZWQuZ3JhZmFuYSAhPSBuaWwKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IGdyYWZhbmEKc3RhdGljczoKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuZ3JhZmFuYS50CiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuZ3JhZmFuYS5yZW1vdGVfYWRkcgo=", "description": "Parse grafana logs", "author": "LePresidente", "labels": null }, "LePresidente/harbor-logs": { "path": "parsers/s01-parse/LePresidente/harbor-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "2f93b00888095bfe2ffe8c69bd4cf7ad33f3ce22c2fd416f5aa8fffb13b29b91", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbSGFyYm9yXShodHRwczovL2dvaGFyYm9yLmlvLykgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvaGFyYm9yL2NvcmUubG9nCmxhYmVsczoKICB0eXBlOiBoYXJib3IKYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmRlYnVnOiBmYWxzZQpuYW1lOiBMZVByZXNpZGVudGUvaGFyYm9yLWxvZ3MKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdoYXJib3InIgpkZXNjcmlwdGlvbjogIlBhcnNlIEhhcmJvciBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBIQVJCT1JfQ1VTVE9NVVNFUjogIigle0VNQUlMQUREUkVTU318JXtVU0VSTkFNRX0pIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcuKmNvcmVcWyV7R1JFRURZREFUQTpQSUR9XF06ICV7UkZDMzMzOTp0aW1lc3RhbXB9IFxbJXtHUkVFRFlEQVRBOkVSUk9SfVxdIC4qXFtjbGllbnQgSVA9IiV7SVA6cmVtb3RlX2lwfSwgJXtJUDppbnRlcm5hbF9pcH0iLipmYWlsZWQgdG8gYXV0aGVudGljYXRlIHVzZXI6JXtIQVJCT1JfQ1VTVE9NVVNFUjp1c2VybmFtZX0sIGVycm9yOkZhaWxlZCB0byBhdXRoZW50aWNhdGUgdXNlciwgZHVlIHRvIGVycm9yIFxTSW52YWxpZCBjcmVkZW50aWFsc1xTJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBoYXJib3JfZmFpbGVkX2F1dGgKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogaGFyYm9yCiAgICAtIG1ldGE6IHVzZXIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlcm5hbWUiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9pcCI=", "description": "Parse Harbor logs", "author": "LePresidente", "labels": null }, "LePresidente/jellyfin-logs": { "path": "parsers/s01-parse/LePresidente/jellyfin-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "84040848391d95ee8157b897936c52044ebf1c617fb7afb7b5dacbdc23cf0026", "deprecated": false }, "0.2": { "digest": "30e1fd118ce846ab35a7948f8f22a80cf8a7687a8eea65f31af1d053a9be7908", "deprecated": false }, "0.3": { "digest": "9752de75a0ee0b01a24ea373b9e3728dddcf98bea6c8495d1cf19632bc5ea4a0", "deprecated": false }, "0.4": { "digest": "00711c44397b26c09da3846696c07b7bc9b7c87de7ccce0d80027b15da7c952c", "deprecated": false }, "0.5": { "digest": "054003047bc134d7904ad4528c7701ea92eb8e28f307f37e9d7e3b2d4e4e27cc", "deprecated": false }, "0.6": { "digest": "bd3285739600306f8b92aeeb0f32fbafd3146434746b60ba7344182acd46b1d1", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbSmVsbHlmaW5dKGh0dHBzOi8vamVsbHlmaW4ub3JnKSAgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci9sb2cvamVsbHlmaW4vbG9nXyoubG9nCmxhYmVsczoKICB0eXBlOiBqZWxseWZpbgpgYGAKCioqTm90ZToqKiBJZiB5b3UgYXJlIHVzaW5nIERvY2tlciBsb2dzIChkaXJlY3RseSBvciBzZW5kaW5nIHRoZW0gdG8gYSBzeXNsb2cgc2VydmVyKSwgdGhlIG91dHB1dCBmb3JtYXQgaXMgaW5jb3JyZWN0IGFuZCB3aWxsIG5vdCBtYXRjaC4gIApDcmVhdGUgYSBjb3B5IG9mIGBsb2dnaW5nLmRlZmF1bHQuanNvbmAgdG8gYGxvZ2dpbmcuanNvbmAgaW4gSmVsbHlmaW4gY29uZmlnIGRpcmVjdG9yeSAoaXQgd2lsbCBvdmVycmlkZSB0aGUgbG9nZ2luZy5kZWZhdWx0Lmpzb24pIGFuZCBjaGFuZ2UgdGhlIGNvbnNvbGUgb3V0cHV0IHRlbXBsYXRlIGxpa2UgdGhlIGZvbGxvd2luZyA6ICAKYGBgCi4uLgogICAgICAgICJXcml0ZVRvIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiTmFtZSI6ICJDb25zb2xlIiwKICAgICAgICAgICAgICAgICJBcmdzIjogewogICAgICAgICAgICAgICAgICAgICJvdXRwdXRUZW1wbGF0ZSI6ICJbe1RpbWVzdGFtcDp5eXl5LU1NLWRkIEhIOm1tOnNzLmZmZiB6enp9XSBbe0xldmVsOnUzfV0gW3tUaHJlYWRJZH1dIHtTb3VyY2VDb250ZXh0fToge01lc3NhZ2U6bGp9e05ld0xpbmV9e0V4Y2VwdGlvbn0iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCi4uLgpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5ZmluLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBqZWxseWZpbiBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2plbGx5ZmluJyIKcGF0dGVybl9zeW50YXg6CiAgSkVMTFlGSU5fQ1VTVE9NVVNFUjogIigle0VNQUlMQUREUkVTU318JXtVU0VSTkFNRX0pIgogIEpFTExZRklOX0NVU1RPTURBVEU6ICIle1lFQVJ9LSV7TU9OVEhOVU19LSV7TU9OVEhEQVl9ICV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKFxbJXtKRUxMWUZJTl9DVVNUT01EQVRFOnRpbWVzdGFtcH0uKlxdKT8uKkF1dGhlbnRpY2F0aW9uIHJlcXVlc3QgZm9yICI/JXtKRUxMWUZJTl9DVVNUT01VU0VSOnVzZXJuYW1lfSI/IGhhcyBiZWVuIGRlbmllZCBcKElQOiAiPyV7SVA6c291cmNlX2lwfSI/XCkuKicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogamVsbHlmaW5fZmFpbGVkX2F1dGgKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGplbGx5ZmluCiAgICAtIG1ldGE6IHVzZXIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlcm5hbWUiCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAK", "description": "Parse jellyfin logs", "author": "LePresidente", "labels": null }, "LePresidente/jellyseerr-logs": { "path": "parsers/s01-parse/LePresidente/jellyseerr-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "7d41498c0683ae655c3a6dcd35b9bcd8986cbe73fc4567fd09ffdf12ca3d8176", "deprecated": false }, "0.2": { "digest": "8db12c71262bc7ea91380d2ba1387efbb932c4c384b65945b017201442ca1f18", "deprecated": false }, "0.3": { "digest": "9a045612d84da761d7bbb603a392f3e1fe86ad7f7021a5869a300e79f9656676", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGplbGx5c2VlcnIgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdqZWxseXNlZXJyJyIKcGF0dGVybl9zeW50YXg6CiAgSkVMTFlTRUVSUl9DVVNUT01VU0VSOiAiKCV7RU1BSUxBRERSRVNTfXwle1VTRVJOQU1FfSkiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7UkZDMzMzOTp0aW1lc3RhbXB9LipGYWlsZWQgc2lnbi1pbiBhdHRlbXB0IHVzaW5nIGludmFsaWQgLiogcGFzc3dvcmQuKnsiaXAiOiI6OmZmZmY6JXtJUDpzb3VyY2VfaXB9IiwiZW1haWwiOiIle0pFTExZU0VFUlJfQ1VTVE9NVVNFUjp1c2VybmFtZX0ifScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogamVsbHlzZWVycl9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7UkZDMzMzOTp0aW1lc3RhbXB9LipGYWlsZWQgbG9naW4gYXR0ZW1wdCBmcm9tIHVzZXIgd2l0aCBpbmNvcnJlY3QuKmNyZWRlbnRpYWxzIHsiYWNjb3VudCI6eyJpcCI6Ijo6ZmZmZjole0lQOnNvdXJjZV9pcH0iLCJlbWFpbCI6IiV7SkVMTFlTRUVSUl9DVVNUT01VU0VSOnVzZXJuYW1lfSIsInBhc3N3b3JkIjoiX19SRURBQ1RFRF9fIn19JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBqZWxseXNlZXJyX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtSRkMzMzM5OnRpbWVzdGFtcH0uKkZhaWxlZCBzaWduLWluIGF0dGVtcHQgdXNpbmcgaW52YWxpZCAuKiBwYXNzd29yZC4qeyJpcCI6IiV7SVA6c291cmNlX2lwfSIsImVtYWlsIjoiJXtKRUxMWVNFRVJSX0NVU1RPTVVTRVI6dXNlcm5hbWV9In0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGplbGx5c2VlcnJfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle1JGQzMzMzk6dGltZXN0YW1wfS4qRmFpbGVkIGxvZ2luIGF0dGVtcHQgZnJvbSB1c2VyIHdpdGggaW5jb3JyZWN0LipjcmVkZW50aWFscyB7ImFjY291bnQiOnsiaXAiOiIle0lQOnNvdXJjZV9pcH0iLCJlbWFpbCI6IiV7SkVMTFlTRUVSUl9DVVNUT01VU0VSOnVzZXJuYW1lfSIsInBhc3N3b3JkIjoiX19SRURBQ1RFRF9fIn19JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBqZWxseXNlZXJyX2ZhaWxlZF9hdXRoCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBqZWxseXNlZXJyCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIG1ldGE6IHVzZXIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlcm5hbWUiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse jellyseerr logs", "author": "LePresidente", "labels": null }, "LePresidente/ombi-logs": { "path": "parsers/s01-parse/LePresidente/ombi-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "349a5cf885c37a19465568ffdd1951677c0a9c9657cfa2fcd952d07899b1166d", "deprecated": false }, "0.2": { "digest": "a0cb8745d077d692586d36eb64b052a139666d26bc04f4a48cd72575eab714d1", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbT21iaV0oaHR0cHM6Ly9vbWJpLmlvKSBMb2dzLgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9vbWJpL2xvZy0qLnR4dApsYWJlbHM6CiAgdHlwZTogb21iaQpgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL29tYmktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9tYmkgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdvbWJpJyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9Lio/RmFpbGVkIGxvZ2luIGF0dGVtcHQgYnkgSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG9tYmlfYXV0aF9mYWlsZWQKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG9tYmkKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcA==", "description": "Parse ombi logs", "author": "LePresidente", "labels": null }, "LePresidente/overseerr-logs": { "path": "parsers/s01-parse/LePresidente/overseerr-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "950272a8e13047975401e52f4c4a7f30e422baa6b88251889b24b6601a21c33c", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbT3ZlcnNlZXJyXShodHRwczovL2dpdGh1Yi5jb20vRmFsbGVuYmFnZWwvamVsbHlzZWVycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBvdmVyc2VlcnIKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogb3ZlcnNlZXJyCmBgYA==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL292ZXJzZWVyci1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgT3ZlcnNlZXJyIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnb3ZlcnNlZXJyJyIKcGF0dGVybl9zeW50YXg6CiAgT1ZFUlNFRVJSX0NVU1RPTVVTRVI6ICIoJXtFTUFJTEFERFJFU1N9fCV7VVNFUk5BTUV9KSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7UkZDMzMzOTp0aW1lc3RhbXB9KT8uKkZhaWxlZCBzaWduLWluIGF0dGVtcHQgdXNpbmcgaW52YWxpZCAuKiBwYXNzd29yZC4qeyJpcCI6Ijo6ZmZmZjole0lQOnNvdXJjZV9pcH0iLCJlbWFpbCI6IiV7T1ZFUlNFRVJSX0NVU1RPTVVTRVI6dXNlcm5hbWV9In0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG92ZXJzZWVycl9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle1JGQzMzMzk6dGltZXN0YW1wfSk/LipGYWlsZWQgbG9naW4gYXR0ZW1wdCBmcm9tIHVzZXIgd2l0aCBpbmNvcnJlY3QuKmNyZWRlbnRpYWxzIHsiYWNjb3VudCI6eyJpcCI6Ijo6ZmZmZjole0lQOnNvdXJjZV9pcH0iLCJlbWFpbCI6IiV7T1ZFUlNFRVJSX0NVU1RPTVVTRVI6dXNlcm5hbWV9IiwicGFzc3dvcmQiOiJfX1JFREFDVEVEX18ifX0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG92ZXJzZWVycl9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle1JGQzMzMzk6dGltZXN0YW1wfSk/LipGYWlsZWQgc2lnbi1pbiBhdHRlbXB0IHVzaW5nIGludmFsaWQgLiogcGFzc3dvcmQuKnsiaXAiOiIle0lQOnNvdXJjZV9pcH0iLCJlbWFpbCI6IiV7T1ZFUlNFRVJSX0NVU1RPTVVTRVI6dXNlcm5hbWV9In0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG92ZXJzZWVycl9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle1JGQzMzMzk6dGltZXN0YW1wfSk/LipGYWlsZWQgbG9naW4gYXR0ZW1wdCBmcm9tIHVzZXIgd2l0aCBpbmNvcnJlY3QuKmNyZWRlbnRpYWxzIHsiYWNjb3VudCI6eyJpcCI6IiV7SVA6c291cmNlX2lwfSIsImVtYWlsIjoiJXtPVkVSU0VFUlJfQ1VTVE9NVVNFUjp1c2VybmFtZX0iLCJwYXNzd29yZCI6Il9fUkVEQUNURURfXyJ9fScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogb3ZlcnNlZXJyX2ZhaWxlZF9hdXRoCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG92ZXJzZWVycgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXJuYW1lIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1w", "description": "Parse Overseerr logs", "author": "LePresidente", "labels": null }, "LePresidente/redmine-logs": { "path": "parsers/s01-parse/LePresidente/redmine-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "69f706a808d2a540156b99e97467094be2432943daa8160743f3109862caa9c9", "deprecated": false }, "0.2": { "digest": "ff08869d0519145d891910430ec64e9075185190400c803babc1d67f9ee29b5e", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUmVkbWluZV0oaHR0cHM6Ly93d3cucmVkbWluZS5vcmcpIExvZ3MuCgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3Byb2R1Y3Rpb24ubG9nCmxhYmVsczoKICB0eXBlOiByZWRtaW5lCmBgYAoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIFJlZG1pbmUKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZTogcmVkbWluZQpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogTGVQcmVzaWRlbnRlL3JlZG1pbmUtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHJlZG1pbmUgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdyZWRtaW5lJyIKcGF0dGVybl9zeW50YXg6CiAgUkVETUlORV9DVVNUT01VU0VSOiAiKCV7RU1BSUxBRERSRVNTfXwle1VTRVJOQU1FfSkiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ1xbJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9IC4qXF0gICV7TE9HTEVWRUw6bG9nbGV2ZWx9IC4qOiBGYWlsZWQgbG9naW4gZm9yIFxTJXtSRURNSU5FX0NVU1RPTVVTRVI6dXNlcm5hbWV9XFMgZnJvbSAle0lQOnNvdXJjZV9pcH0gYXQgJXtHUkVFRFlEQVRBOmRhdGV9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiByZWRtaW5lX2ZhaWxlZF9hdXRoCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiByZWRtaW5lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZXN0YW1wICsgXCJaXCIi", "description": "Parse redmine logs", "author": "LePresidente", "labels": null }, "MariuszKociubinski/bitwarden-logs": { "path": "parsers/s01-parse/MariuszKociubinski/bitwarden-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "8c83d0c40242678340f1f96e27ae3e17e9d258ab0cff9b112c8312cec8609995", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnYml0d2FyZGVuJyIKbmFtZTogTWFyaXVzektvY2l1Ymluc2tpL2JpdHdhcmRlbi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgYml0d2FyZGVuIGxvZ3MiCmRlYnVnOiBmYWxzZQpwYXR0ZXJuX3N5bnRheDoKICBCSVRXQVJERU5fRkFJTEVEX0xPR0lOOiAnXiV7RVhJTV9EQVRFOnRpbWVzdGFtcH0uKkZhaWxlZCBsb2dpbiBhdHRlbXB0XC4gJXtJUDpzb3VyY2VfaXB9LiokJwogIEJJVFdBUkRFTl9GQUlMRURfTE9HSU5fMkZBOiAnXiV7RVhJTV9EQVRFOnRpbWVzdGFtcH0uKkZhaWxlZCBsb2dpbiBhdHRlbXB0XCwgMkZBIGludmFsaWRcLiAle0lQOnNvdXJjZV9pcH0uKiQnCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogQklUV0FSREVOX0ZBSUxFRF9MT0dJTiAgCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGJpdHdhcmRlbl9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgbmFtZTogQklUV0FSREVOX0ZBSUxFRF9MT0dJTl8yRkEKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYml0d2FyZGVuX2ZhaWxlZF9hdXRoXzJmYQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBiaXR3YXJkZW4KICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgo=", "description": "Parse bitwarden logs", "author": "MariuszKociubinski", "labels": null }, "Zaulao/aws-alb": { "path": "parsers/s01-parse/Zaulao/aws-alb.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "9ba7ab74a72e7090f14d62fb95795f98be37ea981ff3de4464a8cad3b9a1747f", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciBmb3IgQVdTIEFwcGxpY2F0aW9uIExvYWQgQmFsYW5jZXIgKEFMQikgYWNjZXNzIGxvZ3MuIEV4dHJhY3RzIEhUVFAgcmVxdWVzdCBmaWVsZHMgZnJvbSB0aGUgcmF3IG1lc3NhZ2UsIHdoaWNoIGFyZSB1c2VkIGZvciBmdXJ0aGVyIGVucmljaG1lbnQgYW5kIHByb2Nlc3NpbmcuIEFMQiBsb2cgZm9ybWF0IGlzIHdlbGwgZGVmaW5lZCBbaGVyZV0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2VsYXN0aWNsb2FkYmFsYW5jaW5nL2xhdGVzdC9hcHBsaWNhdGlvbi9sb2FkLWJhbGFuY2VyLWFjY2Vzcy1sb2dzLmh0bWwjYWNjZXNzLWxvZy1lbnRyeS1mb3JtYXQpLgoKIyBVc2FnZQpBcHBsaWNhdGlvbiBMb2FkIEJhbGFuY2VycyBhY2Nlc3MgbG9ncyBhcmUgc3RvcmVkIGluIFMzIGJ1Y2tldHMsIGFzIGluZGljYXRlZCBpbiB0aGUgW29mZmljaWFsIGRvY3VtZW50YXRpb25dKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9lbGFzdGljbG9hZGJhbGFuY2luZy9sYXRlc3QvYXBwbGljYXRpb24vZW5hYmxlLWFjY2Vzcy1sb2dnaW5nLmh0bWwpLiBUaGVyZWZvcmUsIHRoZSBjb2xsZWN0aW9uIG9mIHRoZXNlIGxvZ3MgbXVzdCBzdGFydCBmcm9tIHRoaXMgZGF0YSBzb3VyY2UgaW5pdGlhbGx5LgoKPiBUaGUgdXNlciBjYW4gY29sbGVjdCB0aGUgbG9ncyB1c2luZyB0aGUgQVdTIFMzIGRhdGEgc291cmNlLCBhdmFpbGFibGUgZnJvbSB2ZXJzaW9uIDEuNSBvZiBDcm93ZHNlYywgb3IgdXNlIGFsdGVybmF0aXZlcywgc3VjaCBhcywgZm9yIGV4YW1wbGUsIG90aGVyIGxvZyBjb2xsZWN0aW9uIHRvb2xzIHRoYXQgYWxsb3cgc2F2aW5nIGluIGEgZmlsZSBvciBhbnkgb3RoZXIgZGVzdGluYXRpb25zIChpbiB0aGlzIGNhc2UsIHRoZSBkYXRhIHNvdXJjZSBtdXN0IGJlIHNwZWNpZmllZCBhY2NvcmRpbmcgdG8gdGhlIGNob3NlbiBhbHRlcm5hdGl2ZSkuCgpUaGUgdXNlIG9mIHRoaXMgcGFyc2VyIGZvbGxvd3MgdGhlIFtkZWZhdWx0IGNvbmZpZ3VyYXRpb25dKGh0dHBzOi8vZG9jcy5jcm93ZHNlYy5uZXQvZG9jcy9uZXh0L2NvbmNlcHRzI2FjcXVpc2l0aW9uKSwgdGhhdCBpcywgaXQgaXMgcGVyZm9ybWVkIGZyb20gdGhlIGBhY3F1aXMueWFtbGAgZmlsZS4gVGhlcmVmb3JlLCBhZnRlciBjb25maWd1cmluZyB0aGUgY29ycmVjdCBbZGF0YSBzb3VyY2VdKGh0dHBzOi8vZG9jcy5jcm93ZHNlYy5uZXQvZG9jcy9uZXh0L2RhdGFfc291cmNlcy9pbnRybykgb2YgdGhlIGxvZ3MsIGl0cyBgdHlwZWAgbXVzdCBiZSBzcGVjaWZpZWQgYXMgaW5kaWNhdGVkIGJlbG93OgoKYGBgeWFtbApsYWJlbHM6CiAgdHlwZTogYXdzLWFsYgpgYGAKCiMgU3RhdGljcwpUaGUgaW5mb3JtYXRpb24gY29sbGVjdGVkIGZyb20gdGhlIHJhdyBsb2cgaXM6Ci0gYHRpbWVgOiBUaGUgdGltZSB3aGVuIHRoZSBsb2FkIGJhbGFuY2VyIGdlbmVyYXRlZCBhIHJlc3BvbnNlIHRvIHRoZSBjbGllbnQ7Ci0gYHJlbW90ZV9hZGRyYDogVGhlIElQIGFkZHJlc3Mgb2YgdGhlIHJlcXVlc3RpbmcgY2xpZW50OwotIGBlbGJfc3RhdHVzX2NvZGVgOiBUaGUgc3RhdHVzIGNvZGUgb2YgdGhlIHJlc3BvbnNlIGZyb20gdGhlIGxvYWQgYmFsYW5jZXI7Ci0gYHJlcXVlc3RgOiBUaGUgcmVxdWVzdCBsaW5lIFVSSSAoaS5lLiB0aGUgYHBhdGhgKSBmcm9tIHRoZSBjbGllbnQ7Ci0gYHZlcmJgOiBUaGUgcmVxdWVzdCBIVFRQIG1ldGhvZCBmcm9tIHRoZSBjbGllbnQ7Ci0gYGh0dHBfdXNlcl9hZ2VudGA6IEEgVXNlci1BZ2VudCBzdHJpbmcgdGhhdCBpZGVudGlmaWVzIHRoZSBjbGllbnQgdGhhdCBvcmlnaW5hdGVkIHRoZSByZXF1ZXN0LgoKVGhpcyBpbmZvcm1hdGlvbiBpcyBleHBvcnRlZCBmb3IgdXNlIGluIGNvbW1vbiB0aHJlYXQgZGV0ZWN0aW9uIHNjZW5hcmlvcyBmcm9tIEhUVFAgcmVxdWVzdHMuCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdhd3MtYWxiJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9hd3MtYWxiCmRlc2NyaXB0aW9uOiAiUGFyc2UgQVdTIEFMQiBhY2Nlc3MgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtEQVRBOnR5cGV9XHMrJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lfVxzKyV7REFUQTplbGJ9XHMrJXtJUDpyZW1vdGVfYWRkcn06JXtCQVNFMTBOVU06cmVtb3RlX3BvcnR9XHMrKC18KCV7SVA6dGFyZ2V0X2FkZHJ9OiV7QkFTRTEwTlVNOnRhcmdldF9wb3J0fSkpXHMrJXtCQVNFMTBOVU06cmVxdWVzdF9wcm9jZXNzaW5nX3RpbWV9XHMrJXtEQVRBOnRhcmdldF9wcm9jZXNzaW5nX3RpbWV9XHMrJXtCQVNFMTBOVU06cmVzcG9uc2VfcHJvY2Vzc2luZ190aW1lfVxzKyV7QkFTRTEwTlVNOmVsYl9zdGF0dXNfY29kZX1ccysle0RBVEE6dGFyZ2V0X3N0YXR1c19jb2RlfVxzKyV7QkFTRTEwTlVNOnJlY2VpdmVkX2J5dGVzfVxzKyV7QkFTRTEwTlVNOnNlbnRfYnl0ZXN9XHMrXCIle1dPUkQ6dmVyYn1ccysle0RBVEE6cHJvdG9jb2x9Oi8vJXtEQVRBOmhvc3R9OiV7TlVNQkVSOnBvcnR9JXtEQVRBOnJlcXVlc3R9XHMrSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259XCJccytcIiV7REFUQTpodHRwX3VzZXJfYWdlbnR9XCJccysle0RBVEE6c3NsX2NpcGhlcn1ccysle0RBVEE6c3NsX3Byb3RvY29sfVxzKyV7REFUQTp0YXJnZXRfZ3JvdXBfYXJufVxzK1wiJXtEQVRBOnRyYWNlX2lkfVwiXHMrXCIle0RBVEE6ZG9tYWluX25hbWV9XCJccytcIiV7REFUQTpjaG9zZW5fY2VydF9hcm59XCJccysle0RBVEE6bWF0Y2hlZF9ydWxlX3ByaW9yaXR5fVxzKyV7VElNRVNUQU1QX0lTTzg2MDE6cmVxdWVzdF9jcmVhdGlvbl90aW1lfVxzK1wiJXtEQVRBOmFjdGlvbnNfZXhlY3V0ZWR9XCJccytcIiV7REFUQTpyZWRpcmVjdF91cmx9XCJccytcIiV7REFUQTplcnJvcl9yZWFzb259XCJccytcIiV7REFUQTp0YXJnZXRfbGlzdH1cIlxzK1wiJXtEQVRBOnRhcmdldF9zdGF0dXNfY29kZV9saXN0fVwiXHMrXCIle0RBVEE6Y2xhc3NpZmljYXRpb259XCJccytcIiV7REFUQTpjbGFzc2lmaWNhdGlvbl9yZWFzb259XCInCiAgYXBwbHlfb246IExpbmUuUmF3CiAgc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGFsYl9hY2Nlc3NfbG9nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGh0dHAKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVxdWVzdF9jcmVhdGlvbl90aW1lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAgIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZWxiX3N0YXR1c19jb2RlIgogICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAgIC0gbWV0YTogaHR0cF92ZXJiCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnZlcmIiCiAgICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQi", "description": "Parse AWS ALB access logs", "author": "Zaulao", "labels": null }, "ZoeyVid/npmplus-logs": { "path": "parsers/s01-parse/ZoeyVid/npmplus-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "f8d7c6e259f94d2ce34c6bdd0b9843a1bb52e395c7ba491d3832d3d0ad672103", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgW05QTXBsdXNdKGh0dHBzOi8vZ2l0aHViLmNvbS9ab2V5VmlkL05QTXBsdXMpLCBzdXBwb3J0cyBib3RoIGFjY2VzcyBhbmQgZXJyb3IgbG9ncy4K", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25wbXBsdXMnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogWm9leVZpZC9ucG1wbHVzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBOUE1wbHVzIGFjY2VzcyBhbmQgZXJyb3IgbG9ncyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gJXtOVU1CRVI6cmVxdWVzdF90aW1lfSAiJXtXT1JEOnZlcmJ9ICV7REFUQTpyZXF1ZXN0fSBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0iICV7TlVNQkVSOnN0YXR1c30gJXtOVU1CRVI6Ym9keV9ieXRlc19zZW50fSAle05VTUJFUjpieXRlc19zZW50fSAle05PVERRVU9URTpodHRwX3JlZmVyZXJ9ICV7Tk9URFFVT1RFOmh0dHBfdXNlcl9hZ2VudH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjIGFuZCB0aGlzIG9uZSB0aGUgZXJyb3IgbG9nCiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9LCBjbGllbnQ6ICV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9LCBzZXJ2ZXI6ICV7REFUQTp0YXJnZXRfZnFkbn0sIHJlcXVlc3Q6ICIle1dPUkQ6dmVyYn0gKFteL10rKT8le1VSSVBBVEhQQVJBTTpyZXF1ZXN0fSggSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259KT8iLCBob3N0OiAiJXtJUE9SSE9TVH0oOiV7Tk9OTkVHSU5UfSk/IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9lcnJvci1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQogICAgcGF0dGVybl9zeW50YXg6CiAgICAgIE5PX0RPVUJMRV9RVU9URTogJ1teIl0rJwogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ3dhcyBub3QgZm91bmQgaW4nIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgVVNFUl9OT1RfRk9VTkQ6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iIHdhcyBub3QgZm91bmQgaW4gIiV7Tk9fRE9VQkxFX1FVT1RFfSInCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1VTRVJfTk9UX0ZPVU5EfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ3Bhc3N3b3JkIG1pc21hdGNoJyIKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIFBBU1NXT1JEX01JU01BVENIOiAndXNlciAiJXtOT19ET1VCTEVfUVVPVEU6dXNlcm5hbWV9IjogcGFzc3dvcmQgbWlzbWF0Y2gnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1BBU1NXT1JEX01JU01BVENIfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ2xpbWl0aW5nIHJlcXVlc3RzLCBleGNlc3MnIgogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAicmVxX2xpbWl0X2V4Y2VlZGVkIgogICMjIFBhcnNlIG1hbGZvcm1lZCByZXF1ZXN0cwogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle0lQT1JIT1NUOnRhcmdldF9mcWRufSApPyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gKCV7TkdVU0VSOnJlbW90ZV91c2VyfSk/IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle0RBVEE6cmVxdWVzdH0iICV7TlVNQkVSOnN0YXR1c30gJXtOVU1CRVI6Ym9keV9ieXRlc19zZW50fSAiJXtOT1REUVVPVEU6aHR0cF9yZWZlcmVyfSIgIiV7Tk9URFFVT1RFOmh0dHBfdXNlcl9hZ2VudH0iKCAle05VTUJFUjpyZXF1ZXN0X2xlbmd0aH0gJXtOVU1CRVI6cmVxdWVzdF90aW1lfSBcWyV7REFUQTpwcm94eV91cHN0cmVhbV9uYW1lfVxdIFxbJXtEQVRBOnByb3h5X2FsdGVybmF0aXZlX3Vwc3RyZWFtX25hbWV9XF0pPycKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogdGFyZ2V0X2ZxZG4KICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9mcWRuIgo=", "description": "Parse NPMplus access and error logs", "author": "ZoeyVid", "labels": null }, "a1ad/meshcentral-logs": { "path": "parsers/s01-parse/a1ad/meshcentral-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "5d0d9069a3e8872106d88c3b7bbefc61817dceea197b41eb5e29e149c9100f26", "deprecated": false }, "0.2": { "digest": "3d89097772e8fd781deeb6695f2cb69242e0b8cdc3e9dad575fb47d075fe3b1e", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbTWVzaGNlbnRyYWxdKGh0dHBzOi8vd3d3Lm1lc2hjb21tYW5kZXIuY29tL21lc2hjZW50cmFsMikgQXV0aCBMb2dzLgoKWW91IG5lZWQgdG8gYWRkIHRoZSBmb2xsb3dpbmcgaW4gdGhlIE1lc2hjZW50cmFsIGNvbmZpZyBmaWxlIGJlZm9yZSBNZXNoY2VudHJhbCBzdGFydHMgbG9nZ2luZzoKImF1dGhMb2ciOiAiL29wdC9tZXNoY2VudHJhbC9tZXNoY2VudHJhbC1kYXRhL2F1dGgubG9nIgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvb3B0L21lc2hjZW50cmFsL21lc2hjZW50cmFsLWRhdGEvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IG1lc2hjZW50cmFsCmBgYAo=", "content": "Cm9uc3VjY2VzczogbmV4dF9zdGFnZQojZGVidWc6IGZhbHNlCm5hbWU6IGExYWQvbWVzaGNlbnRyYWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1lc2hjZW50cmFsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbWVzaGNlbnRyYWwnIgpwYXR0ZXJuX3N5bnRheDoKICBNRVNIQ0VOVFJBTF9DVVNUT01VU0VSOiAiKCV7RU1BSUxBRERSRVNTfXwle1VTRVJOQU1FfSkiCiAgTUVTSENFTlRSQUxfQ1VTVE9NREFURTogIiV7TU9OVEh9ICV7TU9OVEhEQVl9ICV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtNRVNIQ0VOVFJBTF9DVVNUT01EQVRFOnRpbWVzdGFtcH0uKkZhaWxlZCBwYXNzd29yZCBmb3IgJXtNRVNIQ0VOVFJBTF9DVVNUT01VU0VSOnVzZXJuYW1lfSBmcm9tICV7SVA6c291cmNlX2lwfS4qJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBtZXNoY2VudHJhbF9mYWlsZWRfYXV0aAoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogbWVzaGNlbnRyYWwKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAo=", "description": "Parse meshcentral logs", "author": "a1ad", "labels": null }, "a1ad/mikrotik-logs": { "path": "parsers/s01-parse/a1ad/mikrotik-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "f93eb0de9904b9b1ef035f5fa74ae3fdd68516de1a28c2e7c00d14afc76d86e8", "deprecated": false }, "0.2": { "digest": "f837ac29caf28ee1e273f118fd4a0f9be6e71fa7f8b30983f7ee091cbb82740e", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbTWlrcm90aWtdKGh0dHBzOi8vbWlrcm90aWsuY29tLykgTG9ncy4KCllvdSBuZWVkIHRvIHNldCB1cCBhIHJlbW90ZSBzeXNsb2cgc2VydmVyLiBUaGVyZSBpcyBubyBjcm93ZHNlYyBjbGllbnQgb24gdGhlIE1pa3JvdGlrLCBzbyBsb2cgcGFyc2luZyBuZWVkcyB0byBiZSBkb25lIG9uIHRoZSByc3lzbG9nIHNlcnZlci4KRG8gbm90IGZvcmdldCB0byBzZXQgIkZpcmV3YWxsIiBmbGFnIGluIHRoZSByZW1vdGUgbG9nIHNldHRpbmdzIGFuZCBjcmVhdGUgYSBkcm9wIHJ1bGUgd2l0aCBsb2dnaW5nIGFjdGl2ZS4KRm9yIHVzZXIgYXV0aGVudGljYXRpb24geW91IG5lZWQgdG8gc2V0IHRoZSAiZXJyb3IiIGZsYWcuCgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3JzeXNsb2cvMTAuMTAuMTAuMS9zeXNsb2cubG9nCmxhYmVsczoKICB0eXBlOiBtaWtyb3RpawpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ21pa3JvdGlrJyIKbmFtZTogYTFhZC9taWtyb3Rpay1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTWlrcm90aWsgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTUlLUk9USUtfRklSRVdBTExfRFJPUDogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSAle0hPU1ROQU1FfSAuKiAle0RBVEE6dGFnfSBpbnB1dDogaW46JXtEQVRBOmlmX2lufSBvdXQ6JXtEQVRBOmlmX291dH0sIGNvbm5lY3Rpb24tc3RhdGU6JXtEQVRBOmNvbm5lY3Rpb25fc3RhdGV9IHNyYy1tYWMgJXtNQUM6c3JjX21hY30sIHByb3RvICV7V09SRDpwcm90b30uKiwgJXtJUDpzb3VyY2VfaXB9OiV7SU5UOnNyY19wb3J0fS0+JXtJUDpkc3RfaXB9OiV7SU5UOmRzdF9wb3J0fSwgbGVuICV7SU5UOmxlbmd0aH0iCiAgTUlLUk9USUtfQVVUSF9GQUlMRUQ6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtIT1NUTkFNRX0gLiogbG9naW4gZmFpbHVyZSBmb3IgdXNlciAle1VTRVJOQU1FOmludmFsaWRfdXNlcn0gZnJvbSAle0lQOnNvdXJjZV9pcH0iCm5vZGVzOgogIC0gZ3JvazoKICAgICBuYW1lOiAiTUlLUk9USUtfRklSRVdBTExfRFJPUCIKICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IHRjcF91ZHAKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBtaWtyb3Rpa19kcm9wCiAgICAgIC0gbWV0YTogZHN0X3BvcnQKICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kc3RfcG9ydCIKICAtIGdyb2s6CiAgICAgbmFtZSA6ICJNSUtST1RJS19BVVRIX0ZBSUxFRCIKICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IG1pa3JvdGlrCiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogbWlrcm90aWtfZmFpbGVkX2F1dGgKICAgICAgLSBtZXRhOiB1c2VyCiAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaW52YWxpZF91c2VyIgpzdGF0aWNzOgogLSBtZXRhOiBzb3VyY2VfaXAKICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCg==", "description": "Parse Mikrotik logs", "author": "a1ad", "labels": null }, "aderumier/proxmox-iptables-logs": { "path": "parsers/s01-parse/aderumier/proxmox-iptables-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "c0c3a2300829f3172cd2b850ed3c21fcc27765a587b31ebad8c1223c06cc647f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHByb3htb3ggaXB0YWJsZXMgZm9ybWF0IGAtaiBORkxPRyAtLW5mbG9nLXByZWZpeCAnJHZtaWQ6JGxvZ2xldmVsOiRjaGFpbjogJG1zZydgOgoKIC0gT25seSBwYXJzZSBrZXJuZWwgbWVzc2FnZXMgY29udGFpbmluZyBgLUlOPWAsIHNwZWNpZmljIHRvIHByb3htb3ggKDxjaGFpbj4tSU4pCiAtIFNraXAgbGluZXMgaWYgZGVjaXNpb25zIGlzIGBBQ0NFUFRgIG9yIGBQVkVGVy1TRVQtQUNDRVBULU1BUktgCiAtIEFsbCBsb2dnZWQgcGFja2V0cyBhcmUgY29uc2lkZXJlZCBhcyBEUk9Qcy4K", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnUFZFRlctcmVqZWN0JyBvciBldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ0RST1AnIG9yIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnUkVKRUNUJyIKZGVidWc6IGZhbHNlCm5hbWU6IGFkZXJ1bWllci9wcm94bW94LWlwdGFibGVzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwcm94bW94IGlwdGFibGVzIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAiXiV7Tk9UU1BBQ0U6dm1pZH0gJXtOT1RTUEFDRTpsb2dsZXZlbH0gJXtOT1RTUEFDRTppbnRfZXRofS1JTiAle0hUVFBEQVRFOmxvZ2RhdGV9IChwb2xpY3kgKT8le05PVFNQQUNFOmFjdGlvbn06KCBJTj0le0RBVEE6aWZhY2V9KT8oIE9VVD0le0RBVEE6b2ZhY2V9KT8oIFBIWVNJTj0le0RBVEE6cGh5c2lufSk/KCBQSFlTT1VUPSV7REFUQTpwaHlzb3V0fSk/KCBNQUM9JXtNQUM6ZHN0X21hY306JXtNQUN9JXtOT1RTUEFDRX0pPyBTUkM9JXtJUDpzcmNfaXB9IERTVD0le0lQOmRzdF9pcH0gTEVOPSV7SU5UOmRhdGFfbGVuZ3RofSggVE9TPTB4JXtCQVNFMTZOVU06dG9zfSk/KCBQUkVDPTB4JXtCQVNFMTZOVU06cHJlY30pPyggVEM9JXtJTlR9KT8oIEZMT1dMQkw9JXtJTlR9KT8oIEhPUExJTUlUPSV7SU5UOnR0bH0pPyggVFRMPSV7SU5UOnR0bH0pPyggSUQ9JXtJTlQ6aWR9KT8oICV7V09SRH0pPyBQUk9UTz0le05PVFNQQUNFOnByb3RvfSggU1BUPSV7SU5UOnNyY19wb3J0fSk/KCBEUFQ9JXtJTlQ6ZHN0X3BvcnR9KT8oIExFTj0le0lOVDpkYXRhX2xlbmd0aH0pPyggU0VRPSV7SU5UfSk/KCBBQ0s9JXtJTlQ6YWNrfSk/KCBXSU5ET1c9JXtJTlR9KT8oICV7V09SRDp0Y3BfZmxhZ3N9KT8iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCg==", "description": "Parse proxmox iptables drop logs", "author": "aderumier", "labels": null }, "aidalinfo/couchdb-logs": { "path": "parsers/s01-parse/aidalinfo/couchdb-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "cd9a26d6fd50e86a2c14942c5d82a5d83dca70fcc9e4505a7703a73e8f98455c", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQ291Y2hEQl0oaHR0cHM6Ly9jb3VjaGRiLmFwYWNoZS5vcmcvKQoKRXhhbXBsZSBhY3F1aXNpdGlvbiA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAgLSAvcGF0aC90by9jb3VjaC5sb2cKbGFiZWxzOgogIHR5cGU6IGNvdWNoZGIKYGBg", "content": "IyBkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2NvdWNoZGInIgpuYW1lOiBhaWRhbGluZm8vY291Y2hkYi1sb2ctbm9kZQpkZXNjcmlwdGlvbjogIkZpcnN0IHN0ZXAgZ2V0IElQLCBVc2VyLCB0aW1lIGFuZCBJUCBmcm9tIGNvdWNoZGIgbG9ncyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFtub3RpY2VcXSAle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtHUkVFRFlEQVRBfSAle0lQOnNvdXJjZV9pcH0gJXtXT1JEOnVzZXJ9ICV7V09SRDpodHRwX21ldGhvZH0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gJXtOVU1CRVI6aHR0cF9zdGF0dXNfY29kZX0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBzdGFnZV9sb2cKICAgICAgICAgIHZhbHVlOiByb290LWRvbmUKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIgogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgIC0gbWV0YTogcGF0aF9kYgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXF1ZXN0Ci0tLQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKZmlsdGVyOiAiZXZ0Lk1ldGEuc3RhZ2VfbG9nID09ICdyb290LWRvbmUnIgpuYW1lOiBhaWRhbGluZm8vY291Y2hkYi1sb2ctc3Vibm9kZQpkZXNjcmlwdGlvbjogIlNlY29uZCBzdGVwIHNvcnQgaWYgaXMgYnJ1dGVmb3JjZSBvciBjcmF3bCIKIyBkZWJ1ZzogdHJ1ZQpub2RlczoKICAtIGZpbHRlcjogImV2dC5QYXJzZWQuaHR0cF9zdGF0dXNfY29kZSA9PSAnNDAxJyIKICAgIGRlYnVnOiBmYWxzZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBiZi1lbnVtLWNvdWNoZGIKICAtIGZpbHRlcjogImV2dC5QYXJzZWQuaHR0cF9zdGF0dXNfY29kZSA9PSAnNDA0JyIKICAgIGRlYnVnOiBmYWxzZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBjcmF3bC1jb3VjaGRi", "description": "First step get IP, User, time and IP from couchdb logs", "author": "aidalinfo", "labels": null }, "aidalinfo/tcpudp-flood-traefik": { "path": "parsers/s01-parse/aidalinfo/tcpudp-flood-traefik.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "13b543d2cdbd39fa04ff4988825566c06006e9ecc789d23e0e56ec399feddc87", "deprecated": false } }, "long_description": "IyMgQWNxdWlzaXRpb24gVURQL1RDUCBGbG9vZCBUcmFlZmlrCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBwYXJzZXIgYWlkYWxpbmZvL3RjcHVkcC1mbG9vZC10cmFlZmlrIDoKYGBgCi0tLQpmaWxlbmFtZXM6Ci0gL3Zhci9sb2cvKi90cmFlZmlrLWRlYnVnLmxvZwpsYWJlbHM6CiAgdHlwZTogdGNwdWRwLXRyYWVmaWsKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiMjIEZhY2lsaXRlIGxlIGTDqWJvZ2FnZQojIyBFTjogRW5hYmxlIGRlYnVnZ2luZwpkZWJ1ZzogZmFsc2UKIyMgTm9tIGRlIGxhIHTDomNoZQojIyBFTjogVGFzayBuYW1lCm5hbWU6IGFpZGFsaW5mby90Y3B1ZHAtZmxvb2QtdHJhZWZpawojIyBEZXNjcmlwdGlvbiBkZSBsYSB0w6JjaGUKIyMgRU46IFRhc2sgZGVzY3JpcHRpb24KZGVzY3JpcHRpb246ICJQYXJzZSBUQ1AvVURQIHRyYWVmaWsgbG9ncyIKIyMgZmlsdHJlIGR1IGxvZyDDoCB0cmFpdGVyCiMjIEVOOiBMb2cgZmlsdGVyIHRvIHByb2Nlc3MKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICd0Y3B1ZHAtdHJhZWZpayciCiMjIExpc3RlIGRlcyBuxZN1ZHMKIyMgRU46IExpc3Qgb2Ygbm9kZXMKbm9kZXM6CiMjIFRDUCBHUk9LCiAgLSBncm9rOgogICMjIEdyb2sgcGF0dGVybiBmb3IgZXh0cmFjdCBJUCBTT1VSQ0UgYW5kIG90aGVyIGluZm9ybWF0aW9ucyBvbiB0aGlzIG1lc3NhZ2Ugc3RydWN0dXJlCiAgICAgIHBhdHRlcm46ICd0aW1lPSIle1RJTUVTVEFNUF9JU084NjAxOnRpbWV9IiBsZXZlbD0le0xPR0xFVkVMOmxldmVsfSBtc2c9IkhhbmRsaW5nIFRDUCBjb25uZWN0aW9uIGZyb20gJXtJUDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSB0byAle0lQOmRlc3RpbmF0aW9uX2lwfTole05VTUJFUjpkZXN0aW5hdGlvbl9wb3J0fSInCiAgICAgICMjIEFwcGx5IHBhdHRlcm4gb24gZm9yIGFsbCBtZXNzYWdlIGluIGxvZ3MKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgIyMgQWRkIG1ldGEgdmFsdWUsIHRoaXMgdHlwZSBpcyB1c2VkIGJ5IHNjZW5hcmlvCiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHRyYWVmaWtfdGNwdWRwCiMjIFVEUCBHUk9LIHBhdHRlcm4gZm9yIGV4dHJhY3QgSVAgU09VUkNFIGFuZCBvdGhlciBpbmZvcm1hdGlvbnMgb24gdGhpcyBtZXNzYWdlIHN0cnVjdHVyZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ3RpbWU9IiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0iIGxldmVsPSV7TE9HTEVWRUw6bGV2ZWx9IG1zZz0iSGFuZGxpbmcgVURQIHN0cmVhbSBmcm9tICV7SVA6c291cmNlX2lwfTole05VTUJFUjpzb3VyY2VfcG9ydH0gdG8gJXtJUDpkZXN0aW5hdGlvbl9pcH06JXtOVU1CRVI6ZGVzdGluYXRpb25fcG9ydH0iJwogICAgICMjIEFwcGx5IHBhdHRlcm4gb24gZm9yIGFsbCBtZXNzYWdlIGluIGxvZ3MKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgIyMgQWRkIG1ldGEgdmFsdWUsIHRoaXMgdHlwZSBpcyB1c2VkIGJ5IHNjZW5hcmlvCiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHRyYWVmaWtfdGNwdWRwCnN0YXRpY3M6CiMjIFBhc3MgVGltZSBhbmQgU291cmNlIElQIHRvIG90aGVyIHN0YWdlcyBhbmQgc2NlbmFyaW9zLgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQo=", "description": "Parse TCP/UDP traefik logs", "author": "aidalinfo", "labels": null }, "andreasbrett/baikal-logs": { "path": "parsers/s01-parse/andreasbrett/baikal-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "9272d4c7b7cb4367a5a3da506876b3d292f6b328f048772fe285fc16633c5a0d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQmFpa2FsXShodHRwczovL2dpdGh1Yi5jb20vc2FicmUtaW8vQmFpa2FsKSBsb2dzLiBCYWlrYWwgZG9lcyBub3QgcHJvZHVjZSBkZWRpY2F0ZWQgbG9ncyBidXQgcmF0aGVyIHNlbmRzIFBIUCBlcnJvcnMgaW50byBhcGFjaGUvbmdpbnggbG9ncy4gQ3VycmVudGx5IG9ubHkgYXBhY2hlIGVycm9yIGxvZ3MgYXJlIHN1cHBvcnRlZCBieSB0aGlzIHBhcnNlci4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAgIC0gL3Zhci9sb2cvaHR0cGQvZXJyb3IubG9nCmxhYmVsczoKICAgIHR5cGU6IEJhaWthbApgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ0JBSUtBTCciCm5hbWU6IGFuZHJlYXNicmV0dC9iYWlrYWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGJhaWthbCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICAgIEJBSUtBTF9GQUlMRURfQVVUSDogJ1xbJXtIVFRQREVSUk9SX0RBVEU6dGltZXN0YW1wfVxdLipcW2NsaWVudCAle0lQOnNvdXJjZV9pcH06JXtJTlQ6c291cmNlX3BvcnR9XF0gQUgwMTA3MTogR290IGVycm9yICcnUEhQIG1lc3NhZ2U6IHVzZXIgJXtVU0VSTkFNRTp1c2VybmFtZX0gYXV0aGVudGljYXRpb24gZmFpbHVyZSBmb3IgQmFpa2FsJycnCiAgICBCQUlLQUxfRkFJTEVEX0FVVEhfTk9fVVNFUjogJ1xbJXtIVFRQREVSUk9SX0RBVEU6dGltZXN0YW1wfVxdLipcW2NsaWVudCAle0lQOnNvdXJjZV9pcH06JXtJTlQ6c291cmNlX3BvcnR9XF0gQUgwMTA3MTogR290IGVycm9yICcnUEhQIG1lc3NhZ2U6IHVzZXIgXChuYW1lIHN0cmlwcGVkLW91dFwpIGF1dGhlbnRpY2F0aW9uIGZhaWx1cmUgZm9yIEJhaWthbCcnJwpub2RlczoKICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICIle0JBSUtBTF9GQUlMRURfQVVUSH0iCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICAgICAgICB2YWx1ZTogYmFpa2FsX2ZhaWxlZF9hdXRoCiAgICAgICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogIiV7QkFJS0FMX0ZBSUxFRF9BVVRIX05PX1VTRVJ9IgogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICAgICAgdmFsdWU6IGJhaWthbF9mYWlsZWRfYXV0aF9ub191c2VyCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBiYWlrYWwKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAo=", "description": "Parse baikal logs", "author": "andreasbrett", "labels": null }, "andreasbrett/paperless-ngx-logs": { "path": "parsers/s01-parse/andreasbrett/paperless-ngx-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "9e0192bcc89e1050c982852c611d23f4ca781c4c201a094f11a5a2f4055f47f6", "deprecated": false }, "0.2": { "digest": "19dc9f87ca60b58d199a42a6901200d1cf538db0254773b303512cf66308f4a6", "deprecated": false }, "0.3": { "digest": "85ecad2a725e827e4d340f312cf8419203264bf2092c7eaa5c78dac618d10cbd", "deprecated": false }, "0.4": { "digest": "21d1dff2e2d42b5aa2c24e30f7d761d141afcc64706b3a24efbe5ddd528b605f", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUGFwZXJsZXNzLW5neF0oaHR0cHM6Ly9naXRodWIuY29tL3BhcGVybGVzcy1uZ3gvcGFwZXJsZXNzLW5neCkgTG9ncy4KCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAgIC0gL3Zhci9sb2cvcGFwZXJsZXNzLmxvZwpsYWJlbHM6CiAgICB0eXBlOiBQYXBlcmxlc3Mtbmd4CmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1BBUEVSTEVTUy1OR1gnIgpuYW1lOiBhbmRyZWFzYnJldHQvcGFwZXJsZXNzLW5neC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgcGFwZXJsZXNzLW5neCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICAgIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgICAtIGdyb2s6CiAgICAgICAgICAjIFBhcGVybGVzcy1uZ3ggdjEuMTQuMCB0byB2MS4xNi41CiAgICAgICAgICBwYXR0ZXJuOiAnXFsle0RBVEVfWU1EOmRhdGV9ICV7VElNRTp0aW1lfVxdIFxbSU5GT1xdIFxbcGFwZXJsZXNzXC5hdXRoXF0gTG9naW4gZmFpbGVkIGZvciB1c2VyIGAle1VTRVJOQU1FOnVzZXJuYW1lfWAgZnJvbSAocHJpdmF0ZSApP0lQIGAle0lQOnNvdXJjZV9pcH1cLmAnCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICAgICAgICB2YWx1ZTogcGFwZXJsZXNzX25neF9mYWlsZWRfYXV0aAogICAgICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgIC0gZ3JvazoKICAgICAgICAgICMgUGFwZXJsZXNzLW5neCB2MS4xNi42KwogICAgICAgICAgcGF0dGVybjogJ1xbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXSBcW0lORk9cXSBcW3BhcGVybGVzc1wuYXV0aFxdIExvZ2luIGZhaWxlZCBmb3IgdXNlciBgJXtVU0VSTkFNRTp1c2VybmFtZX1gIGZyb20gKHByaXZhdGUgKT9JUCBgJXtJUDpzb3VyY2VfaXB9YFwuJwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICAgICAgdmFsdWU6IHBhcGVybGVzc19uZ3hfZmFpbGVkX2F1dGgKICAgICAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBwYXBlcmxlc3Mtbmd4CiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZSIK", "description": "Parse paperless-ngx logs", "author": "andreasbrett", "labels": null }, "andreasbrett/webmin-logs": { "path": "parsers/s01-parse/andreasbrett/webmin-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "32f1e1ac638422ad152f59e627818970547e548a2496db78cea2da71f30391e4", "deprecated": false }, "0.2": { "digest": "604b0334eb171e626fcff15367bf291329291296572cf14ea30b7ca6bc8486de", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbV2VibWluXShodHRwczovL2dpdGh1Yi5jb20vd2VibWluL3dlYm1pbikgbG9ncwoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogICAgLSAvdmFyL3dlYm1pbi93ZWJtaW4ubG9nCmxhYmVsczoKICAgIHR5cGU6IFdlYm1pbgpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1dFQk1JTiciCm5hbWU6IGFuZHJlYXNicmV0dC93ZWJtaW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHdlYm1pbiBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICAgIFdFQk1JTl9BVVRIX1dST05HX1BBU1M6ICcle0lOVDp1bml4X2Vwb2NofVwuJXtJTlR9XC4le0lOVH0gXFsuKlxdICV7VVNFUk5BTUU6dXNlcm5hbWV9IC0gJXtJUDpzb3VyY2VfaXB9IGdsb2JhbCBtaW5pc2Vydi5wbCAiZmFpbGVkIiAiLSIgIndyb25ncGFzcyInCiAgICBXRUJNSU5fQVVUSF9UV09GQUNUT1I6ICcle0lOVDp1bml4X2Vwb2NofVwuJXtJTlR9XC4le0lOVH0gXFsuKlxdICV7VVNFUk5BTUU6dXNlcm5hbWV9IC0gJXtJUDpzb3VyY2VfaXB9IGdsb2JhbCBtaW5pc2Vydi5wbCAiZmFpbGVkIiAiLSIgInR3b2ZhY3RvciInCgpub2RlczoKICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICIle1dFQk1JTl9BVVRIX1dST05HX1BBU1N9IgogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICAgICAgdmFsdWU6IHdlYm1pbl9mYWlsZWRfYXV0aF93cm9uZ19wYXNzCiAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAiJXtXRUJNSU5fQVVUSF9UV09GQUNUT1J9IgogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICAgICAgdmFsdWU6IHdlYm1pbl9mYWlsZWRfYXV0aF90d29mYWN0b3IKCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHdlYm1pbgogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudW5peF9lcG9jaCIK", "description": "Parse webmin logs", "author": "andreasbrett", "labels": null }, "baudneo/gotify-logs": { "path": "parsers/s01-parse/baudneo/gotify-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "526d78255dcba17af4ee78e969241dfdcf00fe1efee8d4498e4875ec2db9d0b8", "deprecated": false }, "0.2": { "digest": "918275f986bbd2fd2a5a7b4fd16056a8447d6a95bd076fd698535fcc0d086b3b", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciB0aGF0IHdpbGwgc2VhcmNoIGZvciB1bmF1dGhvcml6ZWQgKDQwMSkgc3RhdHVzIGNvZGUgaW4gYSBsb2cgZmlsZSB0aGF0IGdvdGlmeSBpcyBvdXRwdXR0aW5nIGl0cyBzdGRvdXQgdG8uIApGcm9tIHRlc3RpbmcgaXQgc2VlbXMgZ290aWZ5IHJldHVybnMgYSA0MDEgZm9yIHVua25vd24gdXNlciwgYmFkIHBhc3N3b3JkLCBhbmQgaW5jb3JyZWN0IHRva2Vucy4gVGhlcmUgaXMgbm8gd2F5IHRvIApkZXRlcm1pbmUgd2hpY2ggaXMgd2hpY2ggc28gdGhpcyBwYXJzZXIgd2lsbCBvbmx5IHNlYXJjaCBmb3IgNDAxIHN0YXR1cyBjb2RlLgoKIyBIT1cgVE8gSU5TVEFMTCBQUk9QRVJMWQotIFJFUVVJUkVEIC0gZXhhbXBsZSBgYWNxdWlzLnlhbWxgIGVudHJ5IC0gVGhlIGB0eXBlYCAqKk1VU1QqKiBiZSBleGFjdGx5IGFzIHNob3duIGhlcmUgb3IgdGhlIHBhcnNlciB3aWxsIG5ldmVyIGJlIHN1Y2Nlc3NmdWwuCgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9wYXRoL3RvL2dvdGlmeS5sb2cKbGFiZWxzOgogIHR5cGU6IGdvdGlmeQpgYGAKOmV4Y2xhbWF0aW9uOiBUaGUgYHR5cGVgICoqTVVTVCoqIGJlIGBnb3RpZnlgIDpleGNsYW1hdGlvbjoKCiMgU3RhdGljcwotIFRoZSBJUCBpcyB0aGUgb25seSBkYXRhIGdyYWJiZWQgZnJvbSB0aGUgbG9nIGFuZCBpcyBzdG9yZWQgaW4gYGV2dC5QYXJzZWQuc291cmNlX2lwYCBhbmQgYGV2dC5NZXRhLnNvdXJjZV9pcGAKCiMgSG93IHRvIC0gSGF2ZSBHb3RpZnkgKERvY2tlcikgbG9nIHRvIGEgZmlsZQotIFlvdSBtdXN0IGNyZWF0ZSB5b3VyIG93biBgRG9ja2VyZmlsZWAgYW5kIHRoZW4gYnVpbGQgaXQuIEV4YW1wbGUgRG9ja2VyZmlsZSBhcyBmb2xsb3dzLgpgYGBEb2NrZXJmaWxlCkZST00gZ290aWZ5L3NlcnZlcgpFTlRSWVBPSU5UIC9iaW4vYmFzaCAtYyAnL2FwcC9nb3RpZnktYXBwIHwgdGVlIC9hcHAvZGF0YS9nb3RpZnkubG9nJwpgYGAKLSBCdWlsZCB0aGUgaW1hZ2UgYHN1ZG8gZG9ja2VyIGJ1aWxkIC10IDxUQUcgTkFNRT5gCi0gRXhhbXBsZSBgPFRBRyBOQU1FPmAgLSBzZXJ2ZXIvZ290aWZ5OmxvZ2dlcgotIE5vdyBtYWtlIGEgZG9ja2VyLWNvbXBvc2UgZmlsZSB0byB1c2UgdGhlIGltYWdlLCB0aGUgbG9nIGZpbGUgd2lsbCBlbmQgdXAgaW4gdGhlIGBnb3RpZnlfZGF0YWAgZGlyZWN0b3J5CmBgYGRvY2tlcgogIGdvdGlmeToKICAgIGltYWdlOiBnb3RpZnkvc2VydmVyOmxvZ2dlcgogICAgY29udGFpbmVyX25hbWU6IGdvdGlmeQogICAgcmVzdGFydDogYWx3YXlzCiAgICBwb3J0czoKICAgICAgLSA4MDgwOjgwCiAgICB2b2x1bWVzOgogICAgICAtICIuL2dvdGlmeV9kYXRhOi9hcHAvZGF0YSIKCmBgYAo=", "content": "I2ZpbHRlcjogJzEgPT0gMScgICMgRm9yIGh1YiB0ZXN0cwpmaWx0ZXI6IGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAiZ290aWZ5IiAgIyBQcm9kdWN0aW9uCiNkZWJ1ZzogdHJ1ZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogYmF1ZG5lby9nb3RpZnktbG9ncwpkZXNjcmlwdGlvbjogcGFyc2VyIGZvciBHb3RpZnkgc2VydmVyCnBhdHRlcm5fc3ludGF4OgogIEdPVElGWV9TRVBFUkFUT1I6ICcle1NQQUNFfVx8JXtTUEFDRX0nCiAgR09USUZZXzQwMTogJ15cW0dJTlxdXHMqJXtZRUFSOnllYXJ9LyV7TU9OVEhOVU06bW9udGh9LyV7TlVNQkVSOmRheX0le1NQQUNFfVstXSV7U1BBQ0V9JXtUSU1FOnRpbWV9JXtHT1RJRllfU0VQRVJBVE9SfTQwMSV7R09USUZZX1NFUEVSQVRPUn0le0RBVEE6cmVxdWVzdF90aW1lX3Rvb2t9JXtHT1RJRllfU0VQRVJBVE9SfSV7SVA6c291cmNlX2lwfSV7R09USUZZX1NFUEVSQVRPUn0le1dPUkQ6cmVxdWVzdF90eXBlfSV7U1BBQ0V9IiV7REFUQTplbmRwb2ludH0iJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJHT1RJRllfNDAxIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gdGFyZ2V0OiBTdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiB8LQogICAgICAgICAgICBldnQuUGFyc2VkLnllYXIrICIvIiArIGV2dC5QYXJzZWQubW9udGggKyAiLyIgKyBldnQuUGFyc2VkLmRheSArICIgIiArIGV2dC5QYXJzZWQudGltZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSV7R09USUZZX1NFUEVSQVRPUn00MDEle0dPVElGWV9TRVBFUkFUT1J9JXtEQVRBOnJlcXVlc3RfdGltZV90b29rfSV7R09USUZZX1NFUEVSQVRPUn0le0lQOnNvdXJjZV9pcH0le0dPVElGWV9TRVBFUkFUT1J9JXtXT1JEOnJlcXVlc3RfdHlwZX0le1NQQUNFfSIle0RBVEE6ZW5kcG9pbnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKc3RhdGljczoKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogZ290aWZ5X2ZhaWxlZF9hdXRoCg==", "description": "parser for Gotify server", "author": "baudneo", "labels": null }, "baudneo/zoneminder-logs": { "path": "parsers/s01-parse/baudneo/zoneminder-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "f603455093722174960807241d0959bfbd485c089372e4770298a0a9cd219001", "deprecated": false }, "0.2": { "digest": "150c13541d7664c6557199a47d877fdac7d1a8cf64ec812d4f8af032cbf73815", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciB0aGF0IHNlYXJjaGVzIGZvciB1bmtub3duIHVzZXIgYW5kIGluY29ycmVjdCBwYXNzd29yZCBsb2dpbnMgdG8gWm9uZU1pbmRlciBieSB1c2luZyBgd2ViX3BocC5sb2dgIGFzIGEgZGF0YSBzb3VyY2UuCk5vdyBzdXBwb3J0cyBuZXcgUEhQIGRhdGUgZm9ybWF0OyBERUZBVUxUIFVTL0NBTiBmb3JtYXQuCgojIEhPVyBUTyBJTlNUQUxMIFBST1BFUkxZCi0gUkVRVUlSRUQgLSBleGFtcGxlIGBhY3F1aXMueWFtbGAgZW50cnkgLSB0aGUgYHR5cGVgIG11c3QgYmUgZXhhY3RseSBhcyBzaG93biBoZXJlIG9yIHRoZSBwYXJzZXIgd2lsbCBuZXZlciBiZSBzdWNjZXNzZnVsLgoqKipUaGUgbG9nIHBhdGggaXMgdGhlIGRlZmF1bHQgcGF0aCBvbiBhIGRlYmlhbiBiYXNlZCBkaXN0cm8sIGNoYW5nZSB0byBwb2ludCB0b3dhcmRzIHdoZXJlIHlvdXIgWm9uZU1pbmRlciBgd2ViX3BocC5sb2dgIGlzKioqCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvem0vd2ViX3BocC5sb2cKbGFiZWxzOgogIHR5cGU6IHpvbmVtaW5kZXIKYGBgCjpleGNsYW1hdGlvbjogVGhlIGB0eXBlYCAqKk1VU1QqKiBiZSBgem9uZW1pbmRlcmAgOmV4Y2xhbWF0aW9uOgoKIyBTdGF0aWNzCi0gSVAgaXMgbG9nZ2VkIGFzIGBldnQuUGFyc2VkLnNvdXJjZV9pcGAgYW5kIGBldnQuTWV0YS5zb3VyY2VfaXBgCi0gVXNlcm5hbWUgaXMgbG9nZ2VkIGFzIGBldnQuUGFyc2VkLnVzZXJuYW1lYCBhbmQgYGV2dC5NZXRhLnVzZXJuYW1lYAo=", "content": "I2ZpbHRlcjogJzE9PTEnICAgICAjIFRlc3RpbmcKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gInpvbmVtaW5kZXIiICAgIyBQcm9kdWN0aW9uCiNkZWJ1ZzogdHJ1ZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogYmF1ZG5lby96b25lbWluZGVyLWxvZ3MKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciB6b25lbWluZGVyIHdlYl9waHAubG9nIChMb2dpbnMgdG8gREIvV2ViKSwgbm93IHN1cHBvcnRzIGRlZmF1bHQgUEhQIGludGwgZGF0ZSBmb3JtYXQKcGF0dGVybl9zeW50YXg6CiAgWk1fVElNRTogJzJbMDEyM118WzAxXT9bMC05XTpbMC01XVswLTldOig/OlswLTVdP1swLTldfDYwKVxzPyhBTXxQTSBbQS1aXXszfSk/XC5bMC05XXs2fScKICBaTV9CQURVU0VSOiAnXiV7TU9OVEhOVU06bW9udGh9Wy8tXSV7TU9OVEhEQVk6ZGF5fVsvLV0le1lFQVI6eWVhcn0sP1stIF0le1pNX1RJTUU6dGltZX0gd2ViX3BocFxbXGQrXVwuW0EtWl17M30gXFsoJXtJUDpzb3VyY2VfaXB9KVxdXHNcW0NvdWxkIG5vdCByZXRyaWV2ZSB1c2VyICV7REFUQTp1c2VybmFtZX0gZGV0YWlsc1xdJwogIFpNX0JBRFBBU1NXT1JEOiAnXiV7TU9OVEhOVU06bW9udGh9Wy8tXSV7TU9OVEhEQVk6ZGF5fVsvLV0le1lFQVI6eWVhcn0sP1stIF0le1pNX1RJTUU6dGltZX0gd2ViX3BocFxbXGQrXVwuW0EtWl17M30gXFsoJXtJUDpzb3VyY2VfaXB9KVxdXHNcW0xvZ2luIGRlbmllZCBmb3IgdXNlciBcIiV7REFUQTp1c2VybmFtZX1cIlxdJwojI05FVyBCQUQgVVNFUiMgMTIvMTcvMjIsIDEwOjMxOjI5IFBNIE1TVC41NTc3MTAgd2ViX3BocFsyNTQ4OTRdLkVSUiBbMTAuMC4xLjVdIFtDb3VsZCBub3QgcmV0cmlldmUgdXNlciBhYWFhIGRldGFpbHNdIGF0IC91c3Ivc2hhcmUvem9uZW1pbmRlci93d3cvaW5jbHVkZXMvYXV0aC5waHAgbGluZSAzOTUKIyNORVcgQkFEIFBBU1MjIDAxLzA2LzIyLCAxMDozMToyOSBQTSBNU1QuNTU3NzEwIHdlYl9waHBbNjg4XS5FUlIgWzk5LjEuMS4xXSBbTG9naW4gZGVuaWVkIGZvciB1c2VyICJ2YWxpZHVzZXIiXSBhdCAvdXNyL3NoYXJlL3pvbmVtaW5kZXIvd3d3L2luY2x1ZGVzL2F1dGgucGhwIGxpbmUgMzEzCiMjT0xEIEJBRCBVU0VSIyAwMS8wNi8yMiAwOToyNjoxNS4xMTc0MzQgd2ViX3BocFsyNThdLkVSUiBbOTkuMS4xLjFdIFtDb3VsZCBub3QgcmV0cmlldmUgdXNlciB0ZXN0dXNlciBkZXRhaWxzXSBhdCAvdXNyL3NoYXJlL3pvbmVtaW5kZXIvd3d3L2luY2x1ZGVzL2F1dGgucGhwIGxpbmUgMzEzCiMjT0xEIEJBRCBQQVNTIyAwMS8wNi8yMiAwOToyNzozOS44NDMzMzggd2ViX3BocFs2ODhdLkVSUiBbOTkuMS4xLjFdIFtMb2dpbiBkZW5pZWQgZm9yIHVzZXIgInZhbGlkdXNlciJdIGF0IC91c3Ivc2hhcmUvem9uZW1pbmRlci93d3cvaW5jbHVkZXMvYXV0aC5waHAgbGluZSAzMTMKCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIlpNX0JBRFBBU1NXT1JEIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB6bV9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogbG9nX3N1YnR5cGUKICAgICAgICAgIHZhbHVlOiB6bV9iYWRfcGFzc3dvcmQKICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgLSBncm9rOgogICAgICBuYW1lOiAiWk1fQkFEVVNFUiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogem1fZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IGxvZ19zdWJ0eXBlCiAgICAgICAgICB2YWx1ZTogem1fYmFkX3VzZXIKICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCgpzdGF0aWNzOgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gdGFyZ2V0OiBTdHJUaW1lCiAgICBleHByZXNzaW9uOiB8LQogICAgICAiMjAiICsgZXZ0LlBhcnNlZC55ZWFyICsgIi8iICsgZXZ0LlBhcnNlZC5tb250aCArICIvIiArIGV2dC5QYXJzZWQuZGF5ICsgIiAiICsgZXZ0LlBhcnNlZC50aW1lCg==", "description": "A parser for zoneminder web_php.log (Logins to DB/Web), now supports default PHP intl date format", "author": "baudneo", "labels": null }, "corvese/apache-guacamole-logs": { "path": "parsers/s01-parse/corvese/apache-guacamole-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "16e2b2205362d6ce2d83cce6a843194b5aea947891e5c7e72d006d4980c2d610", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciB0aGF0IHdpbGwgc2VhcmNoIGZvciBmYWlsZWQgYXV0aGVudGljYXRpb24gYXR0ZW1wdHMuIAoKIyBDb25maWd1cmF0aW9uCi0gTW9kaWZ5IHRoZSBgYWNxdWlzLnlhbWxgIGNvbmZpZ3VyYWl0b24gZmlsZS4gVGhlIGB0eXBlYCAqKk1VU1QqKiBiZSBleGFjdGx5IGFzIHNob3duIGhlcmUgb3IgdGhlIHBhcnNlciB3aWxsIG5ldmVyIGJlIHN1Y2Nlc3NmdWwuCgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC9wYXRoL3RvL2FwYWNoZS1ndWFjYW1vbGUubG9nCmxhYmVsczoKICB0eXBlOiBhcGFjaGUtZ3VhY2Ftb2xlCmBgYAo6ZXhjbGFtYXRpb246IFRoZSBgdHlwZWAgKipNVVNUKiogYmUgYGFwYWNoZS1ndWFjYW1vbGVgIDpleGNsYW1hdGlvbjoKCiMgQXBhY2hlIFF1YWNhbW9sZSBjb25maWd1cmF0aW9uCgpUaGUgZGVmYXVsdCBsb2cgZm9ybWF0IHVzZWQgYnkgcXVhY2Ftb2xlIGlzIG5vdCBzdXBwb3J0ZWQgYnkgY3Jvd2RzZWMgYXMgdGhlcmUgaXMgbm8gZGF0ZSBpbiB0aGUgbG9nIGxpbmUgeW91IHdpbGwgbmVlZCB0byBkbyB0aGUgZm9sbG93aW5nIHRvIG1ha2UgaXQgY29tcGF0aWJsZSwgdGhlc2UgYXJlIGV4YW1wbGVzIGFuZCBzaG91bGQgYmUgY2hhbmdlZCB0byByZWZsZWN0IHlvdXIgc2V0dXAuCgotIENyZWF0ZSB0aGUgZm9sbG93aW5nICdsb2diYWNrLnhtbCcgZmlsZSBpbiBndWFjYW1vbGUgaG9tZSBkaXIgdG8gbG9nIHdpdGggdGhlIGNvcnJlY3QgRGF0ZSBmb3JtYXQuClNURE9VVApgYGB4bWwKPGNvbmZpZ3VyYXRpb24+CiAgICA8IS0tIERlZmF1bHQgYXBwZW5kZXIgLS0+CiAgICA8YXBwZW5kZXIgbmFtZT0iR1VBQy1ERUZBVUxUIiBjbGFzcz0iY2gucW9zLmxvZ2JhY2suY29yZS5Db25zb2xlQXBwZW5kZXIiPgogICAgICAgIDxlbmNvZGVyPgogICAgICAgICAgICA8cGF0dGVybj4lZGF0ZXsieXl5eS1NTS1kZCdUJ0hIOm1tOnNzLFNTU1hYWCIsIFVUQ30gWyV0aHJlYWRdICUtNWxldmVsICVsb2dnZXJ7MzZ9IC0gJW1zZyVuPC9wYXR0ZXJuPgogICAgICAgIDwvZW5jb2Rlcj4KICAgIDwvYXBwZW5kZXI+CgogICAgPCEtLSBMb2cgYXQgSU5GTyBsZXZlbCAtLT4KICAgIDxyb290IGxldmVsPSJXQVJOIj4KICAgICAgICA8YXBwZW5kZXItcmVmIHJlZj0iR1VBQy1ERUZBVUxUIiAvPgogICAgPC9yb290PgoKPC9jb25maWd1cmF0aW9uPgpgYGAKCkZJTEU6CmBgYHhtbAo8Y29uZmlndXJhdGlvbj4KICAgIDwhLS0gRGVmYXVsdCBhcHBlbmRlciAtLT4KICAgIDxhcHBlbmRlciBuYW1lPSJHVUFDLURFRkFVTFQiIGNsYXNzPSJjaC5xb3MubG9nYmFjay5jb3JlLkZpbGVBcHBlbmRlciI+CiAgICAgICAgPGZpbGU+L3Zhci9sb2cvZ3VhY2Ftb2xlLmxvZzwvZmlsZT4KICAgICAgICA8ZW5jb2Rlcj4KICAgICAgICAgICAgPHBhdHRlcm4+JWRhdGV7Inl5eXktTU0tZGQnVCdISDptbTpzcyxTU1NYWFgiLCBVVEN9IFsldGhyZWFkXSAlLTVsZXZlbCAlbG9nZ2VyezM2fSAtICVtc2clbjwvcGF0dGVybj4KICAgICAgICA8L2VuY29kZXI+CiAgICA8L2FwcGVuZGVyPgoKICAgIDwhLS0gTG9nIGF0IElORk8gbGV2ZWwgLS0+CiAgICA8cm9vdCBsZXZlbD0iV0FSTiI+CiAgICAgICAgPGFwcGVuZGVyLXJlZiByZWY9IkdVQUMtREVGQVVMVCIgLz4KICAgIDwvcm9vdD4KCjwvY29uZmlndXJhdGlvbj4KYGBgCgpJZiB1c2luZyBkb2NrZXIgeW91IHdpbGwgbmVlZCB0byBtb3VudCB0aGUgZm9sbG93aW5nIHZvbHVtZSB0aGF0IGxpbmtzIHRvIHRoZSBsb2diYWNrLnhtbCBmaWxlIGFuZCBzZXQgdGhlIEdVQUNBTU9MRV9IT01FIHZhcmlhYmxlCmBgYHlhbWwKICAgIHZvbHVtZXM6CiAgICAtIC4vbG9nYmFjay54bWw6L2hvbWUvZ3VhY2Ftb2xlL3RlbXAvbG9nYmFjay54bWw6cm8KICAgIGVudmlyb25tZW50OgogICAgICBHVUFDQU1PTEVfSE9NRTogL2hvbWUvZ3VhY2Ftb2xlL3RlbXAvCmBgYAo=", "content": "bmFtZTogY29ydmVzZS9hcGFjaGUtZ3VhY2Ftb2xlLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZXMgQXBhY2hlIEd1YWNhbW9sZSBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2FwYWNoZS1ndWFjYW1vbGUnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKcGF0dGVybl9zeW50YXg6CiAgR1VBQ19DVVNUT01VU0VSOiAiKCV7RU1BSUxBRERSRVNTfXwle1VTRVJOQU1FfSkiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfS4qQXV0aGVudGljYXRpb24gYXR0ZW1wdCBmcm9tIFxbJXtJUDpzb3VyY2VfaXB9Lipmb3IgdXNlciAiJXtHVUFDX0NVU1RPTVVTRVI6dXNlcm5hbWV9IiBmYWlsZWQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGFwYWNoZS1ndWFjYW1vbGVfZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGFwYWNoZS1ndWFjYW1vbGUKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parses Apache Guacamole logs", "author": "corvese", "labels": null }, "crowdsecurity/amavis-logs": { "path": "parsers/s01-parse/crowdsecurity/amavis-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "f712aa420ac1e4b89979c3e880a972fbd6b6214585f8f068312aed2b5290c240", "deprecated": false }, "0.2": { "digest": "4e3b45710bd862fe27336fcfc7b7736ccdc8874b4d54921d75d1bb3c7c869b8c", "deprecated": false } }, "long_description": "VGhpcyBwYXJzZXIgZGV0ZWN0cyBsb2dzIGdlbmVyYXRlZCB3aGVuIGEgbWVzc2FnZSBpcyBibG9ja2VkIGJ5IGFtYXZpczoKCmBgYApGZWIgMjMgMDQ6NTU6NTcgeHl6IGFtYXZpc1s0MDUxNjA3XTogKDQwNTE2MDctMDkpIEJsb2NrZWQgSU5GRUNURUQgKFBvcmN1cGluZS5QaGlzaGluZy41NTU0Mi5VTk9GRklDSUFMKSB7RGlzY2FyZGVkSW5ib3VuZCxRdWFyYW50aW5lZH0sIFsxOTIuMTY4LjAuMV06MTQzNCBbMTkyLjE2OC4wLjFdIDxzb21lb25lMUBzb21ldGhpbmcxLmNvbT4gLT4gPHNvbWVvbjJAc29tZXRoaW5nMi5jb20+LCBxdWFyYW50aW5lOiAyL3ZpcnVzLTI2VzJsSlk2M25DWiwgUXVldWUtSUQ6IDgzQjc0MTAwOUNEMzUsIE1lc3NhZ2UtSUQ6IDwyMDI0MDIyMzA3NTUyNS44Q0Q5OTQxQjY3QHh4eC54eHguc2hvcD4sIG1haWxfaWQ6IDI2VzJsSlk2M25DWiwgSGl0czogLSwgc2l6ZTogMjg2NDYsIDEwNCBtcwpgYGAKCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYW1hdmlzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBhbWF2aXMgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdhbWF2aXMnIgpwYXR0ZXJuX3N5bnRheDoKICBBTUFWSVNfTUVTU0FHRUlEOiAiTWVzc2FnZS1JRDogPCV7REFUQTphbWF2aXNfbWVzc2FnZS1pZH0+IgogIEFNQVZJU19TSVpFOiAic2l6ZTogJXtQT1NJTlQ6YW1hdmlzX3NpemV9IgogIEFNQVZJU19URVNUUzogJ1Rlc3RzOiBcWyV7REFUQTphbWF2aXNfdGVzdHN9XF0nCiAgQU1BVklTX0ZST006ICJGcm9tOiAle0RBVEE6YW1hdmlzX2hlYWRlcl9mcm9tfSIKICBBTUFWSVNfSElUUzogIkhpdHM6ICV7TlVNQkVSOmFtYXZpc19oaXRzfSIKICBBTUFWSVNfUVVBUkFOVElORTogInF1YXJhbnRpbmU6ICV7Tk9UU1BBQ0U6YW1hdmlzX3F1YXJhbnRpbmV9IgogIEFNQVZJU19TVUJKRUNUOiAnU3ViamVjdDogIiV7REFUQTphbWF2aXNfc3ViamVjdH0iJwogIEFNQVZJU19LVjogIigoJXtBTUFWSVNfTUVTU0FHRUlEfXwle0FNQVZJU19TSVpFfXwle0FNQVZJU19URVNUU318JXtBTUFWSVNfRlJPTX18JXtBTUFWSVNfSElUU318JXtBTUFWSVNfUVVBUkFOVElORX18JXtBTUFWSVNfU1VCSkVDVH18JXtEQVRBfSksICkqIgogIEFNQVZJUzogJ1woJXtEQVRBOmFtYXZpc19pZH1cKSAle1dPUkQ6YW1hdmlzX2FjdGlvbn0gJXtOT1RTUEFDRTphbWF2aXNfY2F0ZWdvcnl9KCBcKCV7REFUQTphbWF2aXNfbWF0Y2h9XCkpKCBceyV7REFUQTphbWF2aXNfYWNpb25zfVx9KT8sIFxbKElQdjY6KT8le0lQOmFtYXZpc19yZWxheV9pcH1cXTole1BPU0lOVDpzcmNfcG9ydH0gXFsoSVB2NjopPyV7SVA6YW1hdmlzX2FtYXZpc19vcmlnaW5faXB9XF0gPCV7REFUQTphbWF2aXNfZnJvbX0+IC0+IDwle0RBVEE6YW1hdmlzX3RvfT4sICV7QU1BVklTX0tWfSV7UE9TSU5UOmFtYXZpc19lbGFwc2VkdGltZX0gbXMnCmdyb2s6CiAgbmFtZTogIkFNQVZJUyIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGFtYXZpcwogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiAiYW1hdmlzIgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5hbWF2aXNfcmVsYXlfaXAiCiAgLSBtZXRhOiBhbWF2aXNfY2F0ZWdvcnkKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmFtYXZpc19jYXRlZ29yeSIKICAtIG1ldGE6IGFtYXZpc19tYXRjaAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYW1hdmlzX21hdGNoIgo=", "description": "Parse amavis logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/apache2-logs": { "path": "parsers/s01-parse/crowdsecurity/apache2-logs.yaml", "stage": "s01-parse", "version": "1.4", "versions": { "0.1": { "digest": "405a1eacb736240024a1302fb7a95184bd1dbb4205c9746877b01aa74aff602f", "deprecated": false }, "0.2": { "digest": "911be04b02a2aef5052020087b0941c9a646a0ad6213cb34d541d35c5c10fba1", "deprecated": false }, "0.3": { "digest": "2acd7b53dd7ac9765246dbcc539395ad89942a5b48f3cab6b1489cb6c9fe1360", "deprecated": false }, "0.4": { "digest": "63c47a8b0740d05e15a84640c44cdbc7b96907deae4650dcdb61329d37bcf9e8", "deprecated": false }, "0.5": { "digest": "cb41418db5e5dcf3f1e0fba7731f2eab8eff07f1083a92f5e45e13a4d8f6ff95", "deprecated": false }, "0.6": { "digest": "305729e749b6c7c7c7370d0b2fd247c5de13c3d3b45809745049eeb45d7f46b9", "deprecated": false }, "0.7": { "digest": "8244953978839afc950bea90934cf20834d4f243b79163a44c8ff67b9eb9e459", "deprecated": false }, "0.8": { "digest": "b37a7940a2b6c0b7b909679c1e837ec9e6628f24e9a88f8830600e0df9ba5941", "deprecated": false }, "0.9": { "digest": "f4fa2cfb6ff5742b499f575630acf884e1dbdd6af7196e2fd3a2aeeeec9bceb9", "deprecated": false }, "1.0": { "digest": "bc4cce2766afde63489bfe7d8d1f8aec82f9c897da5e824904156c53cdc555f6", "deprecated": false }, "1.1": { "digest": "311e3761538c96f641478da49af219df8084205e191c39f3794fba4a4780ed76", "deprecated": false }, "1.2": { "digest": "a2e968ebf9d568de24f2c407504c85edb08e2e31e9422b913de763ab855dc6d4", "deprecated": false }, "1.3": { "digest": "c8fac234d41df2edd112265f75a5178718eeabe58135bd1e307bf92892ff3639", "deprecated": false }, "1.4": { "digest": "0b4f8ca4b1a3486d6e6d1c214d05e600035fc95bf717e4247325c5506c98ed46", "deprecated": false } }, "long_description": "VGhpcyBhcGFjaGUyIHBhcnNlciBzdXBwb3J0IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyBpbiB0aGUgSFRUUEQgQ09NQklORUQgTE9HIHN0YW5kYXJkIGZvcm1hdCwgd2l0aCB0aGUgZm9sbG93aW5nIHBvc3NpYmxlIG1vZGlmaWNhdGlvbnMgOgogLSBBbiBvcHRpb25hbCBJUCBvciBGUUROIGNhbiBiZSBwcmVzZW50IGFzIHRoZSBmaXJzdCBlbGVtZW50IG9mIGxpbmUsIGFuZCB3aWxsIGJlIHN0b3JlZCBpbiBgdGFyZ2V0X2ZxZG5gLiBUaGlzIGlzIG1lYW50IGZvciBtdWx0aS10ZW5hbnQgLyBhZ2dyZWdhdGVkIGxvZ3MuCiAtIGByZWZlcnJlcmAgYW5kIGB1c2VyX2FnZW50YCBoYXZlIGJlZW4gbWFkZSBvcHRpb25hbCBmb3IgbW9yZSBlcHVyYXRlZCBsb2dnaW5nIGZvcm1hdHMKCgoqbm90ZSA6KiBJZiB5b3UgYXJlIGFnZ3JlZ2F0aW5nIGxvZ3MgZnJvbSBzZXZlcmFsIGRvbWFpbnMsIHByZWZpeCB5b3VyIGxvZ2xpbmUgd2l0aCB0aGUgdGFyZ2V0IEZRRE4uIEhUVFAgYmFzZWQgc2NlbmFyaW9zIHNob3VsZCB0YWtlIHRoaXMgaW50byBhY2NvdW50IHNvIHRoYXQgYnVja2V0cyBhcmUgX3Blcl8gc291cmNlIElQIHBlciB0YXJnZXQgRlFETiwgbGltaXRpbmcgZmFsc2UgcG9zaXRpdmVzIGR1ZSB0byBsb2dzIG11bHRpcGxleGluZy4K", "content": "I0FwYWNoZSBhY2Nlc3MvZXJyb3JzIGxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBzdGFydHNXaXRoICdhcGFjaGUyJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXBhY2hlMiBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCiNsb2cgbGluZSBjYW4gYmUgcHJlZml4ZWQgYnkgYSB0YXJnZXRfZnFkbgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0oOiV7SU5UOnBvcnR9KT8gKT8le0NPTU1PTkFQQUNIRUxPR30oICIle05PVERRVU9URTpyZWZlcnJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9Iik/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgICB2YWx1ZTogaHR0cAogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudGlwCiAgICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQogICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0ICE9ICcnID8gZXZ0LlBhcnNlZC5yZXF1ZXN0IDogZXZ0LlBhcnNlZC5yYXdyZXF1ZXN0IgogICAgICAgIC0gbWV0YTogaHR0cF92ZXJiCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC52ZXJiIgogICAgICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0hUVFBEX0VSUk9STE9HfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgcGF0dGVybl9zeW50YXg6CiAgICAgIE5PVF9ET1VCTEVfUE9JTlQ6ICdbXjpdKycKICAgICAgTk9UX0RPVUJMRV9RVU9URTogJ1teIl0rJyAgICAKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubW9kdWxlID09ICdhdXRoX2Jhc2ljJyIKICAgICAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIEVYVFJBQ1RfVVNFUl9BTkRfUEFUSDogJ3VzZXIgJXtOT1RfRE9VQkxFX1BPSU5UOnVzZXJuYW1lfTogYXV0aGVudGljYXRpb24gZmFpbHVyZSBmb3IgIiV7Tk9UX0RPVUJMRV9RVU9URTp0YXJnZXRfdXJpfSI6IFBhc3N3b3JkIE1pc21hdGNoJwogICAgICAgICAgRVhUUkFDVF9VU0VSX0FORF9QQVRIMjogJ3VzZXIgJXtOT1RfRE9VQkxFX1BPSU5UOnVzZXJuYW1lfSBub3QgZm91bmQ6ICI/JXtOT1RfRE9VQkxFX1FVT1RFOnRhcmdldF91cml9Ij8nCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfVVNFUl9BTkRfUEFUSH18JXtFWFRSQUNUX1VTRVJfQU5EX1BBVEgyfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGFyZ2V0X3VyaQogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLm1vZHVsZSA9PSAnY29yZScgJiYgZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdJbnZhbGlkIFVSSSciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBFWFRSQUNUX1VSSVZFUkI6ICdJbnZhbGlkIFVSSSBpbiByZXF1ZXN0ICV7V09SRDp2ZXJifSAle05PVFNQQUNFOnJlcXVlc3R9KD86IEhUVFAvJXtOVU1CRVI6aHR0cHZlcnNpb259KScKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7RVhUUkFDVF9VUklWRVJCfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVxdWVzdAogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImludmFsaWRfdXJpIgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubW9kdWxlID09ICdhdXRoel9jb3JlJyAmJiBldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ2NsaWVudCBkZW5pZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgRVhUUkFDVF9QQVRIOiAnY2xpZW50IGRlbmllZCBieSBzZXJ2ZXIgY29uZmlndXJhdGlvbjogJXtHUkVFRFlEQVRBOnRhcmdldF91cml9JwogICAgICAgIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtFWFRSQUNUX1BBVEh9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50YXJnZXRfdXJpCiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAicGVybWlzc2lvbl9kZW5pZWQiCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgIC0gbWV0YTogc2VydmljZQogICAgICAgIHZhbHVlOiBodHRwCiAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5jbGllbnQKICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVzcG9uc2UKCiAgICAgIAo=", "description": "Parse Apache2 access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/appsec-logs": { "path": "parsers/s01-parse/crowdsecurity/appsec-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "b6de996d25dcbbbda4889fea9e8b05559660c54ea2ed7202430741ef40141179", "deprecated": false }, "0.2": { "digest": "20fe00d38f9756169fb5d56027e5c26085e038f699a18d17be94ad6b0da14447", "deprecated": false }, "0.3": { "digest": "24ea66d28ee00e9bef266b86fc56ed9e7a95e8f36027765b99389f0b4ed8c2d3", "deprecated": false }, "0.4": { "digest": "60b45bc8957dfc40f270500b8ef438085294fc172c92332dcb9dcb3c14cc9c85", "deprecated": false }, "0.5": { "digest": "e44f2877c363061fef239a9af472253900674bf261e8762febd06d7ef20022a0", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZvcm1hdDogMy4wCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2FwcHNlYyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBwc2VjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBBcHBzZWMgZXZlbnRzIgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGFwcHNlYwogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSBtZXRhOiB0YXJnZXRfaG9zdAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2hvc3QiCiAgLSBtZXRhOiByZXF1ZXN0X3V1aWQKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlcV91dWlkIgogIC0gbWV0YTogdGFyZ2V0X3VyaQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X3VyaSIKI3dhcyB0aGUgcmVxdWVzdCBibG9ja2VkID8KICAtIG1ldGE6IGxvZ190eXBlCiAgICBleHByZXNzaW9uOiB8CiAgICAgIGV2dC5BcHBzZWMuSGFzSW5CYW5kTWF0Y2hlcyA/ICJhcHBzZWMtYmxvY2siIDogImFwcHNlYy1pbmZvIgogIC0gbWV0YTogcnVsZV9uYW1lCiAgICBleHByZXNzaW9uOiBldnQuQXBwc2VjLkdldE5hbWUoKQogIC0gbWV0YTogcnVsZV9pZHMKICAgIGV4cHJlc3Npb246IFNwcmludGYoIiUrdiIsIGV2dC5BcHBzZWMuR2V0UnVsZUlEcygpKQogIC0gbWV0YTogcmVtZWRpYXRpb25fY21wdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtZWRpYXRpb25fY21wdF9pcCIK", "description": "Parse Appsec events", "author": "crowdsecurity", "labels": null }, "crowdsecurity/asterisk-logs": { "path": "parsers/s01-parse/crowdsecurity/asterisk-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "6c32f0c5c37b86d83b35c9c90aee2550b8c2d59748a31bd2ba95842be35bf031", "deprecated": false }, "0.2": { "digest": "29155ff1a969acdbd1be800f350168d0b2bf2c2adcfd9350d284667d857e9fe3", "deprecated": false }, "0.3": { "digest": "f8a4fb06d81b9b1344ae9ba158c34b069f234597dc2fa140ae2f139cc8da148d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBhc3RlcmlzayBsb2dzIChwYXJzZSBvbmx5IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBsb2dzIGZvciB0aGUgbW9tZW50KS4=", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlzay1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXN0ZXJpc2sgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdhc3RlcmlzayciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcWyV7REFUQTp0aW1lc3RhbXB9XF0gU0VDVVJJVFlcWyV7TlVNQkVSfVxdLiogU2VjdXJpdHlFdmVudD0iSW52YWxpZEFjY291bnRJRCIsRXZlbnRUVj0iJXtEQVRBOmV2ZW50X3RpbWVzdGFtcH0iLFNldmVyaXR5PSJFcnJvciIsU2VydmljZT0iJXtOT1REUVVPVEU6YXN0ZXJpc2tfc2VydmljZX0iLEV2ZW50VmVyc2lvbj0iJXtOVU1CRVJ9IixBY2NvdW50SUQ9IiV7Tk9URFFVT1RFOnVzZXJuYW1lfSIsU2Vzc2lvbklEPSIle05PVERRVU9URTphc3Rlcmlza19zZXNzaW9uX2lkfSIsTG9jYWxBZGRyZXNzPSJJUFYle05VTUJFUn0vKFVEUHxUQ1ApLyV7SVBPUkhPU1Q6dGFyZ2V0X2lwfS8le05VTUJFUjp0YXJnZXRfcG9ydH0iLFJlbW90ZUFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDpzb3VyY2VfaXB9LyV7TlVNQkVSOnNvdXJjZV9wb3J0fSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGFzdGVyaXNrX2ZhaWxlZF9hdXRoCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgICAtIG1ldGE6IHNlc3Npb25faWQKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuYXN0ZXJpc2tfc2Vzc2lvbl9pZAogICAgICAgIC0gbWV0YTogYXN0ZXJpc2tfc2VydmljZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXJ2aWNlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0RBVEE6dGltZXN0YW1wfVxdIFNFQ1VSSVRZXFsle05VTUJFUn1cXS4qIFNlY3VyaXR5RXZlbnQ9IkNoYWxsZW5nZVJlc3BvbnNlRmFpbGVkIixFdmVudFRWPSIle0RBVEE6ZXZlbnRfdGltZXN0YW1wfSIsU2V2ZXJpdHk9IkVycm9yIixTZXJ2aWNlPSIle05PVERRVU9URTphc3Rlcmlza19zZXJ2aWNlfSIsRXZlbnRWZXJzaW9uPSIle05VTUJFUn0iLEFjY291bnRJRD0iJXtOT1REUVVPVEU6dXNlcm5hbWV9IixTZXNzaW9uSUQ9IiV7Tk9URFFVT1RFOmFzdGVyaXNrX3Nlc3Npb25faWR9IixMb2NhbEFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDp0YXJnZXRfaXB9LyV7TlVNQkVSOnRhcmdldF9wb3J0fSIsUmVtb3RlQWRkcmVzcz0iSVBWJXtOVU1CRVJ9LyhVRFB8VENQKS8le0lQT1JIT1NUOnNvdXJjZV9pcH0vJXtOVU1CRVI6c291cmNlX3BvcnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXN0ZXJpc2tfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gbWV0YTogc2Vzc2lvbl9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXNzaW9uX2lkCiAgICAgICAgLSBtZXRhOiBhc3Rlcmlza19zZXJ2aWNlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmFzdGVyaXNrX3NlcnZpY2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcWyV7REFUQTp0aW1lc3RhbXB9XF0gU0VDVVJJVFlcWyV7TlVNQkVSfVxdLiogU2VjdXJpdHlFdmVudD0iSW52YWxpZFBhc3N3b3JkIixFdmVudFRWPSIle0RBVEE6ZXZlbnRfdGltZXN0YW1wfSIsU2V2ZXJpdHk9IkVycm9yIixTZXJ2aWNlPSIle05PVERRVU9URTphc3Rlcmlza19zZXJ2aWNlfSIsRXZlbnRWZXJzaW9uPSIle05VTUJFUn0iLEFjY291bnRJRD0iJXtOT1REUVVPVEU6dXNlcm5hbWV9IixTZXNzaW9uSUQ9IiV7Tk9URFFVT1RFOmFzdGVyaXNrX3Nlc3Npb25faWR9IixMb2NhbEFkZHJlc3M9IklQViV7TlVNQkVSfS8oVURQfFRDUCkvJXtJUE9SSE9TVDp0YXJnZXRfaXB9LyV7TlVNQkVSOnRhcmdldF9wb3J0fSIsUmVtb3RlQWRkcmVzcz0iSVBWJXtOVU1CRVJ9LyhVRFB8VENQKS8le0lQT1JIT1NUOnNvdXJjZV9pcH0vJXtOVU1CRVI6c291cmNlX3BvcnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXN0ZXJpc2tfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gbWV0YTogc2Vzc2lvbl9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5hc3Rlcmlza19zZXNzaW9uX2lkCiAgICAgICAgLSBtZXRhOiBhc3Rlcmlza19zZXJ2aWNlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmFzdGVyaXNrX3NlcnZpY2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogYXN0ZXJpc2sKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCg==", "description": "Parse Asterisk logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/auditd-logs": { "path": "parsers/s01-parse/crowdsecurity/auditd-logs.yaml", "stage": "s01-parse", "version": "0.9", "versions": { "0.1": { "digest": "fa23b38e12ef4abce21475ad78c3d6650538c88e68f8235f74afc238345b0279", "deprecated": false }, "0.2": { "digest": "de3f1196ca61471401f0fbb0d628228ad2d894670233b72f0e0ad97ffa33c4b8", "deprecated": false }, "0.3": { "digest": "5172acd163c92054c107b6f82769c2f763a73c6c43e63a74452d674cf4c772a3", "deprecated": false }, "0.4": { "digest": "770cd94fb8d0cd0044a63dc2fa391c0eb33be2bf277c26d090731d9c9d563de9", "deprecated": false }, "0.5": { "digest": "c6bd6b56738da1f23805cc0ff3eeedf2dddebf1305b072dcddf30b1cfff544fd", "deprecated": false }, "0.6": { "digest": "7e8321dd50751a53ed82b4a34c58206ce2266c1bdb8c435ce011dc1c46892309", "deprecated": false }, "0.7": { "digest": "777a9632ba5871cb42e51096c8e4ad49c1b6a39912e8a5097be4401dc42879c8", "deprecated": false }, "0.8": { "digest": "094e29326685de68912952a3561ff862d78acc2d515d5c7badc6e3be13857d48", "deprecated": false }, "0.9": { "digest": "a8302c5a00fd74c13205934a6b101b5216ba93f2798fcbf816cc361bd63c829f", "deprecated": false } }, "content": "I3R5cGU9U1lTQ0FMTCBtc2c9YXVkaXQoMTY3MjMzMDk1NS4yNzM6NDQzMyk6IGFyY2g9YzAwMDAwM2Ugc3lzY2FsbD0yNjMgc3VjY2Vzcz1ubyBleGl0PS0yIGEwPWZmZmZmZjljIGExPTU1NzE2MjM5NjU5MCBhMj0wIGEzPTAgaXRlbXM9MSBwcGlkPTE0NDU3MSBwaWQ9MTQ1NDAwIGF1aWQ9MTAwMCB1aWQ9MTAwMCBnaWQ9MTAwMCBldWlkPTEwMDAgc3VpZD0xMDAwIGZzdWlkPTEwMDAgZWdpZD0xMDAwIHNnaWQ9MTAwMCBmc2dpZD0xMDAwIHR0eT1wdHMwIHNlcz03OSBjb21tPSJybSIgZXhlPSIvdXNyL2Jpbi9ybSIga2V5PSJmaWxlX21vZGlmaWNhdGlvbiIKbmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGF1ZGl0ZCBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2F1ZGl0ZCciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpwYXR0ZXJuX3N5bnRheDoKICBGTE9BVDogJ1swLTlcLl0rJwoKbm9kZXM6CiAgI1NZU0NBTEwgNTkgb24geDg2XzY0IC0+IGV4ZWN2ZQogIC0gZmlsdGVyOiBQYXJzZUtWKGV2dC5QYXJzZWQubWVzc2FnZSwgZXZ0LlVubWFyc2hhbGVkLCAiYXVkaXRkIikgPT0gbmlsICMgPT0gbmlsIGlzIHJlcXVpcmVkIGJlY2F1c2UgUGFyc2VLViBkb2VzIG5vdCByZXR1cm4gYSB2YWx1ZQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle1dPUkQ6bXNnX3R5cGV9XCgle0ZMT0FUOnRpbWVzdGFtcH06JXtJTlQ6ZXZlbnRfaW5jX2lkfVwpOicKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQubXNnCiAgICAgICAgbm9kZXM6CiAgICAgICAgICAtIGZpbHRlcjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC50eXBlID09ICJTWVNDQUxMIiBhbmQgZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5hcmNoID09ICJjMDAwMDAzZSIgYW5kIGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQuc3lzY2FsbCA9PSAiNTkiCiAgICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICAgICAgdmFsdWU6IGV4ZWN2ZQogICAgICAgICAgICAgICNsZXQncyBoeWRyYXRlIHdpdGggcHBpZCBwcm9jZXNzIGlmIHdlIGNhbiA6KQogICAgICAgICAgICAgIC0gdGFyZ2V0OiBldnQuTWV0YS5wYXJlbnRfcHJvZ25hbWUKICAgICAgICAgICAgICAgIGV4cHJlc3Npb246IEdldEZyb21TdGFzaCgiYXVkaXRkX3BpZF9wcm9nbmFtZSIsIGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQucHBpZCkKICAgICAgICAgICAgI2xldCdzIGNhcHR1cmUgcHJvY2VzcyBuYW1lIGlmIHdlIGNhbgogICAgICAgICAgICBzdGFzaDoKICAgICAgICAgICAgICAtIG5hbWU6IGF1ZGl0ZF9waWRfcHJvZ25hbWUKICAgICAgICAgICAgICAgIGtleTogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5waWQKICAgICAgICAgICAgICAgIHZhbHVlOiBldnQuVW5tYXJzaGFsZWQuYXVkaXRkLmV4ZQogICAgICAgICAgICAgICAgdHRsOiAxbQogICAgICAgICAgICAgICAgc2l6ZTogMTAwCiAgICAgICAgICAtIGZpbHRlcjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC50eXBlID09ICJBTk9NX0FCRU5EIgogICAgICAgICAgICBzdGF0aWNzOgogICAgICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgICAgIHZhbHVlOiBhbm9tX2FiZW5kCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgICAgLSBtZXRhOiBwcGlkCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQucHBpZAogICAgICAgICAgLSBtZXRhOiBleGUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5leGUKICAgICAgICAgIC0gbWV0YTogdWlkCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQudWlkCiAgICAgICAgICAtIG1ldGE6IGF1aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5hdWlkCiAgICAgICAgICAtIG1ldGE6IGV1aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5ldWlkCiAgICAgICAgICAtIG1ldGE6IGdpZAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuYXVkaXRkLmdpZAogICAgICAgICAgLSBtZXRhOiBzZXMKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5zZXMKICAgICAgICAgIC0gbWV0YTogc3ViagogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuYXVkaXRkLnN1YmoKICAgICAgICAgIC0gbWV0YTogcGlkCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQucGlkCiAgICAgICAgICAtIG1ldGE6IGNvbW0KICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5jb21tCiAgICAgICAgICAtIG1ldGE6IHNpZwogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuYXVkaXRkLnNpZwogICAgICAgICAgLSBtZXRhOiB0dHkKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC50dHkKICAgICAgICAgIC0gbWV0YTogcmVzCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5hdWRpdGQucmVzCiAgICAgICAgICAtIG1ldGE6IHN0cl9VSUQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmF1ZGl0ZC5VSUQKICAgICAgICAgIC0gbWV0YTogc3RyX0dJRAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuYXVkaXRkLkdJRCAKICAgICAgICAgIC0gbWV0YTogYXVkaXRkX2V2ZW50aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ldmVudF9pbmNfaWQK", "description": "Parse auditd logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/aws-cloudfront": { "path": "parsers/s01-parse/crowdsecurity/aws-cloudfront.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "795f0501182540325f30f3ca69ac7237653549989a65838d0c218fc03589ddcc", "deprecated": false }, "0.2": { "digest": "62f22527304c1287f7c52b28b5fcbba9c4a7c18fdbf4299414c77b15f7bf5f8b", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgpBIHBhcnNlciBmb3IgQVdTIENsb3VkRnJvbnQgYWNjZXNzIGxvZ3MuCgojIFVzYWdlCgpDbG91ZGZyb250IGRlbGl2ZXJzIGxvZ3MgdG8gUzMsIHNvIHlvdSBjYW4gdXNlIGNyb3dkc2VjIFtTMyBkYXRhc291cmNlXShodHRwczovL2RvY3MuY3Jvd2RzZWMubmV0L2RvY3MvbmV4dC9kYXRhX3NvdXJjZXMvczMvKSB0byByZWFkIHRoZSBsb2dzLgoKQW4gZXhhbXBsZSBvZiB0aGUgY29uZmlndXJhdGlvbiBpczoKCmBgYHlhbWwKc291cmNlOiBzMwpwb2xsaW5nX21ldGhvZDogc3FzCnNxc19uYW1lOiBteS1xdWV1ZQpzcXNfZm9ybWF0OiBzM25vdGlmaWNhdGlvbgphd3NfcmVnaW9uOiBldS13ZXN0LTEKdXNlX3RpbWVfbWFjaGluZTogdHJ1ZQpsYWJlbHM6CiAgdHlwZTogYXdzLWNsb3VkZnJvbnQKYGBgCgpCZWNhdXNlIENsb3VkRnJvbnQgd2lsbCBub3QgZGVsaXZlciB0aGUgbG9ncyBpbiByZWFsIHRpbWUsIHlvdSAqbXVzdCogc2V0IHRoZSBgdXNlX3RpbWVfbWFjaGluZWAgb3B0aW9uIHRvIGZvcmNlIGNyb3dkc2VjIHRvIHVzZSB0aGUgdGltZXN0YW1wIGluIHRoZSBsb2cgaXRzZWxmLCBvciB5b3UgYXJlIHZlcnkgbGlrZWx5IHRvIHJ1biBpbnRvIGZhbHNlIHBvc2l0aXZlcy4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdhd3MtY2xvdWRmcm9udCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkZnJvbnQKZGVzY3JpcHRpb246ICJQYXJzZSBBV1MgQ2xvdWRGcm9udCBhY2Nlc3MgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU0yOm1vbnRofS0le01PTlRIREFZOmRheX1ccysle1RJTUU6dGltZX1ccysle0RBVEE6eF9lZGdlX2xvY2F0aW9ufVxzKyV7TlVNQkVSOnNjX2J5dGVzfVxzKyV7SVA6Y19pcH1ccysle1dPUkQ6Y3NfbWV0aG9kfVxzKyV7SE9TVE5BTUU6Y3NfaG9zdH1ccysle0RBVEE6Y3NfdXJpX3N0ZW19XHMrJXtOVU1CRVI6c2Nfc3RhdHVzfVxzKyV7REFUQTpjc19yZWZlcmVyfVxzKyV7REFUQTpjc191c2VyX2FnZW50fVxzKyV7REFUQTpjc191cmlfcXVlcnl9XHMrJXtEQVRBOmNzX2Nvb2tpZX1ccysle1dPUkQ6eF9lZGdlX3Jlc3VsdF90eXBlfVxzKyV7REFUQTp4X2VkZ2VfcmVxdWVzdF9pZH1ccysle0hPU1ROQU1FOnhfaG9zdF9oZWFkZXJ9XHMrJXtXT1JEOmNzX3Byb3RvY29sfVxzKyV7TlVNQkVSOmNzX2J5dGVzfVxzKyV7TlVNQkVSOnRpbWVfdGFrZW59XHMrJXtEQVRBOnhfZm9yd2FyZGVkX2Zvcn1ccysle0RBVEE6c3NsX3Byb3RvY29sfVxzKyV7REFUQTpzc2xfY2lwaGVyfVxzKyV7V09SRDp4X2VkZ2VfcmVzcG9uc2VfcmVzdWx0X3R5cGV9XHMrJXtEQVRBOmNzX3Byb3RvY29sX3ZlcnNpb259XHMrJXtEQVRBOmZsZV9zdGF0dXN9XHMrJXtEQVRBOmZsZV9lbmNyeXB0ZWRfZmllbGRzfVxzKyV7TlVNQkVSOmNfcG9ydH1ccysle05VTUJFUjp0aW1lX3RvX2ZpcnN0X2J5dGV9XHMrJXtXT1JEOnhfZWRnZV9kZXRhaWxlZF9yZXN1bHRfdHlwZX1ccysle0RBVEE6c2NfY29udGVudF90eXBlfVxzKyV7TlVNQkVSOnNjX2NvbnRlbnRfbGVufVxzKyV7REFUQTpzY19yYW5nZV9zdGFydH1ccysle0RBVEE6c2NfcmFuZ2VfZW5kfScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBodHRwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC55ZWFyICsgJy0nICsgZXZ0LlBhcnNlZC5tb250aCArICctJyArIGV2dC5QYXJzZWQuZGF5ICsgJ1QnICsgZXZ0LlBhcnNlZC50aW1lICsgJ1onIgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuY19pcCIKICAgIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc2Nfc3RhdHVzIgogICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgZXhwcmVzc2lvbjogfAogICAgICAgIGV2dC5QYXJzZWQuY3NfdXJpX3F1ZXJ5ID09ICItIiA/IGV2dC5QYXJzZWQuY3NfdXJpX3N0ZW0gOiBldnQuUGFyc2VkLmNzX3VyaV9zdGVtICsgJz8nICsgZXZ0LlBhcnNlZC5jc191cmlfcXVlcnkKICAgIC0gbWV0YTogaHR0cF92ZXJiCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX21ldGhvZCIKICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNzX3VzZXJfYWdlbnQi", "description": "Parse AWS CloudFront access logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/aws-cloudtrail": { "path": "parsers/s01-parse/crowdsecurity/aws-cloudtrail.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "e8a3be4f59909cb5ce9e84132c41d73d6a038362668f84cd851e5228f8ce22a4", "deprecated": false }, "0.2": { "digest": "9684e924bd23962cfb00b11530c569a9db5972be3ec254ec6fa711c19aeb03fe", "deprecated": false }, "0.3": { "digest": "1c1ce10d16bda257a81f838efe8d9069559f0d9c1bf712dad7afd222592947ab", "deprecated": false }, "0.4": { "digest": "5608995bc30951678620b509058a1f2e24a23de62b3cf99bda396ba458e26967", "deprecated": false } }, "long_description": "IyBQYXJzZXIgZm9yIGNsb3VkdHJhaWwgbG9ncwoKUGFyc2VyIGZvciBjbG91ZHRyYWlsIGxvZ3Mgd2l0aCB0eXBlIGBhd3MtY2xvdWR0cmFpbGAuIAoKIyBTMwoKQXMgY2xvdWR0cmFpbCBsb2dzIHRoYXQgYXJlIHNlbnQgdG8gczMgYXJlIHN0b3JlZCBpbiBhIGpzb24gYXJyYXkKb2JqZWN0IGNhbGxlZCBgUmVjb3Jkc2AsIHlvdSBtYXkgd2FudCB0byB1c2UgdGhlIHRyYW5zZm9ybSBmZWF0dXJlIG9mCmNyb3dkc2VjIHdpdGggdGhlIGZvbGxvd2luZyBjb25maWd1cmF0aW9uOgpgbWFwKEpzb25FeHRyYWN0U2xpY2UoZXZ0LkxpbmUuUmF3LCAiUmVjb3JkcyIpLCBUb0pzb25TdHJpbmcoIykpYC4KCgpFeGFtcGxlIG9mIGBhY3F1aXMueWFtbGAgdXNpbmcgczMgczNub3RpZmljYXRpb25zIHRocm91Z2ggc3FzOgpgYGB5YW1sCnNvdXJjZTogczMKcG9sbGluZ19tZXRob2Q6IHNxcwpzcXNfbmFtZTogPHNxc19xdWV1ZT4Kc3FzX2Zvcm1hdDogczNub3RpZmljYXRpb24gCnBvbGxpbmdfaW50ZXJ2YWw6IDMwCmF3c19yZWdpb246IGV1LXdlc3QtMQp0cmFuc2Zvcm06IG1hcChKc29uRXh0cmFjdFNsaWNlKGV2dC5MaW5lLlJhdywgIlJlY29yZHMiKSwgVG9Kc29uU3RyaW5nKCMpKQptYXhfYnVmZmVyX3NpemU6IDEwMDAwMDAwCnVzZV90aW1lX21hY2hpbmU6IHRydWUKbGFiZWxzOgogIHR5cGU6IGF3cy1jbG91ZHRyYWlsCmBgYAoKQSBkaXJlY3QgYWNxdWlzaXRpb24gbWV0aG9kIGlzIHN1cHBvcnRlZCB1c2luZyBzMyBieSBkaXJlY3RseSBsaXN0aW5nCm5ldyBvYmplY3QgaW4gdGhlIGJ1Y2tldC4gSW4gY2FzZSBvZiBoaWdoIGNsb3VkdHJhaWwgdHJhZmZpYywgdGhpcyBpcwpkaXNjb3VyYWdlZCwgYmVjYXVzZSBpdCB3aWxsIHJlcXVpcmUgc29tZSBzaWduaWZpY2FudCBjb21wdXRlCnJlc291cmNlcy4KCkNsb3VkdHJhaWwgbG9ncyBhcmUgYXJyaXZpbmcgZXZlcnkgZmV3IG1pbnV0ZXMsIHRodXMsIHdlIGNhbid0IHVzZSB0aGUKcmVhbCB0aW1lIGZlYXR1cmUgb2YgY3Jvd2RzZWMuIFRoYXQncyB0aGUgcmVhc29uIHdlIGFyZSBzdWdnZXN0aW5nCnRvIHVzZSB0aGUgdGltZSBtYWNoaW5lIGZlYXR1cmUsIHRvIHRha2UgaW50byBhY2NvdW50IHRoZSB0aW1lIHdoZW4KdGhleSBvY2N1cnJlZCBhbmQgbm90IHdoZW4gdGhleSBhcmUgc2VudCB0byBDcm93ZFNlYy4KClBsZWFzZSBoYXZlIGEgbG9vayBhdCB0aGUgZG9jdW1lbnRhdGlvbgpodHRwczovL2RvY3MuY3Jvd2RzZWMubmV0L2RvY3MvbmV4dC9kYXRhX3NvdXJjZXMvczMKCiMgS2luZXNpcwoKQ2xvdWR0cmFpbCBsb2dzIGNhbiBiZSBzZW50IHRvIGtpbmVzaXMgYXMgd2VsbCwgYW5kIGNyb3dkc2VjIHN1cHBvcnRzCnN1Y2ggYSBzb3VyY2UgZm9yIGNsb3VkdHJhaWwgbG9nczoKCmBgYHlhbWwKc291cmNlOiBraW5lc2lzCnN0cmVhbV9uYW1lOiBjbG91dHJhaWxfc3RyZWFtCmF3c19yZWdpb246IGV1LXdlc3QtMQpmcm9tX3N1YnNjcmlwdGlvbjogdHJ1ZQpsYWJlbHM6CiAgdHlwZTogYXdzLWNsb3VkdHJhaWwKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2F3cy1jbG91ZHRyYWlsJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9hd3MtY2xvdWR0cmFpbApkZXNjcmlwdGlvbjogIlBhcnNlIEFXUyBDbG91ZHRyYWlsIGxvZ3MiCnN0YXRpY3M6CiAgLSBwYXJzZWQ6IGNsb3VkdHJhaWxfcGFyc2VkCiAgICBleHByZXNzaW9uOiBVbm1hcnNoYWxKU09OKGV2dC5MaW5lLlJhdywgZXZ0LlVubWFyc2hhbGVkLCAnY2xvdWR0cmFpbCcpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5ldmVudFRpbWUKICAtIG1ldGE6IHVzZXJfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwudXNlcklkZW50aXR5LnR5cGUKICMgc2VlIDogaHR0cHM6Ly9naXRodWIuY29tL2FudG9ubWVkdi9leHByL2Jsb2IvbWFzdGVyL2RvY3MvTGFuZ3VhZ2UtRGVmaW5pdGlvbi5tZCNuaWwtY29hbGVzY2luZwogIC0gbWV0YTogdXNlcl9hcm4KICAgIGV4cHJlc3Npb246IHwKICAgICAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwudXNlcklkZW50aXR5Py5hcm4gPz8gZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwudXNlcklkZW50aXR5LnVzZXJOYW1lCiAgLSBtZXRhOiBldmVudF9uYW1lCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5ldmVudE5hbWUKICAtIG1ldGE6IGV2ZW50X3NvdXJjZQogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXZlbnRTb3VyY2UKICAtIG1ldGE6IHJlZ2lvbgogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuYXdzUmVnaW9uCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IHwKICAgICAgSXNJUChldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5zb3VyY2VJUEFkZHJlc3MpID8gZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuc291cmNlSVBBZGRyZXNzIDogIiIKICAtIG1ldGE6IHVzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5jbG91ZHRyYWlsLnVzZXJBZ2VudAogIC0gbWV0YTogZXJyb3JfY29kZQogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXJyb3JDb2RlCiAgLSBtZXRhOiBldmVudF9pZAogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXZlbnRJRAogIC0gbWV0YTogYWNjb3VudF9pZAogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwudXNlcklkZW50aXR5LmFjY291bnRJZAogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBhd3MtY2xvdWR0cmFpbAo=", "description": "Parse AWS Cloudtrail logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/caddy-logs": { "path": "parsers/s01-parse/crowdsecurity/caddy-logs.yaml", "stage": "s01-parse", "version": "0.8", "versions": { "0.1": { "digest": "30bf81915d8254ab7611c156ddbe0cf389838d471f973403ae1b07fffa5b6d5a", "deprecated": false }, "0.2": { "digest": "482a3d592e742b54f80c4473259ff8e0d5c46a657f086814d6a13e985a550376", "deprecated": false }, "0.3": { "digest": "22abc6def6fb9c36fcc6bb021002fe0b471116eab16e86c56625cfeef668eb7d", "deprecated": false }, "0.4": { "digest": "5f70ca245d84d2b72b5d30517ef85de6bc241b3537c4ac0fcf86a176c2539a75", "deprecated": false }, "0.5": { "digest": "19673bb9a1ad806c7d615d24c37649f8c0679acb07df9ac304ba23d44eaf0f53", "deprecated": false }, "0.6": { "digest": "856f9882c2aa89d701dce456e97bfb4c5230b7fc83cefc54a8279d7cdac5b8fe", "deprecated": false }, "0.7": { "digest": "6f4f7ca36d2d65b540bdc57e47edd44365c39a82d04291015136356f99d29f85", "deprecated": false }, "0.8": { "digest": "4c0627a84747f31d64a1d6b55796950371e64c9c90233fb7cc4bde7e536ea653", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBjYWRkeSBsb2dzLgpJdCBleHBlY3RzIHRoZSBkZWZhdWx0IGtleSB2YWx1ZXMgZm9yIGNhZGR5IGxvZ3MuCgpZb3UgbmVlZCB0byBzcGVjaWZ5IGNhZGR5IGNvbmZpZyB0byBlbmFibGUgbG9nZ2luZyBpbiBhIGZpbGU6CgpgYGBiYXNoCjo4MCB7CiAgICAgICAgIyBTZXQgdGhpcyBwYXRoIHRvIHlvdXIgc2l0ZSdzIGRpcmVjdG9yeS4KICAgICAgICByb290ICogL3Vzci9zaGFyZS9jYWRkeQoKICAgICAgICAjIEVuYWJsZSB0aGUgc3RhdGljIGZpbGUgc2VydmVyLgogICAgICAgIGZpbGVfc2VydmVyCgogICAgICAgICMgQW5vdGhlciBjb21tb24gdGFzayBpcyB0byBzZXQgdXAgYSByZXZlcnNlIHByb3h5OgogICAgICAgICMgcmV2ZXJzZV9wcm94eSBsb2NhbGhvc3Q6ODA4MAoKICAgICAgICAjIE9yIHNlcnZlIGEgUEhQIHNpdGUgdGhyb3VnaCBwaHAtZnBtOgogICAgICAgICMgcGhwX2Zhc3RjZ2kgbG9jYWxob3N0OjkwMDAKICAgICAgICBsb2cgewogICAgICAgICAgICAgICAgb3V0cHV0IGZpbGUgL3Zhci9sb2cvY2FkZHkvYWNjZXNzLmxvZwogICAgICAgIH0KfQoKYGBgCgpBbmQgdGhlbiBhZGQgaW4gYWNxdWlzaXRpb24gdGhpcyA6CgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2NhZGR5L2FjY2Vzcy5sb2cKbGFiZWxzOgogIHR5cGU6IGNhZGR5CmBgYA==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2NhZGR5JyAmJiBVbm1hcnNoYWxKU09OKGV2dC5QYXJzZWQubWVzc2FnZSwgZXZ0LlVubWFyc2hhbGVkLCAnY2FkZHknKSBpbiBbJycsIG5pbF0iCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2NhZGR5LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBjYWRkeSBsb2dzIgpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IHwKICAgICAgU3ByaW50ZigiJXYiLCBldnQuVW5tYXJzaGFsZWQuY2FkZHkudHMpIG1hdGNoZXMgJ15bMC05ZVxcLlxcK10rJCcgPyBpbnQoZXZ0LlVubWFyc2hhbGVkLmNhZGR5LnRzKSA6IGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS50cwogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAjI0NhZGR5IG5vdyBzZXRzIGNsaWVudF9pcCB0byB0aGUgdmFsdWUgb2YgWC1Gb3J3YXJkZWQtRm9yIGlmIHVzZXJzIHNldHMgdHJ1c3RlZCBwcm94aWVzCiAgLSBwYXJzZWQ6IHJlbW90ZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNhZGR5LnJlcXVlc3QuY2xpZW50X2lwCiAgLSBwYXJzZWQ6IGh0dHBfdmVyc2lvbgogICAgZXhwcmVzc2lvbjogImV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LnByb3RvICE9IG5pbCA/IFNwbGl0KGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LnByb3RvLCAnLycpWzFdIDogbmlsIgogIC0gcGFyc2VkOiByZW1vdGVfYWRkcgogICAgZXhwcmVzc2lvbjogImV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LnJlbW90ZV9hZGRyICE9IG5pbCA/IFNwbGl0KGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LnJlbW90ZV9hZGRyLCAnOicpWzBdIDogbmlsIgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlbW90ZV9pcAogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246IGludChldnQuVW5tYXJzaGFsZWQuY2FkZHkuc3RhdHVzKQogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuY2FkZHkucmVxdWVzdC51cmkKICAtIHBhcnNlZDogcmVxdWVzdCAjQWRkIGZvciBodHRwLWxvZ3MgZW5yaWNoZXIKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LnVyaQogIC0gcGFyc2VkOiB2ZXJiCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuY2FkZHkucmVxdWVzdC5tZXRob2QKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmNhZGR5LnJlcXVlc3QubWV0aG9kCiAgLSBwYXJzZWQ6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImdldChldnQuVW5tYXJzaGFsZWQuY2FkZHkucmVxdWVzdC5oZWFkZXJzLCAnVXNlci1BZ2VudCcpICE9IG5pbCA/IGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXF1ZXN0LmhlYWRlcnNbJ1VzZXItQWdlbnQnXVswXSA6IG5pbCIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQKICAtIG1ldGE6IHRhcmdldF9mcWRuCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuY2FkZHkucmVxdWVzdC5ob3N0CiAgLSBtZXRhOiBzdWJfdHlwZQogICAgZXhwcmVzc2lvbjogImV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICc0MDEnICYmIGdldChldnQuVW5tYXJzaGFsZWQuY2FkZHkucmVzcF9oZWFkZXJzLCAnV3d3LUF1dGhlbnRpY2F0ZScpICE9IG5pbCAmJiBhbnkoZ2V0KGV2dC5Vbm1hcnNoYWxlZC5jYWRkeS5yZXNwX2hlYWRlcnMsICdXd3ctQXV0aGVudGljYXRlJyksIHsgIyBzdGFydHNXaXRoICdCYXNpYycgfSkgPyAnYXV0aF9mYWlsJyA6IG5pbCIKCg==", "description": "Parse caddy logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/configserver-lfd-logs": { "path": "parsers/s01-parse/crowdsecurity/configserver-lfd-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "d066bf65a18de919170ddc124550c4617246053031355c66150262e1be2d968f", "deprecated": false }, "0.2": { "digest": "ca9f9686ccddadf26f162c0236dc1623c837ea12be2e2dced2c5adf1f4b74a15", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBDb25maWdTZXJlciBMRkQgZmlsZSBsb2dzLiA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbGZkJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9jb25maWdzZXJ2ZXItbGZkLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBDb25maWdTZXJ2ZXIgTEZEIGxvZ3MiCmdyb2s6CiAgcGF0dGVybjogIkZhaWxlZCBTU0ggbG9naW4gZnJvbSAle0lQOnNvdXJjZV9pcH0gXFwoJXtOT1RTUEFDRTpjb3VudHJ5X2NvZGV9LyV7R1JFRURZREFUQTpjb3VudHJ5X25hbWV9LyV7Tk9UU1BBQ0U6c291cmNlX3JkbnN9XFwpOiAle0dSRUVEWURBVEE6cmVhc29ufSIKICBhcHBseV9vbjogbWVzc2FnZQogIHN0YXRpY3M6CiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIG1ldGE6IHJlYXNvbgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZWFzb24i", "description": "Parse ConfigServer LFD logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cowrie-logs": { "path": "parsers/s01-parse/crowdsecurity/cowrie-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "4ebcf38bef1106ba94ccf6aa575958695de12fa1278b25dddb76cfdce93b553b", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNvd3JpZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY293cmllIGhvbmV5cG90cyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nvd3JpZSciCmdyb2s6CiAgbmFtZTogIkNPV1JJRV9ORVdfQ08iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVsbmV0CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiB0ZWxuZXRfbmV3X3Nlc3Npb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogZGVzdF9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogICAgLSBtZXRhOiBkZXN0X3BvcnQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0IgogICAgLSBwYXJzZWQ6ICJ0ZWxuZXRfc2Vzc2lvbiIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGVsbmV0X3Nlc3Npb24i", "description": "Parse cowrie honeypots logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cpanel-logs": { "path": "parsers/s01-parse/crowdsecurity/cpanel-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "1ff320cb8be4b2ed7e02f2614277d32fcfe8ee60058f6480bb3ab4ff53125ae0", "deprecated": false }, "0.2": { "digest": "38155a2c95c77f26ae07f1718f01eb0fbf946b7dde10f50d375d6b82095807cb", "deprecated": false }, "0.3": { "digest": "66ff0528cc940645a2a1e07894b048d52c9eb02341f6e2abe8756e70ae36f870", "deprecated": false }, "0.4": { "digest": "3ce770d729d896d39598fa0f2d560edf900a05dbcd4f9a460e35a987f8eca8cf", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBjcGFuZWwgbG9ncy4g", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnY3BhbmVsJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9jcGFuZWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIENwYW5lbCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBOT19ET1VCTEVfUVVPVEU6ICdbXiJdKycKICBDUEFORUxfSEVBREVSOiBcWyV7REFUQTpkYXRlfSBcK1swLTldK1xdIGluZm8gXFsoY3BhbmVsZHx3aG9zdG1ncmQpXF0gJXtJUDpyZW1vdGVfYWRkcn0gLSAle05PVFNQQUNFOnVzZXJuYW1lfSAiJXtXT1JEOnZlcmJ9ICV7VVJJUEFUSFBBUkFNOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIKbm9kZXM6CiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJyV7Q1BBTkVMX0hFQURFUn0gRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGJydXRlIGZvcmNlIGF0dGVtcHQgXCh1c2VyICV7REFUQX1cKSBoYXMgbG9ja2VkIG91dCBJUCAle0lQfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9hdHRlbXB0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAnJXtDUEFORUxfSEVBREVSfSBGQUlMRUQgTE9HSU4gY3BhbmVsZDogYnJ1dGUgZm9yY2UgYXR0ZW1wdCBcKHVzZXIgJXtEQVRBOnRhcmdldF91c2VyfVwpIGhhcyBsb2NrZWQgb3V0IElQICV7SVB9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBhdXRoX2JmX2xvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJyV7Q1BBTkVMX0hFQURFUn0gRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGludmFsaWQgY3BhbmVsIHVzZXIgJXtEQVRBOnRhcmdldF91c2VyfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogCiAgICAgIHBhdHRlcm46ICcle0NQQU5FTF9IRUFERVJ9IEZBSUxFRCBMT0dJTiBjcGFuZWxkOiAle0RBVEE6dGFyZ2V0X3VzZXJ9IGxvZ2luIGlzIG5vdCBwZXJtaXR0ZWQgdG8gY3BhbmVsZCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogCiAgICAgIHBhdHRlcm46ICcle0NQQU5FTF9IRUFERVJ9IEZBSUxFRCBMT0dJTiB3aG9zdG1ncmQ6IGxvZ2luIGF0dGVtcHQgdG8gd2htIGJ5IGEgbm9uLXJlc2VsbGVyL3Jvb3QnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGF1dGhfYmZfbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAnJXtDUEFORUxfSEVBREVSfSBGQUlMRUQgTE9HSU4gd2hvc3RtZ3JkOiB1c2VyIHBhc3N3b3JkIGluY29ycmVjdCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogYXV0aF9iZl9sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazogIyBzZWUgaHR0cHM6Ly9kb2NzLmNwYW5lbC5uZXQva25vd2xlZGdlLWJhc2UvY3BhbmVsLXByb2R1Y3QvdGhlLWNwYW5lbC1sb2ctZmlsZXMvCiAgICAgIHBhdHRlcm46ICcle0lQOnJlbW90ZV9hZGRyfSAtICV7Tk9UU1BBQ0U6dXNlcm5hbWV9IFxbJXtEQVRFfTole1RJTUV9ICV7SVNPODYwMV9USU1FWk9ORX1cXSAiJXtXT1JEOnZlcmJ9ICV7VVJJUEFUSFBBUkFNOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtJTlQ6c3RhdHVzfSAle0lOVDpyZXF1ZXN0X2JvZHlfbGVuZ3RofSAiJXtOT1RTUEFDRTpodHRwX3JlZmVyZXJ9IiAiJXtOT19ET1VCTEVfUVVPVEU6aHR0cF91c2VyX2FnZW50fSIgIiV7Tk9fRE9VQkxFX1FVT1RFOmF1dGhfbWV0aG9kfSIgIiV7Tk9fRE9VQkxFX1FVT1RFOnhfZm9yd2FyZGVkX2Zvcn0iICV7TlVNQkVSOnNlcnZlcl9wb3J0fScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IHVzZXJuYW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSI=", "description": "Parse Cpanel logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cri-logs": { "path": "parsers/s00-raw/crowdsecurity/cri-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "3818208420042396bc2ed0d75dee43d6651c5979b351642128d11ce8360f7347", "deprecated": false } }, "long_description": "IyBDUkkgbG9nIGZvcm1hdCBwYXJzZXIKClRoaXMgaXMgdGhlIGRlZmF1bHQgQ1JJIGxvZ3MgZm9ybWF0IHBhcnNlci4KSXQgd29ya3Mgb24ga3ViZXJuZXRlcyB1c2luZyBjb250YWluZXJkLgoKIyMgcmVxdWlyZW1lbnRzCgpXaGVuIHVzaW5nIHRoaXMgcGFyc2VyLCB5b3UgbmVlZCB0byBzcGVjaWZ5IGluIHlvdXIgYGFjcXVpcy55YW1sYCB0eXBlIGFuZCBwcm9ncmFtLiBTbyB5b3VyIGxvZyB3aWxsIGJlIGV4dHJhY3RlZCBhbmQgdGhlbiBzZW50IHRvIHRoZSBwcm9wZXIgbmV4dCBwYXJzZXIgdXNpbmcgdGhlIHByb2dyYW0ga2V5LgoKZXhhbXBsZTogCgpgYGB5YW1sCmxhYmVsczoKIHR5cGU6IGNvbnRhaW5lcmQKIHByb2dyYW06IG5naW54CmBgYAo=", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLnR5cGUgPT0gJ2NvbnRhaW5lcmQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9jcmktbG9ncwpkZXNjcmlwdGlvbjogQ1JJIGxvZ2dpbmcgZm9ybWF0IHBhcnNlcgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtUSU1FU1RBTVBfSVNPODYwMTpjcmlfdGltZXN0YW1wfSAle1dPUkQ6c3RyZWFtfSAle1dPUkQ6bG9ndGFnfSAle0dSRUVEWURBVEE6bWVzc2FnZX0iCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwpzdGF0aWNzOgogIC0gcGFyc2VkOiAibG9nc291cmNlIgogICAgdmFsdWU6ICJjcmkiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNyaV90aW1lc3RhbXAKICAtIHBhcnNlZDogcHJvZ3JhbQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTGFiZWxzLnByb2dyYW0KICAtIG1ldGE6IGRhdGFzb3VyY2VfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuU3JjCiAgLSBtZXRhOiBkYXRhc291cmNlX3R5cGUKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLk1vZHVsZQ==", "description": "CRI logging format parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dateparse-enrich": { "path": "parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "16b79f7ef39d0c5e71180cff559b0e2ef98983f2009b5f26d778509e897f94d4", "deprecated": false }, "0.2": { "digest": "3f51a6c389bbf1c38f49d8824b6bffd9a265d0fa78a98af71628256019847951", "deprecated": false } }, "long_description": "UGFyc2VzIHRpbWVzdGFtcCBzdHJpbmdzIGluIGxvZ3MgdG8gYmUgdXNlZCBpbiBbZm9yZW5zaWMgbW9kZV0oaHR0cHM6Ly9kb2MuY3Jvd2RzZWMubmV0L0Nyb3dkc2VjL3YxL3VzZXJfZ3VpZGUvZm9yZW5zaWNfbW9kZS8pLiBUaGUgcGFyc2VyIHN1cHBvcnRzIHRoZSBmb2xsb3dpbmcgZm9ybWF0cywgb3IgdGhlIG9uZSBwcm92aWRlZCBpbiBgU3RyVGltZUZvcm1hdGAgOgoKIC0gUkZDMzMzOQogLSBgMDIvSmFuLzIwMDY6MTU6MDQ6MDUgLTA3MDBgCiAtIGBNb24gSmFuIDIgMTU6MDQ6MDUgMjAwNmAKIC0gYDAyLUphbi0yMDA2IDE1OjA0OjA1IGV1cm9wZS9wYXJpc2AKIC0gYDAxLzAyLzIwMDYgMTU6MDQ6MDVgCiAtIGAyMDA2LTAxLTAyIDE1OjA0OjA1Ljk5OTk5OTk5OSAtMDcwMCBNU1RgCiAtIGBKYW4gIDIgMTU6MDQ6MDVgCiAtIGBNb24gSmFuIDAyIDE1OjA0OjA1LjAwMDAwMCAyMDA2YAogLSBgMjAwNi0wMS0wMlQxNTowNDowNVowNzowMGAKIC0gYDIwMDYvMDEvMDJgCiAtIGAyMDA2LzAxLzAyIDE1OjA0YAogLSBgMjAwNi0wMS0wMmAKIC0gYDIwMDYtMDEtMDIgMTU6MDRgCgpUaGUgYFN0clRpbWVgIGl0ZW0gb2YgdGhlIGV2ZW50IGlzIHBhcnNlZCBieSBkZWZhdWx0LiBTZWUgW2Nyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3NdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb25maWd1cmF0aW9ucy9zeXNsb2ctbG9ncykgYXMgYW4gZXhhbXBsZSBvZiBhIHBhcnNlciBzZXR0aW5nIHRoaXMgZmllbGQgZm9yIGBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2hgLgoKSWYgYSBkYXRlIGxheW91dCBpcyBwcmVzZW50IGluIHRoZSBgU3RyVGltZUZvcm1hdGAgZmllbGQgb2YgdGhlIGV2ZW50LCBpdCB3aWxsIHRha2UgcHJlY2VkZW5jZSBvdmVyIHRoZSBsaXN0IGFib3ZlLiBUaGUgZGF0ZSBsYXlvdXQgbXVzdCBiZSAoW3ZhbGlkIGluIHRoZSBnb2xhbmcncyBgdGltZS5QYXJzZWAgbGF5b3V0IGZvcm1hdF0oaHR0cHM6Ly9wa2cuZ28uZGV2L3RpbWUjUGFyc2UpKSwgYWxsb3dpbmcgcGFyc2VycyB0byBzcGVjaWZ5IHRoZSBkYXRlIGZvcm1hdCBmb3IgbGF0ZXIgcGFyc2luZyA6CgoKYGBgeWFtbApmaWx0ZXI6IC4uLgouLi4Kc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWVGb3JtYXQKICAgIHZhbHVlOiAiMjAwNiAyIDE1LjA0LjA1IEphbiIKLi4uCmBgYAoKVGhpcyBhbGxvd3MgYGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaGAgdG8gcGFyc2UgZGF0ZXMgaW4gdGhpcyBmb3JtYXQgZm9yIHRoaXMgbG9nIHR5cGUuCgoK", "content": "ZmlsdGVyOiAiZXZ0LlN0clRpbWUgIT0gJyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaAojZGVidWc6IHRydWUKI2l0J3MgYSBoYWNrIGxvbApzdGF0aWNzOgogIC0gbWV0aG9kOiBQYXJzZURhdGUKICAgIGV4cHJlc3Npb246IGV2dC5TdHJUaW1lCiAgLSB0YXJnZXQ6IE1hcnNoYWxlZFRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1lCiAgLSBtZXRhOiB0aW1lc3RhbXAKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1l", "author": "crowdsecurity", "labels": null }, "crowdsecurity/docker-logs": { "path": "parsers/s00-raw/crowdsecurity/docker-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "b4f5459826ae22b000239839f51c82b0358625f71416f9ef2540719eb791a746", "deprecated": false } }, "long_description": "IyBEb2NrZXIgcGFyc2VyCgpUaGlzIGlzIHRoZSBkZWZhdWx0IGRvY2tlciBqc29uIGxvZ3MgZm9ybWF0IHBhcnNlci4KSXQgd29ya3Mgb24ga3ViZXJuZXRlcyB1c2luZyBkb2NrZXIuCgojIyByZXF1aXJlbWVudHMKCldoZW4gdXNpbmcgdGhpcyBwYXJzZXIsIHlvdSBuZWVkIHRvIHNwZWNpZnkgaW4geW91ciBgYWNxdWlzLnlhbWxgIHR5cGUgYW5kIHByb2dyYW0uIFNvIHlvdXIgbG9nIHdpbGwgYmUgZXh0cmFjdGVkIGFuZCB0aGVuIHNlbnQgdG8gdGhlIHByb3BlciBuZXh0IHBhcnNlciB1c2luZyB0aGUgcHJvZ3JhbSBrZXkuCgpleGFtcGxlOiAKCmBgYHlhbWwKbGFiZWxzOgogdHlwZTogZG9ja2VyCiBwcm9ncmFtOiBuZ2lueApgYGAK", "content": "I0lmIGl0J3MgZG9ja2VyLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBsb2cgbGluZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdkb2NrZXInIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9kb2NrZXItbG9ncwpkZXNjcmlwdGlvbjogZG9ja2VyIGpzb24gbG9ncyBwYXJzZXIKc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInRpbWUiKQogIC0gcGFyc2VkOiBtZXNzYWdlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdFVuZXNjYXBlKGV2dC5MaW5lLlJhdywgImxvZyIpCiAgLSBwYXJzZWQ6IHByb2dyYW0KICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLkxhYmVscy5wcm9ncmFt", "description": "docker json logs parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dovecot-logs": { "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml", "stage": "s01-parse", "version": "0.8", "versions": { "0.1": { "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42", "deprecated": false }, "0.2": { "digest": "e1fdf543acd0fb44d6db33368c5250d4667a5c2283c8310fd0fd6f87a820276a", "deprecated": false }, "0.3": { "digest": "58047a5c1f160cf95b7156eeaf9f17428f8bb8a070776f6ea6531c4110e2aa6e", "deprecated": false }, "0.4": { "digest": "2fdc9cb6499f83dcda7897cb05bfbe7639938980986b32b5f37adc4b2f7594c9", "deprecated": false }, "0.5": { "digest": "8a814d554c02f3e2ab28ee0dadd019f6bfe2830f44cb22e2206c9314cae4aa81", "deprecated": false }, "0.6": { "digest": "26e433e5003785f182395e76d43a5b9b0fc40c7db7ae7f52c33cdf8a3b543ac9", "deprecated": false }, "0.7": { "digest": "c9920defec4d26589457f01517eae8a3f6ba5fd5104ed3c17badbe5cf145dc64", "deprecated": false }, "0.8": { "digest": "638a4596262469ddaff8d608921513f2e84cb5e822f67e902e0097812ff28ada", "deprecated": false } }, "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9OiB1c2VyPTwle0RBVEE6ZG92ZWNvdF91c2VyfT4uKiwgcmlwPSV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LCBsaXA9JXtJUDpkb3ZlY290X2xvY2FsX2lwfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJhdXRoLXdvcmtlclxcKCV7SU5UfVxcKTogJXtXT1JEOmRvdmVjb3RfdXNlcl9iYWNrZW5kfVxcKCV7REFUQTpkb3ZlY290X3VzZXJ9LCV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LD8le0RBVEF9XFwpOiAoJXtEQVRBfTogKT8le0RBVEE6ZG92ZWNvdF9sb2dpbl9tZXNzYWdlfSQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiYXV0aC13b3JrZXJcXCgle0lOVH1cXCk6IChJbmZvOiApP2Nvbm4gdW5peDphdXRoLXdvcmtlciBcXChwaWQ9JXtJTlR9LHVpZD0le0lOVH1cXCk6IGF1dGgtd29ya2VyPCV7SU5UfT46ICV7V09SRDpkb3ZlY290X3VzZXJfYmFja2VuZH1cXCgle0RBVEE6ZG92ZWNvdF91c2VyfSwle0lQOmRvdmVjb3RfcmVtb3RlX2lwfSw/JXtEQVRBfVxcKTogKCV7REFUQX06ICk/JXtEQVRBOmRvdmVjb3RfbG9naW5fbWVzc2FnZX0kIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogImF1dGg6IHBhc3N3ZC1maWxlXFwoJXtEQVRBOmRvdmVjb3RfdXNlcn0sJXtJUDpkb3ZlY290X3JlbW90ZV9pcH1cXCk6ICgle0RBVEF9OiApPyV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9JCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGRvdmVjb3RfbG9ncwogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZG92ZWNvdF9yZW1vdGVfaXAiCiAgICAtIG1ldGE6IGRvdmVjb3RfbG9naW5fcmVzdWx0CiAgICAgIGV4cHJlc3Npb246ICJhbnkoWydBdXRoZW50aWNhdGlvbiBmYWlsdXJlJywgJ1Bhc3N3b3JkIG1pc21hdGNoJywgJ3Bhc3N3b3JkIG1pc21hdGNoJywgJ2F1dGggZmFpbGVkJywgJ3Vua25vd24gdXNlciddLCB7ZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX21lc3NhZ2UgY29udGFpbnMgI30pID8gJ2F1dGhfZmFpbGVkJyA6ICcnIgo=", "description": "Parse dovecot logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/dropbear-logs": { "path": "parsers/s01-parse/crowdsecurity/dropbear-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "316bce3c9bfd35900b9a4d668189fa733a2a91d65f3725337c085ac18af51d38", "deprecated": false }, "0.2": { "digest": "1bc1ef9778e3d75213ab3475e51107516b6b176783533f3855a9d37940828015", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBkcm9wYmVhciBTU0ggc2VydmVyLg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZHJvcGJlYXInIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Ryb3BiZWFyLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkcm9wYmVhciBsb2dzIgpub2RlczoKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAiQmFkIFBBTSBwYXNzd29yZCBhdHRlbXB0IGZvciAnJXtEQVRBOnVzZXJ9JyBmcm9tICV7SVA6c291cmNlX2lwfTole0lOVDpwb3J0fSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6IAogICAgICBwYXR0ZXJuOiAiTG9naW4gYXR0ZW1wdCBmb3Igbm9uZXhpc3RlbnQgdXNlciBmcm9tICV7SVA6c291cmNlX2lwfTole0lOVDpwb3J0fSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBkcm9wYmVhcgogIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgK", "description": "Parse dropbear logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/endlessh-logs": { "path": "parsers/s01-parse/crowdsecurity/endlessh-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "dc1affad319badddf95ad1a16bf633b6fd70ed02db0e490dc0540eef47576f2a", "deprecated": false }, "0.2": { "digest": "ca022caa2de3a13101bea25006686a4d92ffb0e7bd558e44d215f481526632f1", "deprecated": false }, "0.3": { "digest": "ebb816832a32b98dca8e15f402c30c1010cf5ad1ebc2b1f910f74f40fd115902", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZW5kbGVzc2gnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2VuZGxlc3NoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBFbmRsZXNzaCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBFTkRMRVNTSF9BQ0NFUFRfVjQ6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0/IEFDQ0VQVCBob3N0PSg6OmZmZmY6KT8le0lQVjQ6c291cmNlX2lwfSAiCiAgRU5ETEVTU0hfQUNDRVBUX1Y2OiAiJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9PyBBQ0NFUFQgaG9zdD0le0lQVjY6c291cmNlX2lwfSAiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGVuZGxlc3NoCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCg==", "description": "Parse Endlessh logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-imap-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-imap-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "13a7780e3f01839342580cb6845342ad612f06b34b35f540f0e31c7509999da2", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1pbWFwJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLWltYXAtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4Y2hhbmdlIElNQVAgbG9ncyIKI2RhdGVUaW1lLHNlc3Npb25JZCxzZXFOdW1iZXIsc0lwLGNJcCx1c2VyLGR1cmF0aW9uLHJxc2l6ZSxycHNpemUsY29tbWFuZCxwYXJhbWV0ZXJzLGNvbnRleHQscHVpZAojMjAyMi0wNi0xNlQwOTo0MToyMS4wOTRaLDAwMDAwMDAwMDAwMDAwNEIsMiwxOTIuMTY4LjkuMjQxOjk5MywxOTIuMTY4LjkuMjEyOjQ5MDE2LGZvb2JhciwzNCwzMSwzMSxhdXRoZW50aWNhdGUsUExBSU4sIlI9IiIyIE5PIEFVVEhFTlRJQ0FURSBmYWlsZWQuIiI7TXNnPSIiQXV0aEZhaWxlZDpMb2dvbkRlbmllZCxVc2VyOiBmb29iYXIiIjtFcnJNc2c9QXV0aEZhaWxlZDpMb2dvbkRlbmllZCIsCmdyb2s6CiAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0sJXtEQVRBOnNlc3Npb25faWR9LCV7SU5UOnNlcXVlbmNlX251bWJlcn0sJXtJUE9SSE9TVDpzZXJ2ZXJfaXB9OiV7SU5UOnNlcnZlcl9wb3J0fSwle0lQT1JIT1NUOmNsaWVudF9pcH06JXtJTlQ6Y2xpZW50X3BvcnR9LCV7REFUQTp1c2VybmFtZX0sJXtJTlQ6ZHVyYXRpb259LCV7SU5UOnJxc2l6ZX0sJXtJTlQ6cnBzaXplfSwle1dPUkQ6Y29tbWFuZH0sJXtEQVRBOnBhcmFtZXRlcnN9LCV7REFUQX1BdXRoRmFpbGVkOkxvZ29uRGVuaWVkXCIsJXtEQVRBOnB1aWR9PyIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogaW1hcAogIC0gbWV0YTogc3ViX3R5cGUKICAgIHZhbHVlOiBhdXRoX2ZhaWw=", "description": "Parse exchange IMAP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-pop-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-pop-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "a63be634585ef106f64781029c01f4fc8bfc77bb277a70775c73c181a467894f", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1wb3AnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvZXhjaGFuZ2UtcG9wLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBleGNoYW5nZSBQT1AgbG9ncyIKI2RhdGVUaW1lLHNlc3Npb25JZCxzZXFOdW1iZXIsc0lwLGNJcCx1c2VyLGR1cmF0aW9uLHJxc2l6ZSxycHNpemUsY29tbWFuZCxwYXJhbWV0ZXJzLGNvbnRleHQscHVpZAojMjAyMi0wNi0yMFQwMDowMzo0OC41MzFaLDAwMDAwMDAwMDAwMDFFODYsMSwxOTIuMTY4LjkuMjQxOjk5NSwxOTIuMTY4LjkuMjEyOjMzNTI2LHRlc3R1c2VyLDE3MSwyMSw2OSxhdXRoLCBQTEFJTiwiUj0iIi1FUlIgQXV0aGVudGljYXRpb24gZmFpbHVyZTogdW5rbm93biB1c2VyIG5hbWUgb3IgYmFkIHBhc3N3b3JkLiIiO01zZz0iIkF1dGhGYWlsZWQ6TG9nb25EZW5pZWQsVXNlcjogdGVzdHVzZXIiIjtFcnJNc2c9QXV0aEZhaWxlZDpMb2dvbkRlbmllZCIsCmdyb2s6CiAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0sJXtEQVRBOnNlc3Npb25faWR9LCV7SU5UOnNlcXVlbmNlX251bWJlcn0sJXtJUE9SSE9TVDpzZXJ2ZXJfaXB9OiV7SU5UOnNlcnZlcl9wb3J0fSwle0lQT1JIT1NUOmNsaWVudF9pcH06JXtJTlQ6Y2xpZW50X3BvcnR9LCV7REFUQTp1c2VybmFtZX0sJXtJTlQ6ZHVyYXRpb259LCV7SU5UOnJxc2l6ZX0sJXtJTlQ6cnBzaXplfSwle1dPUkQ6Y29tbWFuZH0sJXtEQVRBOnBhcmFtZXRlcnN9LCV7REFUQX1BdXRoRmFpbGVkOkxvZ29uRGVuaWVkXCIsJXtEQVRBOnB1aWR9PyIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogcG9wCiAgLSBtZXRhOiBzdWJfdHlwZQogICAgdmFsdWU6IGF1dGhfZmFpbA==", "description": "Parse exchange POP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exchange-smtp-logs": { "path": "parsers/s01-parse/crowdsecurity/exchange-smtp-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "158fe6b19f9cc5b900de750c43522a86e68691156e489e1922b7c89e6f9300fe", "deprecated": false }, "0.2": { "digest": "a9aff504ce013489311d4c85e6fe4f7594326e6351a7c024c93cd15950f66c09", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGV4Y2hhbmdlIFNNVFAgcHJvdG9jb2wgbG9ncy4KCg==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdleGNoYW5nZS1zbXRwJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4Y2hhbmdlLXNtdHAtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4Y2hhbmdlIFNNVFAgbG9ncyIKI2RhdGUtdGltZSxjb25uZWN0b3ItaWQsc2Vzc2lvbi1pZCxzZXF1ZW5jZS1udW1iZXIsbG9jYWwtZW5kcG9pbnQscmVtb3RlLWVuZHBvaW50LGV2ZW50LGRhdGEsY29udGV4dAojMjAyMi0wNC0yOFQxMzoyNDo1MC4yMDBaLEVYQ0hBTkdFLTFcRGVmYXVsdCBGcm9udGVuZCBFWENIQU5HRS0xLDA4REEyOEE5QUY2NzEyNjcsMTUsMTkyLjE2OC45LjI0MToyNSwxOTIuMTY4LjkuMjEyOjI4NjU3LD4sNTM1IDUuNy4zIEF1dGhlbnRpY2F0aW9uIHVuc3VjY2Vzc2Z1bCwKZ3JvazoKICBwYXR0ZXJuOiAiJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRlfSwle0RBVEE6Y29ubmVjdG9yX2lkfSwle0RBVEE6c2Vzc2lvbl9pZH0sJXtJTlQ6c2VxdWVuY2VfbnVtYmVyfSwle0lQT1JIT1NUOnNlcnZlcl9pcH06JXtJTlQ6c2VydmVyX3BvcnR9LCV7SVBPUkhPU1Q6Y2xpZW50X2lwfTole0lOVDpjbGllbnRfcG9ydH0sJXtEQVRBOmV2ZW50fSwle0lOVDpzbXRwX2NvZGV9IFteIF0rICV7REFUQTpzbXRwX21lc3NhZ2V9LCIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuY2xpZW50X2lwCiAgLSBtZXRhOiBzbXRwX21lc3NhZ2UKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc210cF9tZXNzYWdlCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZXhjaGFuZ2UKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc210cAogIC0gbWV0YTogc3ViX3R5cGUKICAgIHZhbHVlOiBhdXRoX2ZhaWw=", "description": "Parse exchange SMTP logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/exim-logs": { "path": "parsers/s01-parse/crowdsecurity/exim-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "507fd358283a08ff01d7fd2a19c5aec6e9be18e37008bcd470d4af8d71b94db2", "deprecated": false }, "0.2": { "digest": "a953bad60f49d02a3bb0b3928d26f5184414eb8f7026fd62cec7b52081ce9cd2", "deprecated": false }, "0.3": { "digest": "0a7b71758bb626381f1f540871b1d1f4e8d2af3c88d8466ed85aed94c9e912c6", "deprecated": false } }, "long_description": "RXhpbSBsb2dzIHBhcnNlcgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2V4aW0nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4aW0tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4aW0gbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgTk9fRU5EX0JSQUNLRVQ6ICdbXlxdXSsnCiAgTk9fRU5EX1BBUjogJ1teXCldKycKICBFWElNX0FVVEg6ICcoPzpkb3ZlY290Xyk/KD86bG9naW58cGxhaW4pJwogIEVYSU1fU09VUkNFOiAnKD86JXtIT1NUTkFNRTpzb3VyY2VfZG5zfSApPyg/OlwoJXtOT19FTkRfUEFSOnNvdXJjZV9oZWxvfVwpICk/XFsle0lQOnNvdXJjZV9pcH1cXScKICBFWElNX09QVF9EQVRFOiAnKDo/JXtFWElNX0RBVEU6ZGF0ZX0gKT8nCiAgRVhJTV9TT1VSQ0VfVExTOiAnSD0le0VYSU1fU09VUkNFfSg/Ojole1BPU0lOVDpzb3VyY2VfcG9ydH0pPyAoOj9YPSV7Tk9UU1BBQ0U6dGxzX2NpcGhlcn0gQ1Y9KDo/eWVzfG5vKSApPycKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9BVVRIOmV4aW1fYXV0aH0gYXV0aGVudGljYXRvciBmYWlsZWQgZm9yICV7RVhJTV9TT1VSQ0V9Oig/OiV7UE9TSU5UOnNvdXJjZV9wb3J0fTopPyA1MzUgSW5jb3JyZWN0IGF1dGhlbnRpY2F0aW9uIGRhdGEgXChzZXRfaWQ9JXtOT19FTkRfUEFSOnRhcmdldF91c2VyfVwpJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBleGltX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9TT1VSQ0VfVExTfUY9PCV7RU1BSUxBRERSRVNTOnNvdXJjZV91c2VyfT4gcmVqZWN0ZWQgUkNQVCA8JXtFTUFJTEFERFJFU1M6dGFyZ2V0X3VzZXJ9PjogIkp1bmtNYWlsIHJlamVjdGVkIC0gJXtOT1RTUEFDRX0gXFsle05PX0VORF9CUkFDS0VUfVxdOiV7SU5UfSBpcyBpbiBhbiBSQkw6ICV7Tk9fRE9VQkxFX1FVT1RFOnJibF91cmx9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSBtZXRhOiByYmxfdXJsCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJibF91cmwKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9TT1VSQ0VfVExTfUY9PCV7RU1BSUxBRERSRVNTOnNvdXJjZV91c2VyfT4gcmVqZWN0ZWQgUkNQVCA8JXtFTUFJTEFERFJFU1M6dGFyZ2V0X3VzZXJ9PjogRW1haWwgYmxvY2tlZCBieSAle0hPU1ROQU1FOnJibF91cmx9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAgICAgICAtIG1ldGE6IHJibF91cmwKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmJsX3VybAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9Rj08JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle0VNQUlMQUREUkVTUzp0YXJnZXRfdXNlcn0+OiBObyBTdWNoIFVzZXIgSGVyZScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogZXhpbV9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9dGVtcG9yYXJpbHkgcmVqZWN0ZWQgY29ubmVjdGlvbiBpbiAiJXtOT19ET1VCTEVfUVVPVEU6YWNsfSIgQUNMOiAiSG9zdCBpcyByYXRlbGltaXRlZCBcKCV7Tk9fRU5EX1BBUjpyYXRlX2xpbWl0fVwpJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9c2VuZGVyIHZlcmlmeSBmYWlsIGZvciA8JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PjogVGhlIG1haWwgc2VydmVyIGRvZXMgbm90IHJlY29nbml6ZSAle05PVFNQQUNFfSBhcyBhIHZhbGlkIHNlbmRlci4nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9Rj08JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle0VNQUlMQUREUkVTUzp0YXJnZXRfdXNlcn0+OiBTZW5kZXIgdmVyaWZ5IGZhaWxlZCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSBtZXRhOiBzb3VyY2VfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfdXNlcgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9PUFRfREFURX0le0VYSU1fU09VUkNFX1RMU31GPTwle0VNQUlMQUREUkVTUzpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7RU1BSUxBRERSRVNTOnRhcmdldF91c2VyfT46IFNNVFAgQVVUSCBpcyByZXF1aXJlZCBmb3IgbWVzc2FnZSBzdWJtaXNzaW9uIG9uIHBvcnQgJXtQT1NJTlQ6dGFyZ2V0X3BvcnR9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfcG9ydAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50YXJnZXRfcG9ydApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGV4aW0KICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gbWV0YTogc291cmNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfZG5zCiAgLSBtZXRhOiBzb3VyY2VfaGVsbwogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaGVsbwogIC0gbWV0YTogdXNlcm5hbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGFyZ2V0X3VzZXIK", "description": "Parse exim logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/fastly-logs": { "path": "parsers/s01-parse/crowdsecurity/fastly-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "8d1cbf3514b3e7f0ff31ab725befdfdd8d2393392450f407937b80456b168b5a", "deprecated": false }, "0.2": { "digest": "b344fa353c085e6651526716184ac7b4299f62ed7fd39163884b1bf865a80230", "deprecated": false }, "0.3": { "digest": "b8dcd888169ab2b9efed507a4d977b3bc7925f4ab834a6765899f0636733f5e5", "deprecated": false }, "0.4": { "digest": "6e34459bf59e89b72e72598605b8c39ef91ac9fcf2b655d02ec56dfc60059ab0", "deprecated": false }, "0.5": { "digest": "7bddb9e5d4eac138276f8e8af31b460f5fd10c0d62977746a78d8d74edda0de7", "deprecated": false }, "0.6": { "digest": "b27ea9a9c982e9f907574456973364fc5b91ea85cebbfbf6ab43f74a51d5064d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBmYXN0bHkgbG9ncyB3aXRoIGRlZmF1bHQgZm9ybWF0IFsoc2VlIGZhc2x0eSBkb2N1bWVudGF0aW9uKV0oaHR0cHM6Ly9kb2NzLmZhc3RseS5jb20vZW4vZ3VpZGVzL2ludGVncmF0aW9ucyNfbG9nZ2luZy1lbmRwb2ludHMpCgoqKk1hbmRhdG9yeSoqIFlvdSBuZWVkIHRvIGFkZCB0aG9zZSBsYWJlbHMgb24gdGhlIGFjcXVpc2l0aW9uOgpgYGB5YW1sCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKICBleHRlcm5hbF9mb3JtYXQ6IGZhc3RseQpgYGA=", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLmV4dGVybmFsX2Zvcm1hdCA9PSAnZmFzdGx5JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2Zhc3RseS1sb2dzCmRlc2NyaXB0aW9uOiBmYXN0bHkgbG9ncyBwYXJzZXIKcGF0dGVybl9zeW50YXg6CiAgRE9VQkxFX05VTTogIlswLTldezJ9Igpncm9rOgogIHBhdHRlcm46ICIle0dSRUVEWURBVEE6ZmFzdGx5X3RpbWVzdGFtcH1cXCsle0RPVUJMRV9OVU06dHpfcGFydDF9JXtET1VCTEVfTlVNOnR6X3BhcnQyfSIKICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJ0aW1lc3RhbXAiKQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmZhc3RseV90aW1lc3RhbXAgKyAiLjAwKyIgKyBldnQuUGFyc2VkLnR6X3BhcnQxICsgIjoiICsgZXZ0LlBhcnNlZC50el9wYXJ0MgogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJjbGllbnRfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInVybCIpCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInVybCIpCiAgLSBwYXJzZWQ6IHZlcmIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfbWV0aG9kIikKICAtIG1ldGE6IHZlcmIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfbWV0aG9kIikKICAtIHBhcnNlZDogaHR0cF9yZWZlcmVyCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJyZXF1ZXN0X3JlZmVyZXIiKQogIC0gcGFyc2VkOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfdXNlcl9hZ2VudCIpCiAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlcXVlc3RfdXNlcl9hZ2VudCIpCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicmVzcG9uc2Vfc3RhdHVzIikKICAtIHBhcnNlZDogYm9keV9ieXRlc19zZW50CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJyZXNwb25zZV9ib2R5X3NpemUiKQ==", "description": "fastly logs parser", "author": "crowdsecurity", "labels": null }, "crowdsecurity/freeswitch": { "path": "parsers/s01-parse/crowdsecurity/freeswitch.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "49dd62c738ceda31de61fbf5c4ed38e348a0c33a78bcc6090a4362964570f237", "deprecated": false } }, "long_description": "IyMgZnJlZXN3aXRjaCBwYXJzZXIKCiMjIyBFeGFtcGxlIGFjcXVpcy55YW1sCiAgICAKYGBgeWFtbApmaWxlbmFtZTogL3Zhci9sb2cvZnJlZXN3aXRjaC9mcmVlc3dpdGNoLmxvZwpsYWJlbHM6CiAgICB0eXBlOiBmcmVlc3dpdGNoCmBgYA==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2ZyZWVzd2l0Y2gnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKIyBkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2ZyZWVzd2l0Y2gKZGVzY3JpcHRpb246ICJQYXJzZSBmcmVlc3dpdGNoIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIFRJTUVTVEFNUDogJyV7WUVBUn0tJXtNT05USE5VTX0tJXtNT05USERBWX0gJXtIT1VSfTole01JTlVURX06JXtTRUNPTkR9Jwpub2RlczoKLSBncm9rOgogICAgcGF0dGVybjogJyV7VElNRVNUQU1QOnRpbWVzdGFtcH0uKlxbV0FSTklOR1xdIHNvZmlhX3JlZy5jOlxkKyAle0dSRUVEWURBVEE6cGFyc2VkbWVzc2FnZX0nCiAgICBhcHBseV9vbjogbWVzc2FnZQogIG5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIkNhbid0IGZpbmQgdXNlciBcXFsuKkAle0lQT1JIT1NUfVxcXSBmcm9tICV7SVBPUkhPU1Q6cmVtb3RlX2lwfSIKICAgICAgYXBwbHlfb246IHBhcnNlZG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgIHZhbHVlOiB1c2VyX2VudW1lcmF0aW9uCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiSVAgJXtJUE9SSE9TVDpyZW1vdGVfaXB9IFJlamVjdGVkIGJ5IHJlZ2lzdGVyIGFjbCIKICAgICAgYXBwbHlfb246IHBhcnNlZG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgIHZhbHVlOiBhY2xfcmVqZWN0CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiU0lQIGF1dGggZmFpbHVyZSBcXCgoUkVHSVNURVJ8SU5WSVRFKVxcKSBvbiBzb2ZpYSBwcm9maWxlICcuKicgZm9yIFxcWy4qXFxdIGZyb20gaXAgJXtJUE9SSE9TVDpyZW1vdGVfaXB9IgogICAgICBhcHBseV9vbjogcGFyc2VkbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgdmFsdWU6IGF1dGhfZmFpbHVyZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGZyZWVzd2l0Y2gKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVtb3RlX2lw", "description": "Parse freeswitch logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/geoip-enrich": { "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml", "stage": "s02-enrich", "version": "0.3", "versions": { "0.1": { "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6", "deprecated": false }, "0.2": { "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765", "deprecated": false }, "0.3": { "digest": "91e2f0d42c0fd57198485ce0d9caa4d53c7a99756e202cb4221b8151ec8aef1a", "deprecated": false } }, "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L21tZGIvR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvbW1kYi9HZW9MaXRlMi1BU04ubW1kYikKCg==", "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC9tbWRiL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L21tZGIvR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=", "description": "Populate event with geoloc info : as, country, coords, source range.", "author": "crowdsecurity", "labels": null }, "crowdsecurity/haproxy-logs": { "path": "parsers/s01-parse/crowdsecurity/haproxy-logs.yaml", "stage": "s01-parse", "version": "0.7", "versions": { "0.1": { "digest": "a2bca50192c0623d8d553882fbac0f6fa1d6dc824804aa0a5ca7559ed65321f4", "deprecated": false }, "0.2": { "digest": "2257440ad5cba6a7c48c7e57a0d30a97b38656927fa18a0f7289d05042035cb4", "deprecated": false }, "0.3": { "digest": "e40b4e552cf417be4bd57f3cb452af057a8872dc16a35a51eb3bb38726bf6dd6", "deprecated": false }, "0.4": { "digest": "029545297f7d2beab8f98ad471ef15fd6165e86e645aface54cb9d8b522ab08e", "deprecated": false }, "0.5": { "digest": "6f69723dc68203b323f67e4d35490a08564806dcd9a37f50d42cf5f8e04e6143", "deprecated": false }, "0.6": { "digest": "57a1868b20758955034ef5005f136535403991f0959a44d5ccbdeb87dab901e2", "deprecated": false }, "0.7": { "digest": "8bcca8501879ff7ef1d76c40896d5c68201283b79475aba45fe733c31bafa901", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2hhcHJveHknIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9oYXByb3h5LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBoYXByb3h5IGh0dHAgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiAnJXtJUDpjbGllbnRfaXB9OiV7SU5UOmNsaWVudF9wb3J0fSBcWyV7SEFQUk9YWURBVEU6YWNjZXB0X2RhdGV9XF0gJXtOT1RTUEFDRTpmcm9udGVuZF9uYW1lfSAle05PVFNQQUNFOmJhY2tlbmRfbmFtZX0vJXtOT1RTUEFDRTpzZXJ2ZXJfbmFtZX0gJXtJTlQ6dGltZV9yZXF1ZXN0fS8le0lOVDp0aW1lX3F1ZXVlfS8le0lOVDp0aW1lX2JhY2tlbmRfY29ubmVjdH0vJXtJTlQ6dGltZV9iYWNrZW5kX3Jlc3BvbnNlfS8le05PVFNQQUNFOnRpbWVfZHVyYXRpb259ICV7SU5UOmh0dHBfc3RhdHVzX2NvZGV9ICV7Tk9UU1BBQ0U6Ynl0ZXNfcmVhZH0gJXtEQVRBOmNhcHR1cmVkX3JlcXVlc3RfY29va2llfSAle0RBVEE6Y2FwdHVyZWRfcmVzcG9uc2VfY29va2llfSAle05PVFNQQUNFOnRlcm1pbmF0aW9uX3N0YXRlfSAle0lOVDphY3Rjb25ufS8le0lOVDpmZWNvbm59LyV7SU5UOmJlY29ubn0vJXtJTlQ6c3J2Y29ubn0vJXtOT1RTUEFDRTpyZXRyaWVzfSAle0lOVDpzcnZfcXVldWV9LyV7SU5UOmJhY2tlbmRfcXVldWV9IChceyV7SEFQUk9YWUNBUFRVUkVEUkVRVUVTVEhFQURFUlN9XH0pPyggKT8oXHsle0hBUFJPWFlDQVBUVVJFRFJFU1BPTlNFSEVBREVSU31cfSk/KCApPyIoPEJBRFJFUT58KCV7V09SRDpodHRwX3ZlcmJ9ICgle1VSSVBST1RPOmh0dHBfcHJvdG99Oi8vKT8oPzole1VTRVI6aHR0cF91c2VyfSg/OjpbXkBdKik/QCk/KD86JXtVUklIT1NUOmh0dHBfaG9zdH0pPyg/OiV7VVJJUEFUSFBBUkFNOmh0dHBfcmVxdWVzdH0pPyggSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259KT8pKT8iJwogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgI0hBUFJPWFlEQVRFIGZvcm1hdCBpcyB1bmtub3duIHRvIGRhdGVwYXJzZSwgbGV0IGNvbnZlcnQgaXQgdG8gYSBmb3JtYXQgd2Uga25vdyB0byBwYXJzZQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5oYXByb3h5X21vbnRoZGF5ICsgJy8nICsgZXZ0LlBhcnNlZC5oYXByb3h5X21vbnRoICAgKyAnLycgKyBldnQuUGFyc2VkLmhhcHJveHlfeWVhciAgKyAnOicgKyAgIGV2dC5QYXJzZWQuaGFwcm94eV9ob3VyICsgJzonICsgZXZ0LlBhcnNlZC5oYXByb3h5X21pbnV0ZSArICc6JyArICBldnQuUGFyc2VkLmhhcHJveHlfc2Vjb25kWzA6Ml0gKyAnIC0wMDAwJwogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5jbGllbnRfaXAKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3JlcXVlc3QKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmh0dHBfc3RhdHVzX2NvZGUKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3ZlcmIKICAtIHBhcnNlZDogcmVxdWVzdAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3JlcXVlc3QKICAtIHBhcnNlZDogdmVyYgogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3ZlcmIK", "description": "Parse haproxy http logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/home-assistant-logs": { "path": "parsers/s01-parse/crowdsecurity/home-assistant-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "4963cadd8ae936d9104861b383d215a94aed622b1db481a3fe79ea9e7db359bf", "deprecated": false }, "0.2": { "digest": "aee629922e77d2bc2f2c1cd5ec3b646dcafe6c6856c8195b4340584c29d23ef2", "deprecated": false }, "0.3": { "digest": "7382fc2e6129877aa66f5728d8c93c1007d85e1976d7412140581c97a368d940", "deprecated": false }, "0.4": { "digest": "71208b25e33cef30e88cdf0c701b92460c37d8c140be2e769856a8a6292669c5", "deprecated": false }, "0.5": { "digest": "8d6c5ea97042f540faac45456240bc277257e1fdb331cc7cc7d9590804ffcb94", "deprecated": false } }, "long_description": "SG9tZSBhc3Npc3RhbnQgYXV0aGVudGljYXRpb24gZmFpbHVyZSBwYXJzZXIuCgpTdXBwb3J0cyBob21lYXNzaXN0YW50IGRvY2tlciBpbWFnZSBhbmQgSGFzc09TIGxvZ3Mu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaG9tZS1hc3Npc3RhbnQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEhvbWUgQXNzaXN0YW50IGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnaG9tZS1hc3Npc3RhbnQnIG9yIGV2dC5QYXJzZWQucHJvZ3JhbSBlbmRzV2l0aCAnaG9tZWFzc2lzdGFudCciCnBhdHRlcm5fc3ludGF4OgogIFRJTUVTVEFNUDogJyV7WUVBUn0tJXtNT05USE5VTX0tJXtNT05USERBWX0gJXtIT1VSfTole01JTlVURX06JXtTRUNPTkR9Jwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUDp0aW1lfSBXQVJOSU5HIFxcKCV7REFUQTp0aHJlYWROYW1lfVxcKSBcXFtob21lYXNzaXN0YW50LmNvbXBvbmVudHMuaHR0cC5iYW5cXF0gTG9naW4gYXR0ZW1wdCBvciByZXF1ZXN0IHdpdGggaW52YWxpZCBhdXRoZW50aWNhdGlvbiBmcm9tICV7REFUQTpzb3VyY2VfcmRuc30gXFwoJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFwpLiBcXCgle0dSRUVEWURBVEE6aHR0cF91c2VyX2FnZW50fVxcKSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaG9tZS1hc3Npc3RhbnRfZmFpbGVkX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUDp0aW1lfSBXQVJOSU5HIFxcKCV7REFUQTp0aHJlYWROYW1lfVxcKSBcXFtob21lYXNzaXN0YW50LmNvbXBvbmVudHMuaHR0cC5iYW5cXF0gTG9naW4gYXR0ZW1wdCBvciByZXF1ZXN0IHdpdGggaW52YWxpZCBhdXRoZW50aWNhdGlvbiBmcm9tICV7REFUQTpzb3VyY2VfcmRuc30gXFwoJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFwpLiBSZXF1ZXN0ZWQgVVJMOiAnJXtHUkVFRFlEQVRBOnVybH0nLiBcXCgle0dSRUVEWURBVEE6aHR0cF91c2VyX2FnZW50fVxcKSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaG9tZS1hc3Npc3RhbnRfZmFpbGVkX2F1dGgKc3RhdGljczoKICAtIHRhcmdldDogU3RyVGltZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZSIKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAtIG1ldGE6IHNvdXJjZV9yZG5zCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfcmRucyIK", "description": "Parse Home Assistant logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/http-logs": { "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml", "stage": "s02-enrich", "version": "1.2", "versions": { "0.1": { "digest": "d11c01b85927959d1619735c6ac09f260008211edcbf496db0d01b0bd93c5be2", "deprecated": false }, "0.2": { "digest": "1274d4a8afd04f96fa0adb03f661ba4a7771cd0be84cf33d1b405881d07c5f0e", "deprecated": false }, "0.3": { "digest": "26d3a09d652bd0024ceb1b51a864183367d7391fa33c87db5274c1e47c072999", "deprecated": false }, "0.4": { "digest": "ba77a9a5e6b979b9e8d327946aea0a42eed1f035766b80aab2c2a43fb7cf3c13", "deprecated": false }, "0.5": { "digest": "132938d05f1af484c29088b588aaa86a329a2e677842e17c255295fb47532990", "deprecated": false }, "0.6": { "digest": "57d5b2535d46a2fa6a738917d9e2e64924f5e0090d3c75f2a7c44ad8db36f49c", "deprecated": false }, "0.7": { "digest": "c934455276a4ebea1d40f3a80fb960a2f309a06a523b7750c67c374f577f53cf", "deprecated": false }, "0.8": { "digest": "7016a32564d1eb6499d8cc9de1591886c6313acb356e513b67da45f9a7386267", "deprecated": false }, "0.9": { "digest": "79589c27fe75a013f3ebc4c9f6940c3cd0ee376abcd1f863bfa38e1ca237fc10", "deprecated": false }, "1.0": { "digest": "b3e83ce9bfe4cf145fd8d2d03cf68ac696c353e36c825e98f1fa031afaafbae3", "deprecated": false }, "1.1": { "digest": "0a1788e43609b451d1a97b009107a1fe242fa21a2926922a6080636b2a2e56d6", "deprecated": false }, "1.2": { "digest": "d0a95d6cf41e1ae10d0dd604b6bca9c72ab9e4709950b1816166acd630a18a9e", "deprecated": false } }, "long_description": "VGhpcyBwYXJzZXIgaXMgYSBnZW5lcmljIHBvc3QtcGFyc2luZyBodHRwIHJlLXBhcnNlciBhbmQgcHJvZmlkZXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbiBzdWNoIGFzIDoKIC0gc3RhdGljX3Jlc3NvdXJjZSA6IGEgYm9vbGVhbiB0byB0ZWxsIGlmIHRoZSByZXF1ZXN0ZWQgcmVzc291cmNlIGlzIGEgc3RhdGljIGZpbGUKIC0gZmlsZV9uYW1lIDogc2ltcGxlIGZpbGUrZmlsZS1leHRlbnNpb24KIC0gaW1wYWN0X2NvbXBsZXRpb24gOiBhIGJvb2xlYW4gZmxhZyBpbmRpY2F0aW5nIGlmIHRoZSByZXF1ZXN0IHN1Y2NlZWRlZCAoYmFzZWQgb24gdGhlIGh0dHAgcmVzcG9uc2UgY29kZSkK", "content": "ZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKZGVzY3JpcHRpb246ICJQYXJzZSBtb3JlIFNwZWNpZmljYWxseSBIVFRQIGxvZ3MsIHN1Y2ggYXMgSFRUUCBDb2RlLCBIVFRQIHBhdGgsIEhUVFAgYXJncyBhbmQgaWYgaXRzIGEgc3RhdGljIHJlc3NvdXJjZSIKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgRElSOiAiXi4qLyIKICBGSUxFOiAiW14vXS4qPyIKICBFWFQ6ICJcXC5bXi5dKiR8JCIKbm9kZXM6CiAgLSBzdGF0aWNzOgogICAgIC0gcGFyc2VkOiAiaW1wYWN0X2NvbXBsZXRpb24iCiAgICAgICAjIHRoZSB2YWx1ZSBvZiBhIGZpZWxkIGNhbiBhcyB3ZWxsIGJlIGRldGVybWluZWQgYXMgdGhlIHJlc3VsdCBvZiBhbiBleHByZXNzaW9uCiAgICAgICBleHByZXNzaW9uOiAiZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDQnLCAnNDAzJywgJzUwMiddID8gJ2ZhbHNlJyA6ICd0cnVlJyIKICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlCiAgICAgICB2YWx1ZTogJ2ZhbHNlJwogICMgbGV0J3Mgc3BsaXQgdGhlIHBhdGg/cXVlcnkgaWYgcG9zc2libGUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtHUkVFRFlEQVRBOnJlcXVlc3R9XFw/JXtHUkVFRFlEQVRBOmh0dHBfYXJnc30kIgogICAgICBhcHBseV9vbjogcmVxdWVzdAogICMgdGhpcyBpcyBhbm90aGVyIG5vZGUsIHdpdGggaXRzIG93biBwYXR0ZXJuX3N5bnRheAogIC0gI2RlYnVnOiB0cnVlCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtESVI6ZmlsZV9kaXJ9KCV7RklMRTpmaWxlX2ZyYWd9JXtFWFQ6ZmlsZV9leHR9KT8iCiAgICAgIGFwcGx5X29uOiByZXF1ZXN0CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfcGF0aCIKICAgICAgICAgICMgbWV0YSBhZgogICAgICAgIC0gbWV0YTogaHR0cF9hcmdzX2xlbgogICAgICAgICAgZXhwcmVzc2lvbjogImxlbihldnQuUGFyc2VkLmh0dHBfYXJncykiCiAgICAgICAgLSBwYXJzZWQ6IGZpbGVfbmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5maWxlX2ZyYWcgKyBldnQuUGFyc2VkLmZpbGVfZXh0CiAgICAgICAgLSBwYXJzZWQ6IHN0YXRpY19yZXNzb3VyY2UKICAgICAgICAgIGV4cHJlc3Npb246ICJVcHBlcihldnQuUGFyc2VkLmZpbGVfZXh0KSBpbiBbJy5KUEcnLCAnLkNTUycsICcuSlMnLCAnLkpQRUcnLCAnLlBORycsICcuU1ZHJywgJy5NQVAnLCAnLklDTycsICcuT1RGJywgJy5HSUYnLCAnLk1QMycsICcuTVA0JywgJy5XT0ZGJywgJy5XT0ZGMicsICcuVFRGJywgJy5PVEYnLCAnLkVPVCcsICcuV0VCUCcsICcuV0FWJywgJy5HWicsICcuQlJPVExJJywgJy5CVlInLCAnLlRTJywgJy5CTVAnLCAnLkFWSUYnXSA/ICd0cnVlJyA6ICdmYWxzZSciCg==", "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource", "author": "crowdsecurity", "labels": null }, "crowdsecurity/iis-logs": { "path": "parsers/s01-parse/crowdsecurity/iis-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "b7a80af9ef0d2dc28939cde8eb773c578c6526b0d09737ca3b5be1821b1d83b6", "deprecated": false }, "0.2": { "digest": "1bf7cff86c0f408a93e661eb8c5ef2959c294a737ffcb800d36c3b03c8358c78", "deprecated": false }, "0.3": { "digest": "3f573bae5c2a602dfc51e753bfcde0e51f3d76ebdba9a795c1126b66f2045087", "deprecated": false }, "0.4": { "digest": "766ad2b89ad05737339cb9364572f2a48ba629b2f13791e7ee5491f8f7601ff7", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBJSVMgZGVmYXVsdCBXM0MgbG9ncy4KCkxvZyBmaWxlIGFuZCBldmVudCBsb2cgYXJlIGJvdGggc3VwcG9ydGVkLg==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdpaXMnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9paXMtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIElJUyBhY2Nlc3MgbG9ncyIKbm9kZXM6CiAgI1czQyBsb2dzIGNhbiBjb21lIGZyb20gdGhlIGV2ZW50IGxvZwogIC0gZmlsdGVyOiAiZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlID09ICd3aW5ldmVudGxvZycgYW5kIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNjIwMCciCiAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjLWlwJ10iKSAKICAgICAgICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdzYy1zdGF0dXMnXSIpCiAgICAgICAgLSBwYXJzZWQ6IGh0dHBfcGF0aAogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nY3MtdXJpLXN0ZW0nXSIpCiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuaHR0cF9wYXRoCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjcy11cmktcXVlcnknXSIpCiAgICAgICAgLSBwYXJzZWQ6IHZlcmIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J2NzLW1ldGhvZCddIikKICAgICAgICAtIG1ldGE6IGh0dHBfdmVyYgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nY3MtbWV0aG9kJ10iKQogICAgICAgIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdjc1VzZXItQWdlbnQnXSIpCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0ncy1zaXRlbmFtZSddIikgI25vdCBhIEZRRE4sIGJ1dCBjbG9zZSBlbm91Z2ggPwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nZGF0ZSddIikgKyAiICIgKyBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSd0aW1lJ10iKQogICAgICAgIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLmh0dHBfcGF0aCArICc/JyArIGV2dC5QYXJzZWQuaHR0cF9hcmdzCiAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLmRhdGFzb3VyY2VfdHlwZSAhPSAnd2luZXZlbnRsb2cnIgogICAgZ3JvazoKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6ZGF0ZX0gJXtJUDpzZXJ2ZXJfaXB9ICV7V09SRDpodHRwX21ldGhvZH0gJXtEQVRBOmh0dHBfcGF0aH0gJXtEQVRBOmh0dHBfYXJnc30gJXtJTlR9ICV7REFUQTpyZW1vdGVfdXNlcn0gJXtJUDpjbGllbnRfaXB9ICV7REFUQTp1c2VyX2FnZW50fSAle0RBVEE6cmVmZXJlcn0gJXtJTlQ6c3RhdHVzfSAle0lOVDpzdWJzdGF0dXN9ICV7SU5UOndpbjMyX3N0YXR1c30gJXtJTlQ6ZHVyYXRpb259IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5jbGllbnRfaXAKICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc3RhdHVzCiAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5odHRwX3BhdGgKICAgICAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJfYWdlbnQKICAgICAgLSBtZXRhOiBodHRwX3ZlcmIKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLm1ldGhvZAogICAgICAtIHBhcnNlZDogdmVyYgogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQubWV0aG9kCiAgICAgIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnJlcXVlc3QKICAgICAgICBleHByZXNzaW9uOiBldnQuTWV0YS5odHRwX3BhdGggKyAnPycgKyBldnQuUGFyc2VkLmh0dHBfYXJncwoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZw==", "description": "Parse IIS access logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/iptables-logs": { "path": "parsers/s01-parse/crowdsecurity/iptables-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "00076ea5d8fa862aeb6bb48890d84d9e2763bfc332a635eab884c0a3069fcccd", "deprecated": false }, "0.2": { "digest": "5b9e9e5bc1fc9a6ab923a7e08f0c5e4e16e5702f09b5142245694f52c45348f5", "deprecated": false }, "0.3": { "digest": "32c82e2b47e825f63e3536bd38bd153019139c8b7f57b8b005aa6d86f88c62f7", "deprecated": false }, "0.4": { "digest": "da4ae251f648770b336f709fbae8bcbaae86963cb3d4ff2a6f7545f098c4f65d", "deprecated": false }, "0.5": { "digest": "398c9029f54160a021e2a65ce649ed4c9673549321f9b2b72aca9cc548a7706f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGlwdGFibGVzIGAtaiBMT0dgIGxvZ3MgOgoKIC0gT25seSBwYXJzZSBrZXJuZWwgbWVzc2FnZXMgY29udGFpbmluZyBgSU49YAogLSBTa2lwIGxpbmVzIGlmIGRlY2lzaW9ucyBpcyBgQUNDRVBUYAogLSBBbGwgcGFyc2VkIGBUQ1BgIGFuZCBgVURQYCBwYWNrZXRzIGFyZSBjb25zaWRlcmVkIGFzIERST1BzLgogLSBJQ01QIHBhY2tldHMgYXJlIHBhcnNlZCBhbmQgc2V0cyB0aGUgZm9sbG93aW5nIG1ldGEgYXR0cmlidXRlczogKE5vdGUgd2UgZG8gbm90IGhhdmUgc2NlbmFyaW9zIGFyb3VuZCBJQ01QIGFzIHRoZXkgYXJlIEZQcyBwcm9uZSkKICAgLSBgaWNtcF90eXBlYAogICAtIGBpY21wX2NvZGVgCi0gSWYgeW91IHdpc2ggdG8gY29kZSB5b3VyIG93biBzY2VuYXJpb3MgYXJvdW5kIElDTVAsIHlvdSBjYW4gdXNlIHRoZSBmb2xsb3dpbmcgW2xpbmsgYXMgYSByZWZlcmVuY2VdKGh0dHBzOi8vd3d3LmlhbmEub3JnL2Fzc2lnbm1lbnRzL2ljbXAtcGFyYW1ldGVycy9pY21wLXBhcmFtZXRlcnMueGh0bWwpLiBQbGVhc2Ugbm90ZSB5b3UgYXJlIHNvbGVseSByZXNwb25zaWJsZSBmb3IgdGhlIHNjZW5hcmlvcyB5b3Ugd3JpdGUuCgoKVG8gbWFrZSB0aGlzIHBhcnNlciByZWxldmFudCwgeW91IHNob3VsZCBoYXZlIGEgYGlwdGFibGVzIC1BIElOUFVUICAtbSBzdGF0ZSAtLXN0YXRlIE5FVyAtaiBMT0dgIG9yIHNpbWlsYXIgaW50byB5b3VyIGNvbmZpZ3VyYXRpb24uIFRoaXMgb25lIHdpbGwgbG9nIGFsbCBuZXcgY29ubmVjdGlvbnMsIHN1Y2Nlc3NmdWwgb3Igbm90LgoK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnSU49JyBhbmQgbm90IChldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ0FDQ0VQVCcpIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBpcHRhYmxlcyBkcm9wIGxvZ3MiCnN0YXRpY3M6CiAgLSBwYXJzZWQ6IHVudXNlZCAjdGhpcyBpcyBuZXZlciB1c2VkIHNldHRpbmcgdG8gcmFuZG9tIHZhcgogICAgZXhwcmVzc2lvbjogUGFyc2VLVihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgImlwdGFibGVzIikKICAtIG1ldGE6IHNlcnZpY2UKICAgIGV4cHJlc3Npb246IExvd2VyKGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5QUk9UTykKICAtIG1ldGE6IGxvZ190eXBlCiAgICBleHByZXNzaW9uOiAnZXZ0Lk1ldGEuc2VydmljZSBpbiBbInRjcCIsICJ1ZHAiXSAmJiBldnQuVW5tYXJzaGFsZWQuaXB0YWJsZXMuT1VUID09ICIiID8gImlwdGFibGVzX2Ryb3AiIDogIiInCiAgLSBtZXRhOiBpY21wX3R5cGUKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5UWVBFCiAgLSBtZXRhOiBpY21wX2NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5DT0RFCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuVW5tYXJzaGFsZWQuaXB0YWJsZXMuU1JDIgojIyBGb3IgYmFja3BvcnRpbmcgcmVhc29uIGFsbCBwcmV2aW91cyB2YXJpYWJsZXMgd2lsbCBiZSByZXBhcnNlZCBvdXQgdG8gdGhlIHBhcnNlZCBvYmplY3QKICAtIHBhcnNlZDogZHN0X3BvcnQKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5EUFQKICAtIHBhcnNlZDogaW50X2V0aAogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmlwdGFibGVzLklOCiAgLSBwYXJzZWQ6IHNyY19pcAogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmlwdGFibGVzLlNSQwogIC0gcGFyc2VkOiBkc3RfaXAKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5EU1QKICAtIHBhcnNlZDogbGVuZ3RoCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuaXB0YWJsZXMuTEVOCiAgLSBwYXJzZWQ6IHByb3RvCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuaXB0YWJsZXMuUFJPVE8KICAtIHBhcnNlZDogc3JjX3BvcnQKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5pcHRhYmxlcy5TUFQK", "description": "Parse iptables drop logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/jellyfin-whitelist": { "path": "parsers/s02-enrich/crowdsecurity/jellyfin-whitelist.yaml", "stage": "s02-enrich", "version": "0.1", "versions": { "0.1": { "digest": "aa1cf7cfac48914a41ca95fea4d1aa3b885b27d5359b2ecd39c9a22d21d65c47", "deprecated": false } }, "long_description": "IyMgSmVsbHlmaW4gV2hpdGVsaXN0CgojIyMgUGxheWluZyB2aWRlb3MKV2hlbiBwbGF5aW5nIHZpZGVvcyBhIFBPU1QgcmVxdWVzdCBpcyBtYWRlIHRvIGBgL1Nlc3Npb25zL1BsYXlpbmcvUHJvZ3Jlc3NgYCwgSmVsbHlmaW4gd2lsbCByZXR1cm4gYSA0MDMuCg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9qZWxseWZpbi13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZXZlbnRzIGZyb20gamVsbHlmaW4iCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10iCndoaXRlbGlzdDoKICByZWFzb246ICJKZWxseWZpbiB3aGl0ZWxpc3QiCiAgZXhwcmVzc2lvbjoKICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cyA9PSAnNDAzJyAmJiBldnQuTWV0YS5odHRwX3ZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBjb250YWlucyAiL1Nlc3Npb25zL1BsYXlpbmcvUHJvZ3Jlc3MiICMgV2hlbiBwbGF5aW5nIHZpZGVvcwo=", "description": "Whitelist events from jellyfin", "author": "crowdsecurity", "labels": null }, "crowdsecurity/k8s-audit": { "path": "parsers/s01-parse/crowdsecurity/k8s-audit.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "f6eacd85ee1d51aadda5394edda6a4b0a8672418ee64440926cfab554140ef26", "deprecated": false }, "0.2": { "digest": "e76674c085b19f6be7c1c90e15451d3252a38edc0ae554e47446986699031e84", "deprecated": false }, "0.3": { "digest": "c5b9c5e3e29019ca67a8e7323b2dea49e77edee4a9c2c8af5c4ca91d2a59395c", "deprecated": false }, "0.4": { "digest": "f8e939f05bb591a0770d909440f65bcc1a05e58e96036f06b0fce535aac3af50", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIFtLdWJlcm5ldGVzIGF1ZGl0IGxvZ3NdKGh0dHBzOi8va3ViZXJuZXRlcy5pby9kb2NzL3Rhc2tzL2RlYnVnL2RlYnVnLWNsdXN0ZXIvYXVkaXQvKS4KClRoZSBsb2cgY2FuIGJlIHJlYWQgZnJvbSBhIGZpbGUgb3Igc2VuZCB0byBjcm93ZHNlYyB3aXRoIHRoZSB3ZWJob29rIGJhY2tlbmQgKHdoZW4gdXNpbmcgdGhlIGs4cy1hdWRpdCBkYXRhc291cmNlKQ==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnazhzLWF1ZGl0JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQKZGVzY3JpcHRpb246ICJQYXJzZSBLdWJlcm5ldGVzIGF1ZGl0IGxvZ3MiCiNVbmZvcnR1bmF0ZWx5LCBrOHMgaGFzIHNsaWdodGx5IGRpZmZlcmVudCBKU09OIHdoZW4gdXNpbmcgYSB3ZWJob29rIG9yIGEgZmlsZSAoZmlyc3QgbGV0dGVyIG9mIHRoZSBrZXlzIGlzIGNhcGl0YWxpemVkIHdoZW4gdXNpbmcgdGhlIHdlYmhvb2spLgojRXhwbGljaXRseSBoYW5kbGUgdGhlIHdlYmhvb2sgZGF0YXNvdXJjZSwgYW5kIGFzc3VtZSBmaWxlLWxpa2UgZm9ybWF0IGZvciBldmVyeXRoaW5nIGVsc2UgKGl0IGNvdWxkIGJlIGNvbWluZyBmcm9tIHRoZSBzeXNsb2cgZGF0YXNvdXJjZSBmb3IgZXhhbXBsZSkKbm9kZXM6CiAgLSBmaWx0ZXI6IGV2dC5NZXRhLmRhdGFzb3VyY2VfdHlwZSA9PSAiazhzLWF1ZGl0IgogICAgc3RhdGljczoKICAgIC0gcGFyc2VkOiBrOHNfcGFyc2VkCiAgICAgIGV4cHJlc3Npb246IFVubWFyc2hhbEpTT04oZXZ0LlBhcnNlZC5tZXNzYWdlLCBldnQuVW5tYXJzaGFsZWQsICJrOHNfYXVkaXQiKQogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuVXNlci51c2VybmFtZQogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5Tb3VyY2VJUHNbMF0KICAgIC0gbWV0YTogbmFtZXNwYWNlCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuT2JqZWN0UmVmPy5OYW1lc3BhY2UKICAgIC0gbWV0YTogcmVzb3VyY2VfbmFtZQogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0Lk9iamVjdFJlZj8uTmFtZQogICAgLSBtZXRhOiBraW5kCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuUmVxdWVzdE9iamVjdD8ua2luZAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogazhzLWF1ZGl0CiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5SZXF1ZXN0UmVjZWl2ZWRUaW1lc3RhbXAKICAtIGZpbHRlcjogZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlICE9ICJrOHMtYXVkaXQiCiAgICBzdGF0aWNzOgogICAgLSBwYXJzZWQ6IGs4c19wYXJzZWQKICAgICAgZXhwcmVzc2lvbjogVW5tYXJzaGFsSlNPTihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgIms4c19hdWRpdCIpCiAgICAtIG1ldGE6IHVzZXIKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC51c2VyLnVzZXJuYW1lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LnNvdXJjZUlQc1swXQogICAgLSBtZXRhOiBuYW1lc3BhY2UKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5vYmplY3RSZWY/Lm5hbWVzcGFjZQogICAgLSBtZXRhOiByZXNvdXJjZV9uYW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQub2JqZWN0UmVmPy5uYW1lCiAgICAtIG1ldGE6IGtpbmQKICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5yZXF1ZXN0T2JqZWN0Py5raW5kCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBrOHMtYXVkaXQKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LnJlcXVlc3RSZWNlaXZlZFRpbWVzdGFtcAo=", "description": "Parse Kubernetes audit logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/kasm-logs": { "path": "parsers/s01-parse/crowdsecurity/kasm-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "cda64d5195d7e0837c64600d2494a5a60f8d8d8967899b730ee32f737a79d9bb", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ2thc20nIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKIyBkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2thc20tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGthc20gbG9ncyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtJUE9SSE9TVDpyZW1vdGVfaXB9KCwle0dSRUVEWURBVEE6cHJveGllc30pPycKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LkxpbmUuUmF3LCAicmVxdWVzdF9pcCIpCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZToga2FzbQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LkxpbmUuUmF3LCAidGltZXN0YW1wIikKICAtIG1ldGE6IG1ldHJpY19uYW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICJtZXRyaWNfbmFtZSIpCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmVtb3RlX2lwCiAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5MaW5lLlJhdywgInVzZXJfYWdlbnQiKQogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuTGluZS5SYXcsICJwYXRoX2luZm8iKQ==", "description": "Parse kasm logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/laurel-logs": { "path": "parsers/s01-parse/crowdsecurity/laurel-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "95eab37bd97b342940a3ca7217ee89c6b24b744ddf59e40346a28b43480db60f", "deprecated": false }, "0.2": { "digest": "3f8eca354cab4b0aa1b4ab35fbb44c110d6f170f05119dff5d03bfcee8daf124", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2xhdXJlbC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgbGF1cmVsIGpzb24gbG9ncyIKIyMgMS41LjIgcmV0dXJucyAiIiAsIDEuNS4zIHJldHVybnMgbmlsCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdsYXVyZWwnCnBhdHRlcm5fc3ludGF4OgogIEZMT0FUOiAnWzAtOVwuXSsnCm5vZGVzOgogIC0gZmlsdGVyOiBVbm1hcnNoYWxKU09OKGV2dC5QYXJzZWQubWVzc2FnZSwgZXZ0LlVubWFyc2hhbGVkLCAibGF1cmVsIikgaW4gWyIiLCBuaWxdCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtGTE9BVDp0aW1lc3RhbXB9OiV7SU5UOmV2ZW50X2luY19pZH0nCiAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5sYXVyZWwuSUQKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMICE9IG5pbAogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgICAgICAgdmFsdWU6IGxhdXJlbAogICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwuU1lTQ0FMTAogICAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgICAtIG1ldGE6IGV4ZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwuZXhlCiAgICAgICAgICAtIG1ldGE6IHVpZAogICAgICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLnVpZCkKICAgICAgICAgIC0gbWV0YTogYXVkaXRkX2V2ZW50aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ldmVudF9pbmNfaWQKICAgICAgICAgIC0gbWV0YTogcGFyZW50X3Byb2duYW1lCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5sYXVyZWwuU1lTQ0FMTC5QUElELmV4ZQogICAgICAgICAgLSBtZXRhOiBwcGlkCiAgICAgICAgICAgIGV4cHJlc3Npb246IGludChldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwucHBpZCkKICAgICAgICAgIC0gbWV0YTogYXVpZAogICAgICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLmF1aWQpCiAgICAgICAgICAtIG1ldGE6IGV1aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogaW50KGV2dC5Vbm1hcnNoYWxlZC5sYXVyZWwuU1lTQ0FMTC5ldWlkKQogICAgICAgICAgLSBtZXRhOiB0dHkKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLnR0eQogICAgICAgICAgLSBtZXRhOiBzdWJqCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC5sYXVyZWwuU1lTQ0FMTC5zdWJqCiAgICAgICAgICAtIG1ldGE6IHBpZAogICAgICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLnBpZCkKICAgICAgICAgIC0gbWV0YTogY29tbQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwuY29tbQogICAgICAgICAgLSBtZXRhOiBzaWcKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLnNpZwogICAgICAgICAgLSBtZXRhOiByZXMKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5TWVNDQUxMLnJlcwogICAgICAgICAgLSBtZXRhOiBzdHJfVUlECiAgICAgICAgICAgIGV4cHJlc3Npb246IGludChldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwuVUlEKQogICAgICAgICAgLSBtZXRhOiBzdHJfR0lECiAgICAgICAgICAgIGV4cHJlc3Npb246IGludChldnQuVW5tYXJzaGFsZWQubGF1cmVsLlNZU0NBTEwuR0lEKQogICAgICAtIGZpbHRlcjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5BTk9NX0FCRU5EICE9IG5pbAogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgICAgICAgdmFsdWU6IGxhdXJlbAogICAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgICB2YWx1ZTogYW5vbV9hYmVuZAogICAgICAgICAgLSBtZXRhOiBleGUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5BTk9NX0FCRU5EWzBdLmV4ZQogICAgICAgICAgLSBtZXRhOiB1aWQKICAgICAgICAgICAgZXhwcmVzc2lvbjogaW50KGV2dC5Vbm1hcnNoYWxlZC5sYXVyZWwuQU5PTV9BQkVORFswXS51aWQpCiAgICAgICAgICAtIG1ldGE6IGF1ZGl0ZF9ldmVudGlkCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZXZlbnRfaW5jX2lkCiAgICAgICAgICAtIG1ldGE6IHBpZAogICAgICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5BTk9NX0FCRU5EWzBdLnBpZCkKICAgICAgICAgIC0gbWV0YTogYXVpZAogICAgICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLmxhdXJlbC5BTk9NX0FCRU5EWzBdLmF1aWQpCiAgICAgICAgICAtIG1ldGE6IHNpZwogICAgICAgICAgICBleHByZXNzaW9uOiBTcHJpbnRmKCIldiIsIGludChldnQuVW5tYXJzaGFsZWQubGF1cmVsLkFOT01fQUJFTkRbMF0uc2lnKSkKc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1w", "description": "Parse laurel json logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/litespeed-logs": { "path": "parsers/s01-parse/crowdsecurity/litespeed-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "868cf099d57ea7a1994961b8d65e5abce01e797517bb97959c7e68e52dcb0b6f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIGxpdGVzcGVlZCBzZXJ2ZXIgbG9ncywgc3VwcG9ydCBib3RoIGFjY2VzcyBhbmQgZXJyb3JzIChIVFRQIHVzZXIgYXV0aGVudGljYXRpb24pIGxvZ3Mu", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdsaXRlc3BlZWQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGxpdGVzcGVlZCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgI2FjY2VzcyBsb2cKICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gKCV7TkdVU0VSOnJlbW90ZV91c2VyfSk/IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtEQVRBOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtOVU1CRVI6c3RhdHVzfSAle05VTUJFUjpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjdXNlciBub3QgZm91bmQgb3IgYmFkIHBhc3N3b3JkIGZvciBIVFRQIGF1dGgKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0gXFxbJXtEQVRBOmxvZ19sZXZlbH1cXF0gXFxbJXtOT05ORUdJTlQ6cGlkfVxcXSBcXFsle0lQT1JIT1NUOnJlbW90ZV9hZGRyfTole0RBVEE6bWlzY30jJXtEQVRBOnZob3N0fVxcXSBVc2VyICcle05HVVNFUjp1c2VybmFtZX0nIGZhaWxlZCB0byBhdXRoZW50aWNhdGVcXC4iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgLSBncm9rOgogICAgICAjYWRtaW4gVUkgYXV0aCBmYWlsCiAgICAgIHBhdHRlcm46ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWV9IFxcWyV7REFUQTpsb2dfbGV2ZWx9XFxdIFxcWyV7Tk9OTkVHSU5UOnBpZH1cXF0gXFxbJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn06JXtEQVRBOm1pc2N9IyV7REFUQTp2aG9zdH1cXF0gXFxbJXtXT1JEfVxcXSBcXFsle0RBVEF9XFxdIEZhaWxlZCBMb2dpbiBBdHRlbXB0IC0gdXNlcm5hbWU6JXtEQVRBOnVzZXJuYW1lfSBpcDole0lQOmNsaWVudF9pcH0gdXJsOiV7REFUQTp1cmx9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgIHZhbHVlOiAibGl0ZXNwZWVkX2FkbWluX2F1dGhfZmFpbCIKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogaHR0cF9zdGF0dXMKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnN0YXR1cyIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVxdWVzdCIKICAtIG1ldGE6IGh0dHBfdmVyYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudmVyYiIKICAtIG1ldGE6IGh0dHBfdXNlcl9hZ2VudAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IgogIC0gbWV0YTogdGFyZ2V0X2ZxZG4KICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9mcWRuIgo=", "description": "Parse litespeed access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/magento-extension-logs": { "path": "parsers/s01-parse/crowdsecurity/magento-extension-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "14462ab2a582ecf9be26402de41b9a253e997b93a39c1aa1cfb22abf3740f808", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciB0aGUgW0Nyb3dkU2VjIE1hZ2VudG8gRXh0ZW5zaW9uXShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvYm91bmNlcnMvY3MtbWFnZW50by1ib3VuY2VyKS4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ21hZ2VudG8tZXh0ZW5zaW9uJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9tYWdlbnRvLWV4dGVuc2lvbi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQ3Jvd2RTZWMgTWFnZW50byBleHRlbnNpb24gbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgSEVBREVSOiAnXFsle0RBVEE6dGltZXN0YW1wfVxdIGNyb3dkc2VjLWV2ZW50c1wuW146XSs6ICAle0dSRUVEWURBVEE6bGluZX0gXFtcXScKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiSEVBREVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gdGFyZ2V0OiBTdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcApzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBtYWdlbnRvCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubGluZSwgInR5cGUiKQogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAiaXAiKQogICAgLSBtZXRhOiB4X2ZvcndhcmRlZF9mb3IKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAieC1mb3J3YXJkZWQtZm9yLWlwIikKICAgIC0gbWV0YTogYm91bmNlcl9hZ2VudAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJib3VuY2VyX2FnZW50IikKICAgIC0gbWV0YTogY3VzdG9tZXJfaWQKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAiY3VzdG9tZXJfaWQiKQogICAgLSBtZXRhOiBwYXltZW50X21ldGhvZAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJwYXltZW50X21ldGhvZCIpCiAgICAtIG1ldGE6IG9yZGVyX2lkCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubGluZSwgIm9yZGVyX2lkIikKICAgIC0gbWV0YTogcHJvZHVjdF9pZAogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLmxpbmUsICJwcm9kdWN0X2lkIikKICAgIC0gbWV0YTogcXVvdGVfaWQKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5saW5lLCAicXVvdGVfaWQiKQ==", "description": "Parse CrowdSec Magento extension logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mariadb-logs": { "path": "parsers/s01-parse/crowdsecurity/mariadb-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "98468759d771f3db2dfdf795ac2794c9b56c01d6d46e98a1a81913309bedc74f", "deprecated": false }, "0.2": { "digest": "f41ce905ce3bd2034f375af20547930c913260792a82e8426aa8ab3b146cdba0", "deprecated": false }, "0.3": { "digest": "de1d309812318018d96a22970c1d3a62e60f4c5807cd845496a09aa72fd18919", "deprecated": false }, "0.4": { "digest": "cb1a53a0c8e563401a4c89db5217e73178c6760100c37146b748489823b7778c", "deprecated": false } }, "long_description": "TWFyaWFkYiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4K", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTWFyaWFEQiBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gc3RhcnRzV2l0aCAnbWFyaWFkYiciCnBhdHRlcm5fc3ludGF4OgogIExPTkdfREFURV9ZTUQ6ICIle1lFQVI6eWVhcn0tJXtNT05USE5VTTptb250aH0tJXtNT05USERBWTpkYXl9IgogIFNIT1JUX0RBVEVfWU1EOiAiJXtZRUFSOnllYXJ9JXtNT05USE5VTTI6bW9udGh9JXtNT05USERBWTpkYXl9IgogIFBBU1NXT1JEX1NZTlRBWDogIiA/JXtUSU1FOnRpbWV9ICgle05VTUJFUjp0aHJlYWRfaWR9ICk/XFxbV2FybmluZ1xcXSBBY2Nlc3MgZGVuaWVkIGZvciB1c2VyICcle0RBVEE6dXNlcn0nQCcle0lQOnNvdXJjZV9pcH0nIFxcKHVzaW5nIHBhc3N3b3JkOiAle1dPUkQ6dXNpbmdfcGFzc3dvcmR9XFwpIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle0xPTkdfREFURV9ZTUQ6ZGF0ZX0gJXtQQVNTV09SRF9TWU5UQVh9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtTSE9SVF9EQVRFX1lNRDpkYXRlfSAle1BBU1NXT1JEX1NZTlRBWH0iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICAgICAgICB2YWx1ZTogIjA2MDEwMiAxNTowNDowNSIKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZSIKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogIm1hcmlhZGJfZmFpbGVkX2F1dGgiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCg==", "description": "Parse MariaDB logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/modsecurity": { "path": "parsers/s01-parse/crowdsecurity/modsecurity.yaml", "stage": "s01-parse", "version": "1.0", "versions": { "0.1": { "digest": "8db1b74ef6681ebe8e9fcc09ed271830a330f3aa5dd3e273a98b3906c334f715", "deprecated": false }, "0.2": { "digest": "522f242c438219ae659e775aa123c252d9dcebf8bf808d644eb8a0069ed87919", "deprecated": false }, "0.3": { "digest": "f173c890dc7abadbeedf7e99d11ae8834e0dfc90e21684b5ea71f267a5a506f5", "deprecated": false }, "0.4": { "digest": "cd4f670cbb0b41d6e19d61170cfb60868832bf19e8393235d857dd356f33df2a", "deprecated": false }, "0.5": { "digest": "bc41dae1bc38731159c2c141ed9a0e4f99d6c8ec525555c6915a5ee376716da2", "deprecated": false }, "0.6": { "digest": "e598abbbe73a831393605f33b513cbf92b1f568a37f1388a3aa9fa7065d1514e", "deprecated": false }, "0.7": { "digest": "beee35fd2bb445549f0ef2f1be21dee30019aaaf6522a86e9bc114df6ecae73f", "deprecated": false }, "0.8": { "digest": "2f897a99b1d318627537f760a09194d62cb7d3cf6f2673b48815b2bd28a4279e", "deprecated": false }, "0.9": { "digest": "051d3c5c4b723913221f8e864f8ae21e491d79c139f3f8776e1591b5cba48582", "deprecated": false }, "1.0": { "digest": "4f670402660442a3d762dddeabc497af0e597fdb3fd3a1dce366cf7260df941e", "deprecated": false } }, "long_description": "VGhpcyBtb2RzZWN1cml0eSBwYXJzZXIgc3VwcG9ydCBtb2RzZWN1cml0eSBsb2dzIGZyb20gYXBhY2hlMiBlcnJvciBsb2cuCgooTm90IHRlc3RlZCB3aXRoIE5naW54IHlldCkuIA==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtb2RzZWN1cml0eScKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQojZGVidWc6IHRydWUKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciBtb2RzZWN1cml0eSBXQUYKcGF0dGVybl9zeW50YXg6CiAgQVBBQ0hFRVJST1JQUkVGSVgyOiAiXFxbJXtBUEFDSEVFUlJPUlRJTUU6dGltZXN0YW1wfVxcXSBcXFsle05PVFNQQUNFOmFwYWNoZXNldmVyaXR5fVxcXSAoXFxbcGlkICV7SU5UfSg6dGlkICV7SU5UfSk/XFxdICk/XFxbY2xpZW50ICV7SVBPUkhPU1Q6c291cmNlaG9zdH0oOiV7SU5UOnNvdXJjZV9wb3J0fSk/XFxdIChcXFtjbGllbnQgJXtJUE9SSE9TVH1cXF0pPyIKICBOR0lOWEVSUk9SUFJFRklYOiAiJXtOR0lOWEVSUlRJTUU6dGltZX0gXFxbJXtMT0dMRVZFTDpsb2dsZXZlbH1cXF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXFwqJXtOT05ORUdJTlQ6Y2lkfSApPyhcXFtjbGllbnQgJXtJUE9SSE9TVH1cXF0gKT8iCiAgTkdJTlhFUlJPUlNVRkZJWDogImNsaWVudDogJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0sIHNlcnZlcjogJXtEQVRBOnRhcmdldF9mcWRufSwgcmVxdWVzdDogXCIle1dPUkQ6dmVyYn0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259XCIoLCBob3N0OiBcIiV7SVBPUkhPU1R9KDole0lOVH0pP1wiKT8iCiAgTU9EU0VDTkdJTlhQUkVGSVg6ICIle05HSU5YRVJST1JQUkVGSVh9TW9kU2VjdXJpdHk6ICgle05PVFNQQUNFOm1vZHNlY3NldmVyaXR5fVxcLiApPyV7R1JFRURZREFUQTptb2RzZWNtZXNzYWdlfSIKICBNT0RTRUNQUkVGSVgyOiAiJXtBUEFDSEVFUlJPUlBSRUZJWDJ9IE1vZFNlY3VyaXR5OiAoJXtOT1RTUEFDRTptb2RzZWNzZXZlcml0eX1cXC4gKT8le0dSRUVEWURBVEE6bW9kc2VjbWVzc2FnZX0iCiAgTU9EU0VDUlVMRUZJTEUyOiAiXFxbZmlsZSBcIiV7REFUQTpydWxlZmlsZX1cIlxcXSIKICBNT0RTRUNSVUxFTElORTI6ICJcXFtsaW5lIFwiJXtEQVRBOnJ1bGVsaW5lfVwiXFxdIgogIE1PRFNFQ01BVENIT0ZGU0VUMjogIlxcW29mZnNldCBcIiV7REFUQTptYXRjaG9mZnNldH1cIlxcXSIKICBNT0RTRUNSVUxFSUQyOiAiXFxbaWQgXCIle0RBVEE6cnVsZWlkfVwiXFxdIgogIE1PRFNFQ1JVTEVSRVYyOiAiXFxbcmV2IFwiJXtEQVRBOnJ1bGVyZXZ9XCJcXF0iCiAgTU9EU0VDUlVMRU1TRzI6ICJcXFttc2cgXCIle0RBVEE6cnVsZW1lc3NhZ2V9XCJcXF0iCiAgTU9EU0VDUlVMRURBVEEyOiAiXFxbZGF0YSBcIiV7REFUQTpydWxlZGF0YX1cIlxcXSIKICBNT0RTRUNSVUxFU0VWRVJJVFkyOiAiXFxbc2V2ZXJpdHkgXCIle0RBVEE6cnVsZXNldmVyaXR5fVwiXFxdIgogIE1PRFNFQ1JVTEVNQVRVUklUWTogIlxcW21hdHVyaXR5IFwiJXtEQVRBOm1hdHVyaXR5fVwiXFxdIgogIE1PRFNFQ1JVTEVBQ0NVUkFDWTogIlxcW2FjY3VyYWN5IFwiJXtEQVRBOmFjY3VyYWN5fVwiXFxdIgogIE1PRFNFQ1JVTEVWRVJTMjogIlxcW3ZlciBcIiV7REFUQTp2ZXJzaW9ufVwiXFxdIgogIE1PRFNFQ1JVTEVUQUdTMjogIig/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnMn1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnM31cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnNn1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnN31cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnOH1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQTpydWxldGFnOX1cIlxcXSApPyg/OlxcW3RhZyBcIiV7REFUQX1cIlxcXSApKiIKICBNT0RTRUNIT1NUTkFNRTI6ICJcXFtob3N0bmFtZSBbJ1wiXSV7REFUQTp0YXJnZXRob3N0fVtcIiddXFxdIgogIE1PRFNFQ1VSSTI6ICJcXFt1cmkgW1wiJ10le0RBVEE6dGFyZ2V0dXJpfVtcIiddXFxdIgogIE1PRFNFQ1VJRDI6ICJcXFt1bmlxdWVfaWQgXCIle0RBVEE6dW5pcXVlaWR9XCJcXF0iCiAgTU9EU0VDUkVGMjogIlxcW3JlZiBcIiV7REFUQTpyZWZ9XCJcXF0iCiAgTU9EU0VDQVBBQ0hFRVJST1IyOiAiJXtNT0RTRUNQUkVGSVgyfSAle01PRFNFQ1JVTEVGSUxFMn0gJXtNT0RTRUNSVUxFTElORTJ9ICg/OiV7TU9EU0VDTUFUQ0hPRkZTRVQyfSApPyg/OiV7TU9EU0VDUlVMRUlEMn0gKT8oPzole01PRFNFQ1JVTEVSRVYyfSApPyg/OiV7TU9EU0VDUlVMRU1TRzJ9ICk/KD86JXtNT0RTRUNSVUxFREFUQTJ9ICk/KD86JXtNT0RTRUNSVUxFU0VWRVJJVFkyfSApPyg/OiV7TU9EU0VDUlVMRVZFUlMyfSApPyV7TU9EU0VDUlVMRVRBR1MyfSV7TU9EU0VDSE9TVE5BTUUyfSAle01PRFNFQ1VSSTJ9ICV7TU9EU0VDVUlEMn0iCiAgTU9EU0VDTkdJTlhFUlJPUjogIiV7TU9EU0VDTkdJTlhQUkVGSVh9ICV7TU9EU0VDUlVMRUZJTEUyfSAle01PRFNFQ1JVTEVMSU5FMn0gKD86JXtNT0RTRUNNQVRDSE9GRlNFVDJ9ICk/KD86JXtNT0RTRUNSVUxFSUQyfSApPyg/OiV7TU9EU0VDUlVMRVJFVjJ9ICk/KD86JXtNT0RTRUNSVUxFTVNHMn0gKT8oPzole01PRFNFQ1JVTEVEQVRBMn0gKT8oPzole01PRFNFQ1JVTEVTRVZFUklUWTJ9ICk/KD86JXtNT0RTRUNSVUxFVkVSUzJ9ICk/KD86JXtNT0RTRUNSVUxFTUFUVVJJVFl9ICk/KD86JXtNT0RTRUNSVUxFQUNDVVJBQ1l9ICk/JXtNT0RTRUNSVUxFVEFHUzJ9JXtNT0RTRUNIT1NUTkFNRTJ9ICV7TU9EU0VDVVJJMn0gJXtNT0RTRUNVSUQyfSAle01PRFNFQ1JFRjJ9LCAle05HSU5YRVJST1JTVUZGSVh9IgoKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiBNT0RTRUNBUEFDSEVFUlJPUjIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogbW9kc2VjdXJpdHkKICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2Vob3N0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgIC0gbWV0YTogcnVsZV9pZAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlaWQKICAgICAgICAtIG1ldGE6IG1vZHNlY19tZXNzYWdlCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJ1bGVtZXNzYWdlCiAgICAgICAgLSBtZXRhOiBtb2RzZWNfcnVsZWRhdGEKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucnVsZWRhdGEKICAtIGdyb2s6CiAgICAgIG5hbWU6IE1PRFNFQ05HSU5YRVJST1IKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogbW9kc2VjdXJpdHkKICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZW1vdGVfYWRkcgogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICAgICAgLSBtZXRhOiBydWxlX2lkCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJ1bGVpZAogICAgICAgIC0gbWV0YTogbW9kc2VjX21lc3NhZ2UKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucnVsZW1lc3NhZ2UKICAgICAgICAtIG1ldGE6IG1vZHNlY19ydWxlZGF0YQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlZGF0YQoK", "description": "A parser for modsecurity WAF", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mssql-logs": { "path": "parsers/s01-parse/crowdsecurity/mssql-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "9c99578104a9158ada41bb8dd920575a83d494e6f6e2d166eb5773fb4d7023b1", "deprecated": false }, "0.2": { "digest": "2c39d0c3f1cf4124d5e3cc113c733b2ef220522d01706b5434382240de10b147", "deprecated": false }, "0.3": { "digest": "b9dc0a3b53d5e1ad6eeae3e1beb04d01afe62111e80d5871b77caee2e7172cfd", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBNU1NRTCBMb2dzIHZpYSB3aW5ldmVudGxvZyBPUiBNU1NRTCBsb2dzIGZvciBbQXp1cmUtRWRnZS1TcWxdKGh0dHBzOi8vaHViLmRvY2tlci5jb20vXy9taWNyb3NvZnQtYXp1cmUtc3FsLWVkZ2UpIHZpYSBkb2NrZXIKCmBgYHlhbWwKLS0tCnNvdXJjZTogd2luZXZlbnRsb2cKZXZlbnRfY2hhbm5lbDogQXBwbGljYXRpb24KZXZlbnRfaWRzOgogLSAxODQ1NgpldmVudF9sZXZlbDogaW5mb3JtYXRpb24KbGFiZWxzOgogdHlwZTogbXNzcWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9pZDoKIC0gPERvY2tlciBDb250YWluZXIgSUQ+ICNBenVyZS1FZGdlLVNxbCBjb250YWluZXIgSUQKY29udGFpbmVyX25hbWVfcmVnZXhwOgogLSAuKm1zc3FsKgpsYWJlbHM6CiAgdHlwZTogbXNzcWwKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIChldnQuUGFyc2VkLlNvdXJjZSA9PSAnTVNTUUxTRVJWRVInIHx8IGV2dC5QYXJzZWQuU291cmNlIHN0YXJ0c1dpdGggJ01TU1FMJCcpICYmIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTg0NTYnIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IFBhc3N3b3JkIGRpZCBub3QgbWF0Y2ggdGhhdCBmb3IgdGhlIGxvZ2luIHByb3ZpZGVkXFwuIgogICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzJdIikKICAgIG5vZGVzOgogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAiXFxbQ0xJRU5UOiAle0lQOnNvdXJjZV9pcH1cXF0iCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzNdIikKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBiYWRfcGFzc3dvcmQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IENvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1zc3FsX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzFdIikKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L21zc3FsLXRleHQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXNzcWwnIgpwYXR0ZXJuX3N5bnRheDoKICBEQVRFX1lNRDogIiV7WUVBUjp5ZWFyfS0le01PTlRITlVNOm1vbnRofS0le01PTlRIREFZOmRheX0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9IExvZ29uLipMb2dpbiBmYWlsZWQgZm9yIHVzZXIgJyV7Tk9URFFVT1RFOnVzZXJ9Jy4gUmVhc29uOiAle0dSRUVEWURBVEE6cmVhc29uX21lc3NhZ2V9LiBcXFtDTElFTlQ6ICV7SVBPUkhPU1Q6c291cmNlX2lwfVxcXSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5yZWFzb25fbWVzc2FnZSA9PSAnUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQucmVhc29uX21lc3NhZ2UgPT0gJ0NvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG1zc3FsCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBtc3NxbF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUi", "description": "Parse mssql logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/mysql-logs": { "path": "parsers/s01-parse/crowdsecurity/mysql-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "9ad9acb6f2c62c6d38c8b662a22af412f6bb0d73f14197b5136cc2c777a3865b", "deprecated": false }, "0.2": { "digest": "4d2fb3da27c9e65b95fe74f962b0ed1f246f2312ca48b8e9fc95e073488a0809", "deprecated": false }, "0.3": { "digest": "e87dcc2182097881e9b90183917fa6e482e5dbe5a03420aab7c0d62b039cb0dd", "deprecated": false }, "0.4": { "digest": "f079cdfce412548dba1989be5b3491bfcd425790b91c4331c932d930169f8111", "deprecated": false } }, "long_description": "TXlzcWwgYXV0aGVudGljYXRpb24gZmFpbCBwYXJzZXIuCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE15U1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXlzcWwnIgpwYXR0ZXJuX3N5bnRheDoKICBNWVNRTF9BQ0NFU1NfREVOSUVEOiAiQWNjZXNzIGRlbmllZCBmb3IgdXNlciAnJXtEQVRBOnVzZXJ9J0AnJXtJUDpzb3VyY2VfaXB9JyBcXCh1c2luZyBwYXNzd29yZDogJXtXT1JEOnVzaW5nX3Bhc3N3b3JkfVxcKSIgCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0gJXtOVU1CRVJ9IFxcW05vdGVcXF0oIFxcWyV7REFUQTplcnJfY29kZX1cXF0gXFxbJXtEQVRBOnN1YnN5c3RlbX1cXF0pPyAle01ZU1FMX0FDQ0VTU19ERU5JRUR9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0uKiV7TlVNQkVSfSBDb25uZWN0Liole01ZU1FMX0FDQ0VTU19ERU5JRUR9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBteXNxbF9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWUKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCg==", "description": "Parse MySQL logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/naxsi-logs": { "path": "parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml", "stage": "s02-enrich", "version": "0.1", "versions": { "0.1": { "digest": "c8b9f9ffdc82619cfc9ef10be9ba18513f702688d86d5c48a5cffb525499a8f0", "deprecated": false } }, "content": "I2xldCdzIHRyeSB0byBwb3N0LXByb2Nlc3MgbmdpbnggZXJyb3IgbG9nIHRvIGhhdmUgbmF4c2kgcGF0dGVybgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9lcnJvci1sb2cnICYmIGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbmdpbngnIgpkZXNjcmlwdGlvbjogIkVucmljaCBsb2dzIGlmIGl0cyBmcm9tIE5BWFNJIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25heHNpLWxvZ3MKZ3JvazoKICBuYW1lOiAiTkFYU0lfRVhMT0ciCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0Lk1ldGEubG9nX3R5cGUKICAgIHZhbHVlOiB3YWZfbmF4c2ktbG9nCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLm5heHNpX3NyY19pcCIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF9wYXRoIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2lwIg==", "description": "Enrich logs if its from NAXSI", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nextcloud-logs": { "path": "parsers/s01-parse/crowdsecurity/nextcloud-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "072ff18cde784aedbe88ded5742860fcdf5000c3b56f10ca4d5fc2ec0b8166d7", "deprecated": false }, "0.2": { "digest": "a83ed98682243d1e6fd1b07e763746f7dd05a2bffb18f6cbad646ec863b622de", "deprecated": false }, "0.3": { "digest": "21f42e86e1dbe439df7748ad883fcb34ab57096fb0ef4175e76eee0ef503bccd", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbTmV4dGNsb3VkXShodHRwczovL25leHRjbG91ZC5jb20vKSBsb2dzCgpJZiB5b3UgaGF2ZSB0aGUgZGVmYXVsdCBbc2V0dGluZ10oaHR0cHM6Ly9kb2NzLm5leHRjbG91ZC5jb20vc2VydmVyL3N0YWJsZS9hZG1pbl9tYW51YWwvY29uZmlndXJhdGlvbl9zZXJ2ZXIvY29uZmlnX3NhbXBsZV9waHBfcGFyYW1ldGVycy5odG1sP2hpZ2hsaWdodD1sb2dsZXZlbCNsb2dnaW5nKQpvZiBsb2dnaW5nIHRvIGZpbGUsIHlvdSBuZWVkIHRvIGFkZCBpbiBhY3F1aXNpdGlvbiAoY2hhbmdlIGZpbGVuYW1lIHRvIHlvdXIgbG9nIGZpbGUgbG9jYXRpb24pOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL3d3dy9uZXh0Y2xvdWQvZGF0YS9uZXh0Y2xvdWQubG9nCmxhYmVsczoKICB0eXBlOiBOZXh0Y2xvdWQKYGBgCgpJZiB5b3UgYXJlIHNlbmRpbmcgbG9ncyB0byBzeXNsb2cgb3Igc3lzdGVtZCBhbmQgcmVhZCBmcm9tIGpvdXJuYWxkLCBhZGQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRklFUj1OZXh0Y2xvdWQiCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCg==", "content": "LS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6ICJVcHBlcihldnQuUGFyc2VkLnByb2dyYW0pID09ICdORVhUQ0xPVUQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgbmV4dGNsb3VkIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIE5FWFRDTE9VRF9VU0VSOiAnW2EtekEtWjAtOVwuXEBcLVwrXyVdKycKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnTG9naW4gZmFpbGVkOiAle05FWFRDTE9VRF9VU0VSOnRhcmdldF91c2VyfSBcKFJlbW90ZSBJUDogJXtJUDpzb3VyY2VfaXB9XCknCiAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1lc3NhZ2UiKQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF91c2VyIgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IG5leHRjbG91ZF9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ0JydXRlZm9yY2UgYXR0ZW1wdCBmcm9tIFxcPyIle0lQOnNvdXJjZV9pcH1cXD8iIGRldGVjdGVkIGZvciBhY3Rpb24gXFw/IiV7REFUQTphY3Rpb259XFw/IicKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAibWVzc2FnZSIpCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGFjdGlvbgogICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmFjdGlvbiIKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBuZXh0Y2xvdWRfYnJ1dGVmb3JjZV9hdHRlbXB0CgojeyJyZXFJZCI6ImRDQTM5bU5HM05ITHdiaWJWQ0ZwIiwibGV2ZWwiOjEsInRpbWUiOiIyMDIzLTAyLTE0VDE3OjI4OjMzKzAwOjAwIiwicmVtb3RlQWRkciI6IjE3Mi4xOC4wLjIwMCIsInVzZXIiOiItLSIsImFwcCI6ImNvcmUiLCJtZXRob2QiOiJHRVQiLCJ1cmwiOiIvIiwibWVzc2FnZSI6IlRydXN0ZWQgZG9tYWluIGVycm9yLiBcIjE3Mi4xOC4wLjIwMFwiIHRyaWVkIHRvIGFjY2VzcyB1c2luZyBcImtsb290LnJvbnNtYW5zLmV1XCIgYXMgaG9zdC4iLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xNTsgcnY6MTA5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA5LjAiLCJ2ZXJzaW9uIjoiMjUuMC4zLjIiLCJkYXRhIjp7ImFwcCI6ImNvcmUifX0KCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnVHJ1c3RlZCBkb21haW4gZXJyb3IuIFxcIiV7SVA6c291cmNlX2lwfVxcIi4qJwogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJtZXNzYWdlIikKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogbmV4dGNsb3VkX2RvbWFpbl9lcnJvcgoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBuZXh0Y2xvdWQKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZSIpCg==", "description": "Parse nextcloud logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nextcloud-whitelist": { "path": "parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml", "stage": "s02-enrich", "version": "0.7", "versions": { "0.1": { "digest": "7685c823a398a711b76afea742ebeb2637ac55c829eafba841b63504b1e2228e", "deprecated": false }, "0.2": { "digest": "15ef491d0966d5796364e53ee9d1755888696feaff16522b2a1b06536b47ea78", "deprecated": false }, "0.3": { "digest": "a8c2afddb978e2dd08559c11dfd1a8d220b3667047adc3c4140ee6643b7ae8fa", "deprecated": false }, "0.4": { "digest": "82fdff4937ffd65362b26dc5956bbe366185241f8c42a72c5c760dfc0dcaae87", "deprecated": false }, "0.5": { "digest": "b5e9ba6ad48c09317260c89ec36c3501e520a7655fb8d476ffb861fb656099c2", "deprecated": false }, "0.6": { "digest": "ef87b424f23e583ab71adc0d8ff5ede0778e8ad45884b17b261babbf5e9619e3", "deprecated": false }, "0.7": { "digest": "51a59c210b4b63883c62328a08ac1577257cd4910bd7a44b92285a80596c4a5e", "deprecated": false } }, "long_description": "IyMgTmV4dGNsb3VkIHdoaXRlbGlzdAoKIyMjIENvbnRhY3RzIGFwcApDb250YWN0cyBoYXMgYW4gaXNzdWUgd2l0aCBleGNlc3NpdmUgNDA0IHJlc3BvbnNlIGNvZGVzIHdoZW4gYSB1c2VyIGltYWdlIGlzIG1pc3NpbmcKW1Vwc3RyZWFtIGlzc3VlXShodHRwczovL2dpdGh1Yi5jb20vbmV4dGNsb3VkL2NvbnRhY3RzL2lzc3Vlcy8zMDIxKQoKLS0tCiMjIyBQaG90b3MgYXBwCk9uIGZpcnN0IGxvYWQgdGhlIHBob3RvcyBhcHAgY2FsbHMgYSBwcmV2aWV3IGVuZHBvaW50LCBob3dldmVyLCBpZiBpdCBmYWlscyB0byBsb2FkIGl0IHdpbGwgdHJpZ2dlciBodHRwLXByb2JpbmcKCldoZW4gb3BlbmluZyB0aGUgcGhvdG9zIGFwcCwgbXVsdGlwbGUgcmVxdWVzdHMgYXJlIG1hZGUgdmVyeSBxdWlja2x5IGZvciBpbWFnZXMsIHNpbmNlIHRoZXkgYXJlIG5vdCBtYXJrZWQgYXMgaW1hZ2VzIChlbmRpbmcgaW4gcG5nLGpwZyBldGMpIGl0IGNhbiB0cmlnZ2VyIEhUVFAgY3Jhd2wgbm9uIHN0YXRpY3MuCgotLS0KIyMjIEJhY2t1cCBhcHAKV2hlbiBsb2FkaW5nIGJhY2t1cHMgZm9yIGEgZmlsZSBpZiB0aG9zZSBiYWNrdXBzIGhhdmUgYmVlbiBtb2RpZmllZCBvciBkZWxldGVkIGJ5IChPUy9VU0VSKSBpdCBjYW4gZWFzaWx5IHRyaWdnZXIgaHR0cC1wcm9iaW5nCgotLS0KIyMjIEZpbGVzIGFwcApUaGUgYC9jb3JlL3ByZXZpZXdgIGVuZHBvaW50IHJldHVybnMgNDA0IGlmIGEgZmlsZSBoYXMgbm8gdGh1bWJuYWlsIChpbmNsdWRpbmcgZmlsZXMgd2hpY2ggYXJlbid0IG1lYW50IHRvLCBsaWtlIFhNTHMpLgpUaGlzIGNhbiB0cmlnZ2VyIGh0dHAtcHJvYmluZyB3aGVuIHVzaW5nIHRoZSBmaWxlIHNlYXJjaCBiYXIuCgpXaGVuIHByZXZpZXdzIGFyZSBtaXNzaW5nIGZvciBmaWxlcyBpbiB0aGUgdHJhc2ggYmluLCBhIDQwNCBlcnJvciBpcyByZXR1cm5lZCB3aGljaCB0cmlnZ2VycyBodHRwIHByb2JpbmcuCgpJbiByYXJlIGNhc2VzIEhUVFAgUHJvYmluZyB3aWxsIGJlIHRyaWdnZXJlZCB3aGVuIG9wZW5pbmcgbXVsdGlwbGUgZm9sZGVycyBxdWlja2x5LCBOZXh0Y2xvdWQgY2hlY2tzIGZvciBhIGBgcmVhZG1lLm1kYGAgZmlsZSBhbmQgaWYgaXQgZG9lc24ndCBleGlzdCBhIDQwNCBlcnJvciBpcyB0aHJvd24uCgotLS0KIyMjIENyZWF0aW5nIGZpbGVzIHZpYSBXZWJEQVYKV2hlbiB1cGxvYWRpbmcgZmlsZXMgdmlhIFdlYkRBViwgYSBQUk9QRklORCByZXF1ZXN0IGlzIHNlbnQgdG8gdGhlIHNlcnZlciwgd2hpY2ggcmV0dXJucyA0MDQgaWYgdGhlIGZpbGUgZG9lcyBub3QKZXhpc3QuIFRoZW4gdGhlIGZpbGUgaXMgY3JlYXRlZC4gVXBsb2FkaW5nIG1vcmUgdGhhbiAxMCBmaWxlcyBhdCBhIHRpbWUgd2lsbCB0cmlnZ2VyIGh0dHAtcHJvYmluZy4K", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9uZXh0Y2xvdWQtd2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIG5leHRjbG91ZCIKZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKd2hpdGVsaXN0OgogIHJlYXNvbjogIk5leHRjbG91ZCBXaGl0ZWxpc3QiCiAgZXhwcmVzc2lvbjoKICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cyA9PSAnNDA0JyAmJiBldnQuTWV0YS5odHRwX3ZlcmIgPT0gJ0dFVCcgJiYgZXZ0LlBhcnNlZC5maWxlX2V4dCA9PSAnLnZjZicgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgInBob3RvIiAjQ29udGFjdHMgYXBwIC52Y2YgbWlzc2luZyBwaG90bwogICAtIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICc0MDQnICYmIGV2dC5NZXRhLmh0dHBfdmVyYiA9PSAnR0VUJyAmJiBldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgJy9hcHBzL2ZpbGVzX3ZlcnNpb25zL3ByZXZpZXcnICYmIGV2dC5QYXJzZWQuaHR0cF9hcmdzIGNvbnRhaW5zICd2ZXJzaW9uJyAjQmFja3VwIGFwcCBtaXNzaW5nIGZpbGUgdmVyc2lvbgogICAtIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICc0MDQnICYmIGV2dC5NZXRhLmh0dHBfdmVyYiA9PSAnR0VUJyAmJiBldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgJy9hcHBzL3Bob3Rvcy9hcGkvdjEvcHJldmlldycgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJ3gnICYmIGV2dC5QYXJzZWQuaHR0cF9hcmdzIGNvbnRhaW5zICd5JyAjUGhvdG8gYXBwIGxvYWRzIGFsbCBwcmV2aWV3cyBhcyBzbWFsbCBwYW5lcywgYnV0IGNhbiA0MDQKICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cyA9PSAnNDA0JyAmJiBldnQuTWV0YS5odHRwX3ZlcmIgPT0gJ0dFVCcgJiYgZXZ0LlBhcnNlZC5yZXF1ZXN0IGNvbnRhaW5zICcvY29yZS9wcmV2aWV3JyAmJiBldnQuUGFyc2VkLmh0dHBfYXJncyBjb250YWlucyAneD0nICYmIGV2dC5QYXJzZWQuaHR0cF9hcmdzIGNvbnRhaW5zICd5PScgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJ2ZpbGVJZD0nICNGaWxlIHByZXZpZXcgb2Z0ZW4gNDA0cyB3aGlsZSBzZWFyY2hpbmcKICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cyA9PSAnNDA0JyAmJiBldnQuTWV0YS5odHRwX3ZlcmIgaW4gWydQUk9QRklORCcsICdHRVQnXSAmJiBldnQuTWV0YS5odHRwX3BhdGggbWF0Y2hlcyAnXi9yZW1vdGUucGhwLyh3ZWIpP2Rhdi8nICNVcGxvYWRpbmcgbmV3IGZpbGVzIHZpYSBXZWJEQVYgYWx3YXlzIHByb2R1Y2VzIGEgNDA0CiAgIC0gZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwNCcgJiYgZXZ0Lk1ldGEuaHR0cF92ZXJiID09ICdHRVQnICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBzdGFydHNXaXRoICcvYXBwcy9tYWlsL2FwaS9hdmF0YXJzL3VybC8nICNXaGVuIGxvYWRpbmcgbWFpbCBjb250YWN0cyB0aGUgYXZhdGFycyBtYXkgZ2V0IDQwNAogICAtIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICcyMDAnICYmIGV2dC5QYXJzZWQuc3RhdGljX3Jlc3NvdXJjZSA9PSAnZmFsc2UnICYmIGV2dC5NZXRhLmh0dHBfdmVyYiA9PSAnR0VUJyAmJiBldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgJy9hcHBzL3Bob3Rvcy9hcGkvdjEvcHJldmlldycgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJyZ4PScgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJyZ5PScgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJ2V0YWc9JyAjV2hlbiBsb2FkaW5nIG11bHRpcGxlIGltYWdlcyBpbnNpZGUgTmV4dGNsb3VkIFBob3RvcywgSFRUUCBDcmF3bCBub24gc3RhdGljcyBpcyB0cmlnZ2VyZWQgc2luY2UgdGhlIGltYWdlcyBsb29rIGxpa2UgZHluYW1pYyBhc3NldHMuCiAgIC0gZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwNCcgJiYgZXZ0Lk1ldGEuaHR0cF92ZXJiID09ICdHRVQnICYmIGV2dC5QYXJzZWQucmVxdWVzdCA9PSAnL29jcy92Mi5waHAvYXBwcy90ZXh0L3dvcmtzcGFjZScgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJ3BhdGg9JTJGJyAjV2hlbiBvcGVuaW5nIGZvbGRlcnMgaW4gTmV4dGNsb3VkIEZpbGVzIHRoYXQgZG9uJ3QgY29udGFpbiBhIHJlYWRtZS5tZCA0MDQgZXJyb3IgaXMgdGhyb3duCiAgIC0gZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwNCcgJiYgZXZ0Lk1ldGEuaHR0cF92ZXJiID09ICdHRVQnICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBjb250YWlucyAnL2FwcHMvZmlsZXNfdHJhc2hiaW4vcHJldmlldycgJiYgZXZ0LlBhcnNlZC5odHRwX2FyZ3MgY29udGFpbnMgJ2ZpbGVJZD0nICYmIGV2dC5QYXJzZWQuaHR0cF9hcmdzIGNvbnRhaW5zICcmZmlsZT0nICMgNDA0IGVycm9yIHRocm93biB3aGVuIHByZXZpZXcgaXMgbWlzc2luZyBmb3IgZmlsZXMgaW4gdHJhc2ggYmluCiAgIC0gZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwNCcgJiYgZXZ0Lk1ldGEuaHR0cF92ZXJiID09ICdHRVQnICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBtYXRjaGVzICdcXC9hcHBzXFwvZmlsZXNcXC9hcGlcXC92MVxcL3RodW1ibmFpbFxcLyhcXGQrKS8oXFxkKyknCg==", "description": "Whitelist events from nextcloud", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nginx-logs": { "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml", "stage": "s01-parse", "version": "1.5", "versions": { "0.1": { "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059", "deprecated": false }, "0.2": { "digest": "eae9b00d93c9e86f4b909bf0b0ce7dee821834702bc99c29213ebeca86054367", "deprecated": false }, "0.3": { "digest": "7e6aeff6e07708806ffdc92b81b290cb41da8ddf95c2a1933f59f6b36ba62ace", "deprecated": false }, "0.4": { "digest": "c1a14a662419b6edc17078467cea654082f02925961341e29fead330d11174ff", "deprecated": false }, "0.5": { "digest": "81aee3a0a3eb3f603d846ba17b7efbae49d1169a13a49099a4e16b929cc20747", "deprecated": false }, "0.6": { "digest": "1c1ac2988fce3691f5b571886921ba4d92563ba739756b9d112c58370e55a830", "deprecated": false }, "0.7": { "digest": "2e209cb2f4277ccc854254a3dc627bc3d96e9f29ccb4756129d9b0c32964515e", "deprecated": false }, "0.8": { "digest": "ea536d0d2c336ffc1720bb6d7678839f0488c1fca96614327396afd2f92ae9fc", "deprecated": false }, "0.9": { "digest": "b30a1fb8efb8148f9444587a8bfb9558fd6c28f898644fd140f7995ffa302c68", "deprecated": false }, "1.0": { "digest": "3e1f4e967e6088b83b8191c357cd5dc8ab5842200ffd47de7b5e8ddd8f2b28f7", "deprecated": false }, "1.1": { "digest": "2d3bc9c768099ff55fc8948879bf3f57c35d37f834916a490b72094d5dc8812d", "deprecated": false }, "1.2": { "digest": "e2cf65e3272cf7c269ffcb2282f6e6f9169a8acec98a97acae96d90f3f8b30dd", "deprecated": false }, "1.3": { "digest": "b76ec30d100908555f3d2085f12338b6366a6286cbf00dc5ae590cc7d8f7373f", "deprecated": false }, "1.4": { "digest": "ffd447fc906aa86bc3fa4c352d0d0829074c999d9f5257c6a20728c58a237e3a", "deprecated": false }, "1.5": { "digest": "1948e74edab6e6fa23f70675e2883b726d4e0394314dafaad2b9819762b92b34", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuClRoaXMgcGFyc2VyIHN1cHBvcnQgYWxzbyBpbmdyZXNzIG5naW54IGNvbnRyb2xsZXIgZGVmYXVsdCBbbG9nX2Zvcm1hdF0oaHR0cHM6Ly9rdWJlcm5ldGVzLmdpdGh1Yi5pby9pbmdyZXNzLW5naW54L3VzZXItZ3VpZGUvbmdpbngtY29uZmlndXJhdGlvbi9sb2ctZm9ybWF0LykKCgoqbm90ZSA6ICogSWYgeW91IGFyZSBhZ2dyZWdhdGluZyBsb2dzIGZyb20gc2V2ZXJhbCBkb21haW5zLCBwcmVmaXggeW91ciBsb2dsaW5lIHdpdGggdGhlIHRhcmdldCBGUUROLiBIVFRQIGJhc2VkIHNjZW5hcmlvcyBzaG91bGQgdGFrZSB0aGlzIGludG8gYWNjb3VudCBzbyB0aGF0IGJ1Y2tldHMgYXJlIF9wZXJfIHNvdXJjZSBJUCBwZXIgdGFyZ2V0IEZRRE4sIGxpbWl0aW5nIGZhbHNlIHBvc2l0aXZlcyBkdWUgdG8gbG9ncyBtdWx0aXBsZXhpbmcuCgo=", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG5naW54IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTkdDVVNUT01VU0VSOiAnW2EtekEtWjAtOVwuXEBcLVwrXyVdKycKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAle05HQ1VTVE9NVVNFUjpyZW1vdGVfdXNlcn0/IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtEQVRBOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtOVU1CRVI6c3RhdHVzfSAle05VTUJFUjpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSIoICV7TlVNQkVSOnJlcXVlc3RfbGVuZ3RofSAle05VTUJFUjpyZXF1ZXN0X3RpbWV9IFxbJXtEQVRBOnByb3h5X3Vwc3RyZWFtX25hbWV9XF0gXFsle0RBVEE6cHJveHlfYWx0ZXJuYXRpdmVfdXBzdHJlYW1fbmFtZX1cXSk/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogIC0gZ3JvazoKICAgICAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtOR0lOWEVSUlRJTUU6dGltZX0gXFsle0xPR0xFVkVMOmxvZ2xldmVsfVxdICV7Tk9OTkVHSU5UOnBpZH0jJXtOT05ORUdJTlQ6dGlkfTogKFwqJXtOT05ORUdJTlQ6Y2lkfSApPyV7R1JFRURZREFUQTptZXNzYWdlfSwgY2xpZW50OiAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSwgc2VydmVyOiAle0RBVEE6dGFyZ2V0X2ZxZG59LCByZXF1ZXN0OiAiJXtXT1JEOnZlcmJ9IChbXi9dKyk/JXtVUklQQVRIUEFSQU06cmVxdWVzdH0oIEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSk/IiwgaG9zdDogIiV7SVBPUkhPU1R9KDole05PTk5FR0lOVH0pPyInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWUKICAgIHBhdHRlcm5fc3ludGF4OgogICAgICBOT19ET1VCTEVfUVVPVEU6ICdbXiJdKycKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICd3YXMgbm90IGZvdW5kIGluJyIKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIFVTRVJfTk9UX0ZPVU5EOiAndXNlciAiJXtOT19ET1VCTEVfUVVPVEU6dXNlcm5hbWV9IiB3YXMgbm90IGZvdW5kIGluICIle05PX0RPVUJMRV9RVU9URX0iJwogICAgICAgIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtVU0VSX05PVF9GT1VORH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAiYXV0aF9mYWlsIgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdwYXNzd29yZCBtaXNtYXRjaCciCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBQQVNTV09SRF9NSVNNQVRDSDogJ3VzZXIgIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSI6IHBhc3N3b3JkIG1pc21hdGNoJwogICAgICAgIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAnJXtQQVNTV09SRF9NSVNNQVRDSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAiYXV0aF9mYWlsIgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdsaW1pdGluZyByZXF1ZXN0cywgZXhjZXNzJyIKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogInJlcV9saW1pdF9leGNlZWRlZCIKICAjIyBQYXJzZSBtYWxmb3JtZWQgcmVxdWVzdHMKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0lQT1JIT1NUOnJlbW90ZV9hZGRyfSAtICgle05HVVNFUjpyZW1vdGVfdXNlcn0pPyBcWyV7SFRUUERBVEU6dGltZV9sb2NhbH1cXSAiJXtEQVRBOnJlcXVlc3R9IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAgICMgdGhlc2Ugb25lcyBhcHBseSBmb3IgYm90aCBncm9rIHBhdHRlcm5zCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zdGF0dXMiCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlcXVlc3QiCiAgLSBtZXRhOiBodHRwX3ZlcmIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnZlcmIiCiAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfdXNlcl9hZ2VudCIKICAtIG1ldGE6IHRhcmdldF9mcWRuCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50YXJnZXRfZnFkbiIK", "description": "Parse nginx access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/nginx-proxy-manager-logs": { "path": "parsers/s01-parse/crowdsecurity/nginx-proxy-manager-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "d3537478fca875fdaccc3d5591ec3ce3f6fbeb5283737aca3b12d322bd8abfd7", "deprecated": false }, "0.2": { "digest": "b3c98501a460913b0d09aaf410e5651e999eba720516bb4822e69f0adea19685", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgW05naW54IFByb3h5IE1hbmFnZXJdKGh0dHBzOi8vZ2l0aHViLmNvbS9OZ2lueFByb3h5TWFuYWdlci9uZ2lueC1wcm94eS1tYW5hZ2VyKSwgc3VwcG9ydCBib3RoIFthY2Nlc3MgYW5kIGVycm9yIGxvZ3NdKGh0dHBzOi8vZ2l0aHViLmNvbS9OZ2lueFByb3h5TWFuYWdlci9uZ2lueC1wcm94eS1tYW5hZ2VyL2Jsb2IvZGV2ZWxvcC9kb2NrZXIvcm9vdGZzL2V0Yy9uZ2lueC9uZ2lueC5jb25mI0w0NikuCgo=", "content": "IwpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gc3RhcnRzV2l0aCAnbmdpbngtcHJveHktbWFuYWdlciciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L25naW54LXByb3h5LW1hbmFnZXItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE5naW54IFByb3h5IE1hbmFnZXIgYWNjZXNzIGFuZCBlcnJvciBsb2dzIgpub2RlczoKICAjIEZvciBQcm94eSBob3N0cyBsb2dzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0oICV7TlVNX09SX0RBU0g6dXBzdHJlYW1fY2FjaGVfc3RhdHVzfSAle05VTV9PUl9EQVNIOnVwc3RyZWFtX3N0YXR1c30pPyAle05VTUJFUjpzdGF0dXN9IC0gJXtXT1JEOnZlcmJ9ICV7V09SRDpzY2hlbWV9ICV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59IFwiJXtOT1REUVVPVEU6cmVxdWVzdH1cIiBcW0NsaWVudCAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfVxdIFxbTGVuZ3RoICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH1cXSBcW0d6aXAgJXtEQVRBOmd6aXBfcmF0aW99XF0oIFxbU2VudC10byAle0lQT1JIT1NUOnRhcmdldF9zZXJ2ZXJ9XF0pPyBcIiV7Tk9URFFVT1RFOmh0dHBfdXNlcl9hZ2VudH1cIiBcIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn1cIicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAgIHBhdHRlcm5fc3ludGF4OgogICAgICBOVU1fT1JfREFTSDogJy18XGQqJwogICMgRm9yIERlZmF1bHQgaG9zdCBsb2dzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAoJXtOR1VTRVI6cmVtb3RlX3VzZXJ9KT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7V09SRDp2ZXJifSAle0RBVEE6cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogIC0gZ3JvazoKICAgICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtOR0lOWEVSUlRJTUU6dGltZX0gXFsle0xPR0xFVkVMOmxvZ2xldmVsfVxdICV7Tk9OTkVHSU5UOnBpZH0jJXtOT05ORUdJTlQ6dGlkfTogKFwqJXtOT05ORUdJTlQ6Y2lkfSApPyV7R1JFRURZREFUQTptZXNzYWdlfSwgY2xpZW50OiAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSwgc2VydmVyOiAle0lQT1JIT1NUOnRhcmdldF9mcWRufSwgcmVxdWVzdDogIiV7V09SRDp2ZXJifSAle1VSSVBBVEhQQVJBTTpyZXF1ZXN0fSBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0iLCBob3N0OiAiJXtJUE9SSE9TVH0iJwogICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnd2FzIG5vdCBmb3VuZCBpbiciCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBVU0VSX05PVF9GT1VORDogJ3VzZXIgIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSIgd2FzIG5vdCBmb3VuZCBpbiAiJXtOT19ET1VCTEVfUVVPVEV9IicKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7VVNFUl9OT1RfRk9VTkR9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAncGFzc3dvcmQgbWlzbWF0Y2gnIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgUEFTU1dPUkRfTUlTTUFUQ0g6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iOiBwYXNzd29yZCBtaXNtYXRjaCcKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7UEFTU1dPUkRfTUlTTUFUQ0h9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQojIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogaHR0cF92ZXJiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC52ZXJiIgogIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCg==", "description": "Parse Nginx Proxy Manager access and error logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/odoo-logs": { "path": "parsers/s01-parse/crowdsecurity/odoo-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "a41a81ec54fd61070c0d15f954a4a6f00c63e33546f12d79c6abaf745c36fb4e", "deprecated": false } }, "long_description": "T2RvbyBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4KClJlZmVyZW5jZToKaHR0cHM6Ly93d3cub2Rvby5jb20vZG9jdW1lbnRhdGlvbi8xNS4wL2FkbWluaXN0cmF0aW9uL2luc3RhbGwvZGVwbG95Lmh0bWwjYmxvY2tpbmctYnJ1dGUtZm9yY2UtYXR0YWNrcw==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvb2Rvby1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgT2RvbyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ29kb28nIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJTlQ6UElEfSBJTkZPICV7REFUQTpkYl9uYW1lfSBvZG9vLmFkZG9ucy5iYXNlLm1vZGVscy5yZXNfdXNlcnM6IExvZ2luIGZhaWxlZCBmb3IgZGI6JXtEQVRBfSBsb2dpbjole0RBVEE6dXNlcn0gZnJvbSAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG9kb29fZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciIKICAtIG1ldGE6IGRiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kYl9uYW1lIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse Odoo logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/opnsense-gui-logs": { "path": "parsers/s01-parse/crowdsecurity/opnsense-gui-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "1a93083832b2ef50845cbf1fd056ab1b680e6f524d17892bc8f6cb72cfe87935", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIGF1dGhlbnRpY2F0aW9uIHBhcnNlcgoKQSBwYXJzZXIgZm9yIG9wbnNlbnNlIHdlYiBhdXRoZW50aWNhdGlvbiAoZmFpbGVkKSBsb2dzLgpUaG9zZSBsb2dzIGFyZSB1c3VhbGx5IHByZXNlbnQgaW4gYCAvdmFyL2xvZy9hdWRpdC9sYXRlc3QubG9nYC4KCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnYXVkaXQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLWd1aS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgT1BOU2Vuc2Ugd2ViIGF1dGggbG9ncyIKIy9pbmRleC5waHA6IFdlYiBHVUkgYXV0aGVudGljYXRpb24gZXJyb3IgZm9yICd0b3RvJyBmcm9tIDEuMi4zLjQKZ3JvazogCiAgcGF0dGVybjogIi9pbmRleC5waHA6IFdlYiBHVUkgYXV0aGVudGljYXRpb24gZXJyb3IgZm9yICcle1VTRVJOQU1FOnVzZXJuYW1lfScgZnJvbSAle0lQT1JIT1NUOnNvdXJjZV9pcH0iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvcG5zZW5zZS1ndWkKICAtIG1ldGE6IHVzZXJuYW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogb3Buc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoCg==", "description": "Parse OPNSense web auth logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/palo-alto-threat-log": { "path": "parsers/s01-parse/crowdsecurity/palo-alto-threat-log.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "7a9d62f00f202417325dcfac25efc34e5caaa78b469486977967ced0d0ec6cb1", "deprecated": false }, "0.2": { "digest": "8e2ef39c33263f3b2bdca6e6936a61de1a84a4bc7ad741626b31b9f19d2304b7", "deprecated": false }, "0.3": { "digest": "a2f3c15040301cdbbf75233c123d089be2380401de5f335b08275929a2f45974", "deprecated": false } }, "long_description": "IyMgUGFsbyBBbHRvIFRocmVhdCBMb2cgUGFyc2VyCgoKUGFyc2UgUGFsbyBBbHRvIFRocmVhdCBMb2cuCk1vcmUgaW5mb3JtYXRpb24gaW4gW1BhbG8gQWx0byBEb2N1bWVudGF0aW9uXShodHRwczovL2RvY3MucGFsb2FsdG9uZXR3b3Jrcy5jb20vcGFuLW9zLzktMS9wYW4tb3MtYWRtaW4vbW9uaXRvcmluZy91c2Utc3lzbG9nLWZvci1tb25pdG9yaW5nL3N5c2xvZy1maWVsZC1kZXNjcmlwdGlvbnMvdGhyZWF0LWxvZy1maWVsZHMp", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGFsby1hbHRvLXRocmVhdC1sb2cKZGVzY3JpcHRpb246ICJQYXJzZSBwYWxvLWFsdG8tdGhyZWF0LWxvZyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3BhbG8tYWx0by10aHJlYXQnIgpwYXR0ZXJuX3N5bnRheDoKICBQQU5fVElNRVNUQU1QOiAiJXtZRUFSfS8le01PTlRITlVNfS8le01PTlRIREFZfSAle0hPVVJ9OiV7TUlOVVRFfTole0lOVH0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle1RJTUVTVEFNUF9JU084NjAxOnN5c2xvZ190aW1lc3RhbXB9ICk/JXtTWVNMT0dIT1NUOnN5c2xvZ19ob3N0bmFtZX0gJXtEQVRBOnBhbl9yZXNlcnZlZH0sJXtEQVRBfSwle1dPUkQ6c2VyaWFsX251bWJlcn0sJXtXT1JEOmxvZ190eXBlfSwle1dPUkQ6bG9nX3N1YnR5cGV9LCV7REFUQTpwYW5fdW5rbm93bn0sJXtQQU5fVElNRVNUQU1QOmdlbmVyYXRpb25fdGltZXN0YW1wfSwle0lQOnNyY19pcH0sJXtJUDpkc3RfaXB9LCV7SVA6bmF0X3NyY19pcH0sJXtJUDpuYXRfZHN0X2lwfSwle0RBVEE6cnVsZX0sJXtEQVRBOnNyY191c2VyfSwle0RBVEE6ZHN0X3VzZXJ9LCV7REFUQTphcHB9LCV7REFUQTp2c3lzfSwle0RBVEE6c3JjX3pvbmV9LCV7REFUQTpkc3Rfem9uZX0sJXtEQVRBOmluZ3Jlc3NfaW50fSwle0RBVEE6ZWdyZXNzX2ludH0sJXtEQVRBOmxvZ19md2RfcHJvZmlsZX0sJXtEQVRBfSwle0RBVEE6c2Vzc2lvbl9pZH0sJXtEQVRBOnJlcGVhdF9jb3VudH0sJXtEQVRBOnNyY19wb3J0fSwle0RBVEE6ZHN0X3BvcnR9LCV7REFUQTpuYXRfc3JjX3BvcnR9LCV7REFUQTpuYXRfZHN0X3BvcnR9LCV7REFUQTpwYW5fbG9nX2ZsYWdzfSwle0RBVEE6aXBfcHJvdG99LCV7REFUQTphY3Rpb259LCgiJXtEQVRBOnVybF9vcl9maWxlbmFtZX0iKT8sJXtEQVRBOnRocmVhdF9pZH0sJXtEQVRBOnVybF9jYXRlZ29yeV9vcl93aWxkZmlyZV92ZXJkaWN0fSwle0RBVEE6c2V2ZXJpdHl9LCV7REFUQTpkaXJlY3Rpb259LCV7REFUQTpsb2dfc2VxX251bX0sJXtEQVRBOmZ3ZF90b19wYW5vcmFtYX0sJXtEQVRBOnNyY19jb3VudHJ5fSwle0RBVEE6ZHN0X2NvdW50cnl9LCV7REFUQTpodHRwX2NvbnRlbnRfdHlwZX0sJXtEQVRBOnBjYXBfaWR9LCV7REFUQTpmaWxlX2hhc2h9LCV7REFUQTp3aWxkZmlyZV9zZXJ2ZXJ9LCV7R1JFRURZREFUQTp1bnBhcnNlZF9kYXRhfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc3lzbG9nX3RpbWVzdGFtcAogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBwYWxvX2FsdG8KICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zcmNfaXAKICAtIG1ldGE6IHNldmVyaXR5CiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNldmVyaXR5CiAgLSBtZXRhOiB0aHJlYXRfaWQKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGhyZWF0X2lkCiAgLSBtZXRhOiBkZXN0aW5hdGlvbl9sb2NhdGlvbgogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kc3RfY291bnRyeQogIC0gbWV0YTogc291cmNlX2xvY2F0aW9uCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNyY19jb3VudHJ5CiAgLSBtZXRhOiBydWxlX25hbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucnVsZQogIC0gbWV0YTogYXBwbGljYXRpb24KICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuYXBwCiAgLSBtZXRhOiB0aHJlYXRfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aHJlYXRfaWQK", "description": "Parse palo-alto-threat-log logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pam-logs": { "path": "parsers/s01-parse/crowdsecurity/pam-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "8648ee68511e7f48834a7e4a2c850f55de13ebcf05cb97b147265290ec089384", "deprecated": false }, "0.2": { "digest": "7fc970165bfb774accdf27c4932473bd2633cc680d213ed49656e4f462fdd495", "deprecated": false } }, "long_description": "QSBtaW5pbWFsIHBhcnNlciBmb3IgcGFtLCBzdXBwb3J0cyBvbmx5IDoKIC0gYXV0aGVudGljYXRpb24gZmFpbHVyZSBtZXNzYWdlcwogLSBhY2NvdW50IGxvY2sgKHBhbV90YWxseSkK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VkbyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGFtLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwYW0gbG9ncyIKbm9kZXM6CiAgLSBncm9rOiAKICAgICAgcGF0dGVybjogJ3BhbV90YWxseTJcKHN1ZG86YXV0aFwpOiB1c2VyICV7Tk9UU1BBQ0U6dXNlcm5hbWV9IFwoJXtOVU1CRVI6dWlkfVwpIHRhbGx5IFxkLCBkZW55IFxkJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBwYW1fdXNlcl9sb2NrCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAncGFtX3VuaXhcKHN1ZG86YXV0aFwpOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyBsb2duYW1lPSV7Tk9UU1BBQ0U6bG9nbmFtZX0gdWlkPSV7TlVNQkVSOnVpZH0gZXVpZD0le05VTUJFUjpldWlkfSB0dHk9JXtOT1RTUEFDRTp0dHl9IHJ1c2VyPSV7Tk9UU1BBQ0U6cnVzZXJ9IHJob3N0PSV7R1JFRURZREFUQTpyaG9zdH0gIHVzZXI9JXtOT1RTUEFDRTp1c2VybmFtZX0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHBhbV9mYWlsZWRfYXV0aApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHBhbQogIC0gbWV0YTogdXNlcm5hbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXJuYW1lIgo=", "description": "Parse pam logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pfsense-gui-logs": { "path": "parsers/s01-parse/crowdsecurity/pfsense-gui-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "0e759d86c5244f6593c6ba58f18d59ad1fac1fe9cc2f127053f229d4851f57f4", "deprecated": false } }, "long_description": "IyMgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gcGFyc2VyCgpBIHBhcnNlciBmb3IgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gKGZhaWxlZCkgbG9ncy4KVGhvc2UgbG9ncyBhcmUgdXN1YWxseSBwcmVzZW50IGluIGAvdmFyL2xvZy9hdXRoLmxvZ2AuCgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncGhwLWZwbSciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHBmU2Vuc2Ugd2ViIGF1dGggbG9ncyIKZ3JvazogCiAgcGF0dGVybjogIi9pbmRleC5waHA6IHdlYkNvbmZpZ3VyYXRvciBhdXRoZW50aWNhdGlvbiBlcnJvciBmb3IgdXNlciAnJXtVU0VSTkFNRTp1c2VybmFtZX0nIGZyb206ICV7SVBPUkhPU1Q6c291cmNlX2lwfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHBmc2Vuc2UtZ3VpCiAgLSBtZXRhOiB1c2VybmFtZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlcm5hbWUiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHBmc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoCg==", "description": "Parse pfSense web auth logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pgsql-logs": { "path": "parsers/s01-parse/crowdsecurity/pgsql-logs.yaml", "stage": "s01-parse", "version": "0.7", "versions": { "0.1": { "digest": "180dbffa0ae9a0b7fa192d5328dfc69c8b1a0489a81604c6642a47be3fd1394d", "deprecated": false }, "0.2": { "digest": "bf228d679c51e8b47d06ee58185591b97c5be3acb4fcb0e38d36707f6452bd5d", "deprecated": false }, "0.3": { "digest": "693c053d3ff524e84e2aea4d4e29d0fc2b8151804d4672f7cbdf77d8ac48eccc", "deprecated": false }, "0.4": { "digest": "107048061794ca54bf99a080d78642a1345cc9d5554bc54bad353aec3fa313d0", "deprecated": false }, "0.5": { "digest": "70c79e6c9c679779cd61bad22760bc0ac421b6a735278d659dec3b39c85f15f2", "deprecated": false }, "0.6": { "digest": "9492516f5fce0c7a6b620efab95dc8679486bb2c5f4175012514ec09eabbf7f1", "deprecated": false }, "0.7": { "digest": "70c79e6c9c679779cd61bad22760bc0ac421b6a735278d659dec3b39c85f15f2", "deprecated": false } }, "long_description": "UG9zdGdyZVNRTCBmYWlsIGF1dGhlbnRpY2F0aW9uIHBhcnNlci4KCgoqKndhcm5pbmcqKiA6IEJ5IGRlZmF1bHQgKGF0IGxlYXN0IG9uIGRlYmlhbiB3aXRoIHBnc3FsIDEyKSwgcG9zdGdyZVNRTCBsb2dzIGRvIG5vdCBjb250YWluIHRoZSBzb3VyY2UgSVAsIGFuZCBgbG9nX2xpbmVfcHJlZml4YCBuZWVkcyB0byBiZSBlZGl0ZWQgdG8gY29udGFpbiBgJWhgICh0aGUgcmVtb3RlIGhvc3QpLiBUaGlzIHBhcnNlciBhc3N1bWVzIHRoZSBgbG9nX2xpbmVfcHJlZml4YCBpcyAgYCVtIFslcF0gJWglcSAldUAlZCBgIChpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IGAlbSBbJXBdICVxJXVAJWQgYCkKClBsZWFzZSBub3RlIHRoYXQgdGhlIHBhcnNlciBpZ25vcmVzIHRoZSB0aW1lem9uZSB3cml0dGVuIGJ5IHBvc3RncmVzLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGdzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFBnU1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGdyZXMnIgpub2RlczoKICAtIGdyb2s6CiAgICAjcGdzcWwgMTIKICAgICAgcGF0dGVybjogJyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9IFxbJXtJTlQ6UElEfVxdICV7SVA6c291cmNlX2lwfSAle1VTRVJOQU1FOnBnc3FsX3VzZXJ9QCV7R1JFRURZREFUQTpwZ3NxbF9kYm5hbWV9IEZBVEFMOiAgJXtXT1JEOmF1dGhfbWV0aG9kfSBhdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgIiV7VVNFUk5BTUU6cGdzcWxfdGFyZ2V0X3VzZXJ9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAjYXdzIGF1cm9yYQogICAgIyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9OiV7SVA6c291cmNlX2lwfVwoJXtJTlQ6c291cmNlX3BvcnR9XCk6JXtVU0VSTkFNRTpwZ3NxbF91c2VyfUAle0dSRUVEWURBVEE6cGdzcWxfZGJuYW1lfTpcWyV7SU5UOnBpZH1cXTpGQVRBTDogcGFzc3dvcmQgYXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyICIle1VTRVJOQU1FOnBnc3FsX3RhcmdldF91c2VyfSIKICAgICAgcGF0dGVybjogJyV7REFURVNUQU1QOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9OiV7SVA6c291cmNlX2lwfVwoJXtJTlQ6c291cmNlX3BvcnR9XCk6JXtVU0VSTkFNRTpwZ3NxbF91c2VyfUAle0dSRUVEWURBVEE6cGdzcWxfZGJuYW1lfTpcWyV7SU5UOnBpZH1cXTpGQVRBTDogICV7V09SRDphdXRoX21ldGhvZH0gYXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyICIle1VTRVJOQU1FOnBnc3FsX3RhcmdldF91c2VyfSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHBnc3FsX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiBhdXRoX21ldGhvZAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYXV0aF9tZXRob2QiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnBnc3FsX3RhcmdldF91c2VyIgogIC0gbWV0YTogZGIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnBnc3FsX2RibmFtZSIKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1w", "description": "Parse PgSQL logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/pkexec-logs": { "path": "parsers/s01-parse/crowdsecurity/pkexec-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "3b8e30530f69f776d327b5710653a496245949ca6dde84d16357f433b7303a25", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3BrZXhlYyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGtleGVjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwa2V4ZWMgbG9ncyBzcGVjaWZpY2FsbHkgZm9yIENWRS0yMDIxLTQwMzQiCnBhdHRlcm5fc3ludGF4OgogIFBXTktJVF9YUEw6ICcle0RBVEE6dXNlcn06IFRoZSB2YWx1ZSBmb3IgdGhlIFNIRUxMIHZhcmlhYmxlIHdhcyBub3QgZm91bmQgdGhlIC9ldGMvc2hlbGxzIGZpbGUnCmdyb2s6CiAgbmFtZTogIlBXTktJVF9YUEwiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogQ1ZFLTIwMjEtNDAzNC14cGwKICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIgo=", "description": "Parse pkexec logs specifically for CVE-2021-4034", "author": "crowdsecurity", "labels": null }, "crowdsecurity/postfix-logs": { "path": "parsers/s01-parse/crowdsecurity/postfix-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "da6b8ecae70e951905697c92fc0c198c2148041bf96e33658d485818c37d7414", "deprecated": false }, "0.2": { "digest": "7338524c5cd363792ee2b8edd488ee6e855b925e073ad659ae2c1b9fb1f4afdf", "deprecated": false }, "0.3": { "digest": "22d3fd0f7d3ca3ea1899df909c5748ed8781b58d243e8d54217ce268874072e1", "deprecated": false }, "0.4": { "digest": "1b30aa19109f2f95ac96afa38e83d5abea3ace8b310773cf936e7191241a01df", "deprecated": false }, "0.5": { "digest": "dc61094384986837e4096f8490a4ba692624a4515540f17c8cf030afed470fb7", "deprecated": false }, "0.6": { "digest": "3bfd0f21a91cdee11ef4c03ae617fcd5b43967dcfc5f13592be637a4c8bf2b1f", "deprecated": false } }, "content": "IyBDb3B5cmlnaHQgKGMpIDIwMTQsIDIwMTUsIFJ1ZHkgR2V2YWVydAojIENvcHlyaWdodCAoYykgMjAyMCBDcm93ZHNlYwoKIyBQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkLCBmcmVlIG9mIGNoYXJnZSwgdG8gYW55IHBlcnNvbiBvYnRhaW5pbmcKIyBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1bWVudGF0aW9uIGZpbGVzICh0aGUKIyAiU29mdHdhcmUiKSwgdG8gZGVhbCBpbiB0aGUgU29mdHdhcmUgd2l0aG91dCByZXN0cmljdGlvbiwgaW5jbHVkaW5nCiMgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHMgdG8gdXNlLCBjb3B5LCBtb2RpZnksIG1lcmdlLCBwdWJsaXNoLAojIGRpc3RyaWJ1dGUsIHN1YmxpY2Vuc2UsIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0bwojIHBlcm1pdCBwZXJzb25zIHRvIHdob20gdGhlIFNvZnR3YXJlIGlzIGZ1cm5pc2hlZCB0byBkbyBzbywgc3ViamVjdCB0bwojIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczoKCiMgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMgcGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUKIyBpbmNsdWRlZCBpbiBhbGwgY29waWVzIG9yIHN1YnN0YW50aWFsIHBvcnRpb25zIG9mIHRoZSBTb2Z0d2FyZS4KCiMgVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEICJBUyBJUyIsIFdJVEhPVVQgV0FSUkFOVFkgT0YgQU5ZIEtJTkQsCiMgRVhQUkVTUyBPUiBJTVBMSUVELCBJTkNMVURJTkcgQlVUIE5PVCBMSU1JVEVEIFRPIFRIRSBXQVJSQU5USUVTIE9GCiMgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQKIyBOT05JTkZSSU5HRU1FTlQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1JTIE9SIENPUFlSSUdIVCBIT0xERVJTIEJFCiMgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVIgTElBQklMSVRZLCBXSEVUSEVSIElOIEFOIEFDVElPTgojIE9GIENPTlRSQUNULCBUT1JUIE9SIE9USEVSV0lTRSwgQVJJU0lORyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTgojIFdJVEggVEhFIFNPRlRXQVJFIE9SIFRIRSBVU0UgT1IgT1RIRVIgREVBTElOR1MgSU4gVEhFIFNPRlRXQVJFLgoKIyBTb21lIG9mIHRoZSBncm9rcyB1c2VkIGhlcmUgYXJlIGZyb20gaHR0cHM6Ly9naXRodWIuY29tL3JnZXZhZXJ0L2dyb2stcGF0dGVybnMvYmxvYi9tYXN0ZXIvZ3Jvay5kL3Bvc3RmaXhfcGF0dGVybnMKb25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBlbmRzV2l0aCAnL3NtdHBkJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVEZJWF9IT1NUTkFNRTogJygle0hPU1ROQU1FfXx1bmtub3duKScKICBQT1NURklYX0NPTU1BTkQ6ICcoQVVUSHxTVEFSVFRMU3xDT05ORUNUfEVITE98SEVMT3xSQ1BUKScKICBQT1NURklYX0FDVElPTjogJ2Rpc2NhcmR8ZHVubm98ZmlsdGVyfGhvbGR8aWdub3JlfGluZm98cHJlcGVuZHxyZWRpcmVjdHxyZXBsYWNlfHJlamVjdHx3YXJuJwogIFJFTEFZOiAnKD86JXtIT1NUTkFNRTpyZW1vdGVfaG9zdH0oPzpcWyV7SVA6cmVtb3RlX2FkZHJ9XF0oPzo6WzAtOV0rKC5bMC05XSspPyk/KT8pJwpkZXNjcmlwdGlvbjogIlBhcnNlIHBvc3RmaXggbG9ncyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBwYXR0ZXJuOiAnbG9zdCBjb25uZWN0aW9uIGFmdGVyICV7REFUQTpzbXRwX3Jlc3BvbnNlfSBmcm9tICV7UkVMQVl9JwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGVfZW5oCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgLSBncm9rOgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBwYXR0ZXJuOiAnd2FybmluZzogJXtQT1NURklYX0hPU1ROQU1FOnJlbW90ZV9ob3N0fVxbJXtJUDpyZW1vdGVfYWRkcn1cXTogU0FTTCAoKD9pKUxPR0lOfFBMQUlOfCg/OkNSQU18RElHRVNUKS1NRDUpIGF1dGhlbnRpY2F0aW9uIGZhaWxlZDole0dSRUVEWURBVEE6bWVzc2FnZV9mYWlsdXJlfScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlX2VuaAogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ05PUVVFVUU6ICV7UE9TVEZJWF9BQ1RJT046YWN0aW9ufTogJXtEQVRBOmNvbW1hbmR9IGZyb20gJXtSRUxBWX06ICV7R1JFRURZREFUQTpyZWFzb259JwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogYWN0aW9uCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5hY3Rpb24iICAgICAgICAKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogcG9zdGZpeAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgICAtIG1ldGE6IHNvdXJjZV9ob3N0bmFtZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfaG9zdCIKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHBvc3RmaXgKCg==", "description": "Parse postfix logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/postscreen-logs": { "path": "parsers/s01-parse/crowdsecurity/postscreen-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "5ee035d47824573e19f9a1d378d8882cf3efa72f6443e2243f915d6b38b4b957", "deprecated": false }, "0.2": { "digest": "4a738f39e310daafeabf599f9bdbee013178aae5a1ca9da4f4985ae1626a0e21", "deprecated": false }, "0.3": { "digest": "9ce070163edf33d430b5332f196a75fb39871507cd97a5942177af163ad58e98", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBpbiBbJ3Bvc3RmaXgvcG9zdHNjcmVlbicsICdoYXByb3h5L3Bvc3RzY3JlZW4nXSIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0c2NyZWVuLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVFNDUkVFTl9QUkVHUkVFVDogJ1BSRUdSRUVUJwogIFBPU1RTQ1JFRU5fUFJFR1JFRVRfVElNRV9BVFRFTVBUOiAnXGQrKC5cZCspPycKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0c2NyZWVuIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJyV7UE9TVFNDUkVFTl9QUkVHUkVFVDpwcmVncmVldH0gJXtJTlQ6Y291bnR9IGFmdGVyICV7UE9TVFNDUkVFTl9QUkVHUkVFVF9USU1FX0FUVEVNUFQ6dGltZV9hdHRlbXB0fSBmcm9tIFxbJXtJUDpyZW1vdGVfYWRkcn1cXTole0lOVDpwb3J0fTogJXtHUkVFRFlEQVRBOm1lc3NhZ2VfYXR0ZW1wdH0nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RzY3JlZW4KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBwcmVncmVldAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5wcmVncmVldCIKCgo=", "description": "Parse postscreen logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/proftpd-logs": { "path": "parsers/s01-parse/crowdsecurity/proftpd-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "f00e26a5fd74f57bab31f930d23cca9c2ede7cc480cb34c7a6aef5a87baf0ca0", "deprecated": false }, "0.2": { "digest": "9921d4752e7337533472031d1495f9c4e4f870a558ea48f303e95e96a31f7f13", "deprecated": false }, "0.3": { "digest": "7121c527184caecbc3ca675ba5bc1c7e2029b6f4c625dcbff6c294a22c3d3274", "deprecated": false } }, "long_description": "RlRQIChbUHJvRlRQRF0oaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvUHJvRlRQRCkpIHdpbGwgbW9zdGx5IHBhcnNlIGF1dGhlbnRpY2F0aW9uIGZhaWwu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHByb2Z0cGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHByb2Z0cGQgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdwcm9mdHBkJyIKI3dlIHNob3VsZCB1c2UgdGhlIHNhbWUgcGF0dGVybiBmb3IgIm5vcm1hbCIgYW5kIHBsZXNrIGxvZ3MsIGJ1dCBkdWUgdG8gYW4gaXNzdWUgaW4gZ3Jva2t5IGhhbmRsaW5nICgpLCB3ZSBjYW5ub3QgOigKcGF0dGVybl9zeW50YXg6CiAgUFJPRlRQRF9BVVRIX0ZBSUw6ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJUE9SSE9TVDpob3N0bmFtZX0gcHJvZnRwZFxbJXtEQVRBfVxdICV7SVBPUkhPU1Q6aG9zdG5hbWV9IFwoJXtJUE9SSE9TVH1cWyV7SVA6c291cmNlX2lwfVxdXCk6IFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0gXChMb2dpbiBmYWlsZWRcKTogSW5jb3JyZWN0IHBhc3N3b3JkJwogIFBST0ZUUERfQkFEX1VTRVI6ICcle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtJUE9SSE9TVDpob3N0bmFtZX0gcHJvZnRwZFxbJXtEQVRBfVxdICV7SVBPUkhPU1Q6aG9zdG5hbWV9IFwoJXtJUE9SSE9TVH1cWyV7SVA6c291cmNlX2lwfVxdXCk6IFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0oIFwoTG9naW4gZmFpbGVkXCkpPzogKG58TilvIHN1Y2ggdXNlciBmb3VuZCggZnJvbSAle0lQT1JIT1NUfSBcWyV7SVBPUkhPU1R9XF0gdG8gJXtJUE9SSE9TVH06JXtEQVRBOnBvcnR9KT8nCiAgUFJPRlRQRF9BVVRIX0ZBSUxfUExFU0s6ICcle1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9ICV7SVBPUkhPU1Q6aG9zdG5hbWV9IHByb2Z0cGRcWyV7REFUQX1cXTogJXtJUE9SSE9TVDpob3N0bmFtZX0gXCgle0lQT1JIT1NUfVxbJXtJUDpzb3VyY2VfaXB9XF1cKSAtIFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0gXChMb2dpbiBmYWlsZWRcKTogSW5jb3JyZWN0IHBhc3N3b3JkJwogIFBST0ZUUERfQkFEX1VTRVJfUExFU0s6ICcle1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9ICV7SVBPUkhPU1Q6aG9zdG5hbWV9IHByb2Z0cGRcWyV7REFUQX1cXTogJXtJUE9SSE9TVDpob3N0bmFtZX0gXCgle0lQT1JIT1NUfVxbJXtJUDpzb3VyY2VfaXB9XF1cKSAtIFVTRVIgJXtVU0VSTkFNRTp1c2VybmFtZX0oIFwoTG9naW4gZmFpbGVkXCkpPzogKG58TilvIHN1Y2ggdXNlciBmb3VuZCggZnJvbSAle0lQT1JIT1NUfSBcWyV7SVBPUkhPU1R9XF0gdG8gJXtJUE9SSE9TVH06JXtEQVRBOnBvcnR9KT8nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7UFJPRlRQRF9BVVRIX0ZBSUx9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7UFJPRlRQRF9CQURfVVNFUn0iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtQUk9GVFBEX0FVVEhfRkFJTF9QTEVTS30iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtQUk9GVFBEX0JBRF9VU0VSX1BMRVNLfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcCA=", "description": "Parse proftpd logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/segfault-logs": { "path": "parsers/s01-parse/crowdsecurity/segfault-logs.yaml", "stage": "s01-parse", "version": "0.4", "versions": { "0.1": { "digest": "9079d38e296e0b574a5cb2fe1fee614c08114912daefa569b2dc0648d8d8e8b8", "deprecated": false }, "0.2": { "digest": "4473cedee88009d1a660c9695e9a128f3c2692020ea3cb1dd74b85422074ae31", "deprecated": false }, "0.3": { "digest": "4ac2695dcfbbd1bfa1402b95a642b2868ab61900714e7a17c2fb5f0235a3777b", "deprecated": false }, "0.4": { "digest": "b5c3c870a15370b249b443fb75c68f4efe894c92a86c4eaca39ee3ce993fd972", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnc2VnZmF1bHQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NlZ2ZhdWx0LWxvZ3MKbm9kZXM6Ci0gZ3JvazoKICAgIHBhdHRlcm46ICcoXFsle0RBVEF9XF0gKT8le0RBVEE6YmluYXJ5fVxbJXtJTlQ6cGlkfVxdOiBzZWdmYXVsdCBhdCAle0RBVEE6YWRkcn0gaXAgJXtEQVRBOnJpcH0gc3AgJXtEQVRBOnNwfSBlcnJvciAle0lOVDplcnJfbnVtfSBpbiAle0RBVEE6bGlicmFyeX1cWyV7REFUQTpsaWJyYXJ5X29mZnNldH1cXSggJXtEQVRBfSk/JwogICAgYXBwbHlfb246IG1lc3NhZ2UKZGVzY3JpcHRpb246ICJQYXJzZXMgc2VnZmF1bHQga2VybmVsIHNpZGUiCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGtlcm5lbAogIC0gbWV0YTogc3ViX2xvZ190eXBlCiAgICB2YWx1ZTogc2VnZmF1bHQKICAtIG1ldGE6IGxpYnJhcnkKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQubGlicmFyeQogIC0gbWV0YTogZXJybnVtCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmVycm51bQogIC0gbWV0YTogYmluYXJ5CiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmJpbmFyeQo=", "description": "Parses segfault kernel side", "author": "crowdsecurity", "labels": null }, "crowdsecurity/smb-logs": { "path": "parsers/s01-parse/crowdsecurity/smb-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "a68bdf79455bda0a84ffaa109752b682266ea0e050d04c260a965a0dbac0fb27", "deprecated": false }, "0.2": { "digest": "d2b661f9ef78d245d6fb08ad02689b244ffa2edf9d89c7f4b9bfddc9a04d0a7b", "deprecated": false } }, "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NtYicKZGVzY3JpcHRpb246ICJQYXJzZSBTTUIgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgU01CX0JBRF9QQVNTV09SRDogIkF1dGg6JXtHUkVFRFlEQVRBfSB1c2VyIFxcWyV7REFUQTpzbWJfZG9tYWlufVxcXVxcXFxcXFsle0RBVEE6dXNlcn1cXF0le0dSRUVEWURBVEF9IHN0YXR1cyBcXFtOVF9TVEFUVVNfV1JPTkdfUEFTU1dPUkRcXF0le0dSRUVEWURBVEF9IHJlbW90ZSBob3N0IFxcW2lwdjQ6JXtJUDppcF9zb3VyY2V9Igpub2RlczoKIC0gZ3JvazoKICAgIG5hbWU6ICJTTUJfQVVUSF9GQUlMIgogICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBzbWJfYmFkX3VzZXIKIC0gZ3JvazoKICAgIG5hbWU6ICJTTUJfQkFEX1BBU1NXT1JEIgogICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBzbWJfYmFkX3Bhc3N3b3JkCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHNtYl9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5pcF9zb3VyY2UiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIg==", "description": "Parse SMB logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/sshd-logs": { "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml", "stage": "s01-parse", "version": "2.3", "versions": { "0.1": { "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93", "deprecated": false }, "0.2": { "digest": "6251a150d0d0dfe5b3942fd700c4e7b631393a2a4f1d949137ddba0b75d2dc6d", "deprecated": false }, "0.3": { "digest": "b57b59915825de330b1c0ecf19961fbc033f7784e4670a09f739d84839e2bc81", "deprecated": false }, "0.4": { "digest": "a8a89934a9524f43b9b51d1e62fd67af1834f9c7dfa1c36bc2bfdf9158d5966e", "deprecated": false }, "0.5": { "digest": "18525728a1985eeac9107bc0fc2583622bf597dd256230689f3e788e992e0410", "deprecated": false }, "0.6": { "digest": "5294aa1660260d1bd11520e80dc6f578208679e36456c10f143b3eb28d209fd4", "deprecated": false }, "0.7": { "digest": "ad96d89f89e69fe3b9a0c70b7d643d4965cb893f719722d09957c38e89c31a8d", "deprecated": false }, "0.8": { "digest": "de14c443378bf69c5c44533bb5d19f32c8b099c7365ac35c35f4c873c22103a3", "deprecated": false }, "0.9": { "digest": "b728744d1244fe26d5445ea1e0460014538ea1cba0c8bd6b6ebcaf46d3b9b765", "deprecated": false }, "1.0": { "digest": "5603517aa38c9a1deacc993e34ab4adc4047133e51a804ba7cfa782bd973e821", "deprecated": false }, "1.1": { "digest": "bbf71af714985e63a01fa70b0d9485e74dfedf77100750523fabce59e8b6b5eb", "deprecated": false }, "1.2": { "digest": "63cca80e6f4a02bde8ecb2877c3361c78410643dd66e1059e4ddf7f400fdf916", "deprecated": false }, "1.3": { "digest": "36fa6247f3739ed4127e4fdae8a60c314e892a5106cb1b37181ad4fc1e054751", "deprecated": false }, "1.4": { "digest": "2bed97f303d5df2bf1852864d5265281cd1d73db39a2679b9e94bb6e5542e348", "deprecated": false }, "1.5": { "digest": "dd39640ed9ac34409d45261d343c88adbd5a4ee3c8f81c1a7dac77a23539e41e", "deprecated": false }, "1.6": { "digest": "31dadf77665bee1d89ea9d407bd58ad6911753c8a642794277cffd6adf46bbf7", "deprecated": false }, "1.7": { "digest": "162dd1da5beb8e52d093dc6b3a417ac2c80004b5b4576bbed9b590896fca3f15", "deprecated": false }, "1.8": { "digest": "95d30ef78866c26d2c6235fcd302eb50a67a84fcea031742aed4a5afd4d2b942", "deprecated": false }, "1.9": { "digest": "251f05b5398ce5958e6686c392804112b90ffb2b9d5f717052639471983e20d3", "deprecated": false }, "2.0": { "digest": "85cc308adad1051bca9575f4adbda27a0f176bf3d3ffc8893e3657ad2a38bfd2", "deprecated": false }, "2.1": { "digest": "5e7744b19993458adcca52ad039e8b0f64073c1c2f8bc6320f445c21daa79007", "deprecated": false }, "2.2": { "digest": "509cfb3fecfc6922de0d09eb54c8c63b773678d7ff543ef0e3590ea5a8b3dc2e", "deprecated": false }, "2.3": { "digest": "a58765b08b7df52bfd07f3efba65f2b54b984181e0edacabc7cffc20c90de733", "deprecated": false } }, "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiAoY2xvc2VkfHJlc2V0KSBieSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogICNmb2xsb3dpbmc6IGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy8xMjAxIC0gc29tZSBzY2FubmVycyBiZWhhdmUgZGlmZmVyZW50bHkgYW5kIHRyaWdnZXIgdGhpcyBvbmUKICBTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQ6ICdEaXNjb25uZWN0ZWQgZnJvbSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogIFNTSERfQkFEX0tFWV9ORUdPVElBVElPTjogJ1VuYWJsZSB0byBuZWdvdGlhdGUgd2l0aCAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrOiBubyBtYXRjaGluZyAoaG9zdCBrZXkgdHlwZXxrZXkgZXhjaGFuZ2UgbWV0aG9kfE1BQykgZm91bmQuJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSX0FMVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRElTQ19QUkVBVVRIIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQkFEX1ZFUlNJT04iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9JTlZBTElEX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9CQU5ORVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogZXh0cmFfbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2Jhbm5lcgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfVVNFUl9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazogCiAgICAgIG5hbWU6ICJTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfS0VZX05FR09USUFUSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2tleWV4Y2hhbmdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9jbGllbnRfaXAiCg==", "description": "Parse openSSH logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/sshd-success-logs": { "path": "parsers/s01-parse/crowdsecurity/sshd-success-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "978219d419633422469bdeb10500a58f05260d34039243d47306db038910f141", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHNzaCBzdWNjZXNzIGxvZ3MuIEl0IHdpbGwgcGFyc2UgcGFzc3dvcmQgYW5kIHB1YmxpYyBrZXkgYXV0aGVudGljYXRpb24uIEl0IHdpbGwgYWxzbyBwYXJzZSB0aGUgdXNlcm5hbWUgYW5kIHRoZSBzb3VyY2UgSVAgYWRkcmVzcy4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtc3VjY2Vzcy1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugc3VjY2Vzc2Z1bCBzc2ggbG9naW5zIgpwYXR0ZXJuX3N5bnRheDoKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIkFjY2VwdGVkIChwdWJsaWNrZXl8cGFzc3dvcmQpIGZvciAle1VTRVJOQU1FOnNzaGRfYXV0aF91c2VyfSBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCAle05VTUJFUjpzc2hkX2NsaWVudF9wb3J0fSBzc2gyJXtHUkVFRFlEQVRBOnNzaGRfdHJhaWx9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBzc2gKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfY2xpZW50X2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfYXV0aF91c2VyIgogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogYXV0aF9zdWNjZXNzCg==", "description": "Parse successful ssh logins", "author": "crowdsecurity", "labels": null }, "crowdsecurity/supabase-docker-pgsql": { "path": "parsers/s01-parse/crowdsecurity/supabase-docker-pgsql.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "52ae47f8f6899c97700f7cc1049cd34077bd6e3ecfcd2c0667f8107ef7432892", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBwb3N0Z3JlcyBmbGF2b3IgcHJvdmlkZWQgYnkgc3VwYWJhc2UgZG9ja2VyIGNvbXBvc2UgZGVwbG95bWVudC4g", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VwYWJhc2UtZG9ja2VyLXBnc3FsCmRlc2NyaXB0aW9uOiAiUGFyc2UgUGdTUUwgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdwb3N0Z3JlcyciCm5vZGVzOgogIC0gZ3JvazoKICAgICNzdXBhYmFzZSBkb2NrZXIgY29tcG9zZSBwb3N0Z3JlcyBwYXNzd29yZCBhdXRoIGZhaWwKICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6c291cmNlX2lwfSAle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0gJXtXT1JEOnpvbmV9IFxbJXtJTlQ6UElEfVxdICV7VVNFUk5BTUU6cGdzcWxfdXNlcn1AJXtHUkVFRFlEQVRBOnBnc3FsX2RibmFtZX0gRkFUQUw6ICAle1dPUkQ6YXV0aF9tZXRob2R9IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCBmb3IgdXNlciAiJXtVU0VSTkFNRTpwZ3NxbF90YXJnZXRfdXNlcn0iJwogICAgICBhcHBseV9vbjogbWVzc2FnZQoKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogcGdzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IGF1dGhfbWV0aG9kCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5hdXRoX21ldGhvZCIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucGdzcWxfdGFyZ2V0X3VzZXIiCiAgLSBtZXRhOiBkYgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucGdzcWxfZGJuYW1lIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", "description": "Parse PgSQL logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/suricata-logs": { "path": "parsers/s01-parse/crowdsecurity/suricata-logs.yaml", "stage": "s01-parse", "version": "0.6", "versions": { "0.1": { "digest": "8d2c360a278360d24fd5882646c89cea866ba21db80f1b02732b53f57469ee73", "deprecated": false }, "0.2": { "digest": "6b768c66d6d2fb86d7707bac122e819300fbf8a635f466af8f9eda373741b38d", "deprecated": false }, "0.3": { "digest": "8ef8604a888c2242252759267ea353f3b0f00a5bf927ad0d740a177fd6e3b4ce", "deprecated": false }, "0.4": { "digest": "245dc731e0b563f998c2b5815a70330a3648158c0dfd8f2de26d945518cfee44", "deprecated": false }, "0.5": { "digest": "c52782b7b3b37eec48359f37420555be73334dc5fc535cbf55b96e8a7d175506", "deprecated": false }, "0.6": { "digest": "b3a55203e30b26f2cc1765278545389d79551838bc28643cf21a3150fc2efed6", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgbG9ncyBwYXJzZXIKClRoaXMgcGFyc2VyIHN1cHBvcnRzIGJvdGggZm9ybWF0cyA6CiAtIHRoZSBKU09OIGBldmUuanNvbmAgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZXZlbG9nc2ApCiAtIHRoZSB0ZXh0IGBmYXN0LmxvZ2AgZm9ybWF0IChgdHlwZTogc3VyaWNhdGEtZmFzdGxvZ3NgKQoKVGhlIHBhcnNlciBvbmx5IHBhcnNlcyBsb2dzIHRoYXQgYXJlIGBhbGVydHNgLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3VyaWNhdGEtZmFzdGxvZ3MnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWZhc3Rsb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugc3VyaWNhdGEgZmFzdC5sb2ciCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX01BUktFUjogJ1xbXCpcKlxdJwogIFNVUklDQVRBX0RBVEU6ICcle0RBVEVfVVM6ZGF0ZX0tJXtUSU1FOnRpbWV9JwogIFNVUklDQVRBX1JVTEVfSUQ6ICdcWyV7TlVNQkVSOnN1cmljYXRhX3J1bGVfc2V2ZXJpdHl9OiV7TlVNQkVSOnJ1bGVfaWR9OiV7TlVNQkVSOnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9yZXZ9XF0nCmdyb2s6IAogIHBhdHRlcm46ICcle1NVUklDQVRBX0RBVEV9ICAle1NVUklDQVRBX01BUktFUn0gJXtTVVJJQ0FUQV9SVUxFX0lEfSAle0RBVEE6c3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlfSAle1NVUklDQVRBX01BUktFUn0gXFtDbGFzc2lmaWNhdGlvbjogJXtEQVRBOnN1cmljYXRhX2NsYXNzaWZpY2F0aW9ufVxdIFxbUHJpb3JpdHk6ICV7TlVNQkVSOnN1cmljYXRhX3ByaW9yaXR5fVxdIFx7JXtEQVRBOnByb3RvfVx9ICV7SVA6c291cmNlX2lwfTole05VTUJFUjpzb3VyY2VfcG9ydH0gXC0+ICV7SVA6ZGVzdF9pcH06JXtOVU1CRVI6ZGVzdF9wb3J0fScKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHN1cmljYXRhCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHN1cmljYXRhX2FsZXJ0CiAgLSBtZXRhOiBzdWJfbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydF9mYXN0X2xvZwogICAgICAjd2UgYnVpbGQgYmFjayBSRkMzMzM5IGZvcm1hdAogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnN1cmljYXRhX3RpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlICsgJyAnICsgZXZ0LlBhcnNlZC50aW1lCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUKICAtIG1ldGE6IHN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9pZAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5ydWxlX2lkCiAgLSBtZXRhOiBzdXJpY2F0YV9ydWxlX3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6IHwKICBldnQuUGFyc2VkLnByb2dyYW0gPT0gInN1cmljYXRhLWV2ZWxvZ3MiICYmIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50X3R5cGUiKSA9PSAiYWxlcnQiCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3VyaWNhdGEtZXZlbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHN1cmljYXRhIGV2ZS5qc29uIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIFNVUklDQVRBX0VWRV9UUzogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZX0nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7U1VSSUNBVEFfRVZFX1RTOnRpbWV9KFwtfFwrKSV7SU5UfScKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZXN0YW1wIikKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzdXJpY2F0YQogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzdXJpY2F0YV9hbGVydAogIC0gbWV0YTogc3ViX2xvZ190eXBlCiAgICB2YWx1ZTogc3VyaWNhdGFfYWxlcnRfZXZlX2pzb24KICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZSArICdaJwogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9mbG93X2lkCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJmbG93X2lkIikKICAtIHRhcmdldDogZXZ0Lk1ldGEuc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJzcmNfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfaXAKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImRlc3RfaXAiKQogIC0gdGFyZ2V0OiBldnQuUGFyc2VkLmRlc3RfcG9ydAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZGVzdF9wb3J0IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5wcm90bwogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicHJvdG8iKQogIC0gdGFyZ2V0OiBldnQuTWV0YS5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmVfaWQKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZV9pZCIpCiAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQuc3VyaWNhdGFfYWxlcnRfc2lnbmF0dXJlX3JldgogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYWxlcnQucmV2IikKICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdXJpY2F0YV9hbGVydF9zaWduYXR1cmUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNpZ25hdHVyZSIpCiAgLSB0YXJnZXQ6IGV2dC5NZXRhLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImFsZXJ0LnNldmVyaXR5IikKCgo=", "description": "Parse suricata fast.log", "author": "crowdsecurity", "labels": null }, "crowdsecurity/synology-dsm-logs": { "path": "parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "d3ef07ad8fc314f8617c2e4dc852da0c887e6c9a9cd68dc8bafbd5e66673400b", "deprecated": false }, "0.2": { "digest": "8815fe3b21d0001fb2d42843e1d239e7cc6a763153162236c3c4155aef26a190", "deprecated": false }, "0.3": { "digest": "a50a8b51fe5e43d62e7ccdf88306790e94f824b5474a78ad2c5ce4ae8c1b0d1d", "deprecated": false } }, "long_description": "IyMgU3lub2xvZ3kgRFNNIHdlYiBhdXRoZW50aWNhdGlvbiBwYXJzZXIKCkEgcGFyc2VyIGZvciBTeW5vbG9neSBEU00gd2ViIGF1dGhlbnRpY2F0aW9uIChmYWlsZWQpIGxvZ3MuClRob3NlIGxvZ3MgYXJlIHVzdWFsbHkgcHJlc2VudCBpbiBgL3Zhci9sb2cvYXV0aC5sb2dgLgoK", "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBtYXRjaGVzICdzeW5vc2NnaV9TWU5PLkFQSS5BdXRoX1sxLTldKFswLTldKT9fbG9naW4nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N5bm9sb2d5LWRzbS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgU3lub2xvZ3kgRFNNIHdlYiBhdXRoIGxvZ3MiCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmb3JtYXQ6IDIuMApwYXR0ZXJuX3N5bnRheDoKICBUSU1FU1RBTVA6ICcle1lFQVJ9LSV7TU9OVEhOVU19LSV7TU9OVEhEQVl9VCV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSsle0lTTzg2MDFfVElNRVpPTkV9JwojIFRoZSBJUCBncm9rIHBhdHRlcm4gdGhhdCBzaGlwcyB3aXRoIGNyb3dkc2VjIGlzIGJ1Z2d5IGFuZCBkb2VzIG5vdCBjYXB0dXJlIHRoZSBsYXN0IGRpZ2l0IG9mIGFuIElQIGlmIGl0IGlzIHRoZSBsYXN0IHRoaW5nIGl0IG1hdGNoZXMsIGFuZCB0aGUgbGFzdCBvY3RldCBzdGFydHMgd2l0aCBhIDIKIyBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvOTM4CiAgSVB2NF9XT1JLQVJPVU5EOiAnKD86KD86MjVbMC01XXwyWzAtNF1bMC05XXxbMDFdP1swLTldWzAtOV0/KVwuKXszfSg/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPyknCiAgSVBfV09SS0FST1VORDogJyg/OiV7SVBWNn18JXtJUHY0X1dPUktBUk9VTkR9KScKICBBVVRIX0xPR19GQUlMOiAncGFtX3VuaXhcKHdlYnVpOmF1dGhcKTogYXV0aGVudGljYXRpb24gZmFpbHVyZTsgbG9nbmFtZT0gdWlkPTAgZXVpZD0wIHR0eT0gcnVzZXI9IHJob3N0PSV7SVBfV09SS0FST1VORDpzcmNfaXB9Jwpncm9rOgogIHBhdHRlcm46ICIle0FVVEhfTE9HX0ZBSUx9IgogIGFwcGx5X29uOiBtZXNzYWdlCiAgc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHN5bm9sb2d5LWRzbV9mYWlsZWRfYXV0aApzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzeW5vbG9neS1kc21fZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzeW5vbG9neS1kc20KICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3JjX2lwIgo=", "description": "Parse Synology DSM web auth logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/syslog-logs": { "path": "parsers/s00-raw/crowdsecurity/syslog-logs.yaml", "stage": "s00-raw", "version": "0.8", "versions": { "0.1": { "digest": "44e8cfbf528dcd70c6cc329df1b963f6861668796c706cc79050b0907a85540e", "deprecated": false }, "0.2": { "digest": "a80dffe6371664eea6ad42af1d386a9447e25a5917f1f489959fcb34ce37f363", "deprecated": false }, "0.3": { "digest": "3a284fc04e777a9e8d7606f2fcc09e092ec2ae45103d249d30ebb6eda8fea65a", "deprecated": false }, "0.4": { "digest": "74898d3d78b329435253d376376290d57422919618b411e7b1c3c249ac6efecd", "deprecated": false }, "0.5": { "digest": "08fa391d35558900669e1b0d0f6b8373d32053d8138355785b6b07e830675ff7", "deprecated": false }, "0.6": { "digest": "9f4da801bd0c193d4e24b56c465e081a7df8c17cd8b4340b1d4950c8220196f2", "deprecated": false }, "0.7": { "digest": "8d15b6ab76aea4f785a05f31ba84a92e96c1cd3a2644e7a63d98feebd16e1995", "deprecated": false }, "0.8": { "digest": "d637382a9f927a4d8101cfc8d42b39cd83d1327e074cc5c48c0a8827fedec6d5", "deprecated": false } }, "long_description": "IyBTeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgZ2VuZXJpYyBsaW51eCBzeXNsb2cgcGFyc2VyIHdpdGggdGltZS1zdXBwb3J0LgpBZGQgYGRhdGFzb3VyY2VfdHlwZWAgYW5kIGBkYXRhc291cmNlX3BhdGhgIHNvdXJjZSBhbmQgZGF0YXNvdXJjZSB0eXBlIGluIHRoZSBgTWV0YWDCoG9iamVjdC4K", "content": "I0lmIGl0J3Mgc3lzbG9nLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBwcm9nbmFtZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKcGF0dGVybl9zeW50YXg6CiAgUkFXX1NZU0xPR19QUkVGSVg6ICdePCV7TlVNQkVSOnN0dWZmMX0+JXtOVU1CRVI6c3R1ZmYyfSAle1NZU0xPR0JBU0UyfSAle0RBVEE6cHJvZ3JhbX0gJXtOVU1CRVI6cGlkfScKICBSQVdfU1lTTE9HX01FVEE6ICdcW21ldGEgc2VxdWVuY2VJZD0iJXtOT1REUVVPVEU6c2VxX2lkfSJcXScKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncwpub2RlczoKICAtIGdyb2s6CiAgICAgICN0aGlzIGlzIGEgbmFtZWQgcmVndWxhciBleHByZXNzaW9uLiBncm9rIHBhdHRlcm5zIGNhbiBiZSBrZXB0IGludG8gc2VwYXJhdGUgZmlsZXMgZm9yIHJlYWRhYmlsaXR5CiAgICAgIHBhdHRlcm46ICJeJXtTWVNMT0dMSU5FfSIgCiAgICAgICNUaGlzIGlzIHRoZSBmaWVsZCBvZiB0aGUgYEV2ZW50YCB0byB3aGljaCB0aGUgcmVnZXhwIHNob3VsZCBiZSBhcHBsaWVkCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwogIC0gZ3JvazoKICAgICAgI2Egc2Vjb25kIHBhdHRlcm4gZm9yIHVucGFyc2VkIHN5c2xvZyBsaW5lcywgYXMgc2F3IGluIG9wbnNlbnNlCiAgICAgIHBhdHRlcm46ICcle1JBV19TWVNMT0dfUFJFRklYfSAtICV7UkFXX1NZU0xPR19NRVRBfSAle0dSRUVEWURBVEE6bWVzc2FnZX0nCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwojaWYgdGhlIG5vZGUgd2FzIHN1Y2Nlc3NmdWxsLCBzdGF0aWNzIHdpbGwgYmUgYXBwbGllZC4Kc3RhdGljczoKICAtIG1ldGE6IG1hY2hpbmUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQubG9nc291cmNlCiAgLSBwYXJzZWQ6ICJsb2dzb3VyY2UiCiAgICB2YWx1ZTogInN5c2xvZyIKIyBzeXNsb2cgZGF0ZSBjYW4gYmUgaW4gdHdvIGRpZmZlcmVudCBmaWVsZHMgKG9uZSBvZiBodGUgYXNzaWdubWVudCB3aWxsIGZhaWwpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA4NjAxCiAgLSBtZXRhOiBkYXRhc291cmNlX3BhdGgKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlNyYwogIC0gbWV0YTogZGF0YXNvdXJjZV90eXBlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5Nb2R1bGUKLS0tCiNpZiBpdCdzIG5vdCBzeXNsb2csIHRoZSB0eXBlIGlzIHRoZSBwcm9nbmFtZQpmaWx0ZXI6ICJldnQuTGluZS5MYWJlbHMudHlwZSAhPSAnc3lzbG9nJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbm9uLXN5c2xvZwojZGVidWc6IHRydWUKc3RhdGljczoKICAtIHBhcnNlZDogbWVzc2FnZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuUmF3CiAgLSBwYXJzZWQ6IHByb2dyYW0KICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLkxhYmVscy50eXBlCiAgLSBtZXRhOiBkYXRhc291cmNlX3BhdGgKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlNyYwogIC0gbWV0YTogZGF0YXNvdXJjZV90eXBlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5Nb2R1bGUKCg==", "author": "crowdsecurity", "labels": null }, "crowdsecurity/sysmon-logs": { "path": "parsers/s01-parse/crowdsecurity/sysmon-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "6a349cea36ce2cb571d545767c4eab9279179ef7d26f01644e2b746ea68638f1", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIFtzeXNtb25dKGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3N5c2ludGVybmFscy9kb3dubG9hZHMvc3lzbW9uKSBldmVudHMuCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGNvbmZpZzoKYGBgeWFtbApzb3VyY2U6IHdpbmV2ZW50bG9nCnByZXR0eV9uYW1lOiBzeXNtb24KZXZlbnRfY2hhbm5lbDogIk1pY3Jvc29mdC1XaW5kb3dzLVN5c21vbi9PcGVyYXRpb25hbCIKbGFiZWxzOgogdHlwZTogc3lzbW9uCmBgYA==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnTWljcm9zb2Z0LVdpbmRvd3MtU3lzbW9uL09wZXJhdGlvbmFsJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNtb24KZGVzY3JpcHRpb246ICJQYXJzZSBzeXNtb24gZXZlbnRzIgpub2RlczoKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogRmlsZVZlcnNpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRmlsZVZlcnNpb24nXSIpCiAgICAgIC0gcGFyc2VkOiBEZXNjcmlwdGlvbgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXNjcmlwdGlvbiddIikKICAgICAgLSBwYXJzZWQ6IENvbXBhbnkKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ29tcGFueSddIikKICAgICAgLSBwYXJzZWQ6IE9yaWdpbmFsRmlsZU5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nT3JpZ2luYWxGaWxlTmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENvbW1hbmRMaW5lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbW1hbmRMaW5lJ10iKQogICAgICAtIHBhcnNlZDogQ3VycmVudERpcmVjdG9yeQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDdXJyZW50RGlyZWN0b3J5J10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogTG9nb25HdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0xvZ29uR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IExvZ29uSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nTG9nb25JZCddIikKICAgICAgLSBwYXJzZWQ6IFRlcm1pbmFsU2Vzc2lvbklkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Rlcm1pbmFsU2Vzc2lvbklkJ10iKQogICAgICAtIHBhcnNlZDogSW50ZWdyaXR5TGV2ZWwKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW50ZWdyaXR5TGV2ZWwnXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogUGFyZW50UHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50UHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQYXJlbnRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogUGFyZW50SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQYXJlbnRDb21tYW5kTGluZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQYXJlbnRDb21tYW5kTGluZSddIikKICAgICAgLSBwYXJzZWQ6IFBhcmVudFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUGFyZW50VXNlciddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUHJvY2Vzc0NyZWF0aW9uCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMicKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFRhcmdldEZpbGVuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1RhcmdldEZpbGVuYW1lJ10iKQogICAgICAtIHBhcnNlZDogQ3JlYXRpb25VdGNUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NyZWF0aW9uVXRjVGltZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IENyZWF0aW9uVGltZUNoYW5nZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICczJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1VzZXInXSIpCiAgICAgIC0gcGFyc2VkOiBQcm90b2NvbAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb3RvY29sJ10iKQogICAgICAtIHBhcnNlZDogSW5pdGlhdGVkCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW5pdGlhdGVkJ10iKQogICAgICAtIHBhcnNlZDogU291cmNlSXNJcHY2CiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlSXNJcHY2J10iKQogICAgICAtIHBhcnNlZDogU291cmNlSXAKICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VJcCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUhvc3RuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlSG9zdG5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBTb3VyY2VQb3J0CiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlUG9ydCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVBvcnROYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU291cmNlUG9ydE5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBEZXN0aW5hdGlvbklzSXB2NgogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uSXNJcHY2J10iKQogICAgICAtIHBhcnNlZDogRGVzdGluYXRpb25JcAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uSXAnXSIpCiAgICAgIC0gcGFyc2VkOiBEZXN0aW5hdGlvbkhvc3RuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGVzdGluYXRpb25Ib3N0bmFtZSddIikKICAgICAgLSBwYXJzZWQ6IERlc3RpbmF0aW9uUG9ydAogICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0Rlc3RpbmF0aW9uUG9ydCddIikKICAgICAgLSBwYXJzZWQ6IERlc3RpbmF0aW9uUG9ydE5hbWUKICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXN0aW5hdGlvblBvcnROYW1lJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBOZXR3b3JrQ29ubmVjdGlvbgogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzQnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogU3RhdGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU3RhdGUnXSIpCiAgICAgIC0gcGFyc2VkOiBWZXJzaW9uCiAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVmVyc2lvbiddIikKICAgICAgLSBwYXJzZWQ6IFNjaGVtYVZlcnNpb24KICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTY2hlbWFWZXJzaW9uJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBTeXNtb25TZXJ2aWNlU3RhdGVDaGFuZ2VkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUHJvY2Vzc1Rlcm1pbmF0ZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICc2JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEltYWdlTG9hZGVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlTG9hZGVkJ10iKQogICAgICAtIHBhcnNlZDogSGFzaGVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0hhc2hlcyddIikKICAgICAgLSBwYXJzZWQ6IFNpZ25lZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTaWduZWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTaWduYXR1cmUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU2lnbmF0dXJlJ10iKQogICAgICAtIHBhcnNlZDogU2lnbmF0dXJlU3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NpZ25hdHVyZVN0YXR1cyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogRHJpdmVyTG9hZGVkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnNycKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlTG9hZGVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlTG9hZGVkJ10iKQogICAgICAtIHBhcnNlZDogSGFzaGVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0hhc2hlcyddIikKICAgICAgLSBwYXJzZWQ6IFNpZ25lZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTaWduZWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTaWduYXR1cmUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU2lnbmF0dXJlJ10iKQogICAgICAtIHBhcnNlZDogU2lnbmF0dXJlU3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NpZ25hdHVyZVN0YXR1cyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogSW1hZ2VMb2FkZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICc4JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZVByb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogU291cmNlUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZVByb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZUltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0UHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBOZXdUaHJlYWRJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdOZXdUaHJlYWRJZCddIikKICAgICAgLSBwYXJzZWQ6IFN0YXJ0QWRkcmVzcwogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTdGFydEFkZHJlc3MnXSIpCiAgICAgIC0gcGFyc2VkOiBTdGFydE1vZHVsZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTdGFydE1vZHVsZSddIikKICAgICAgLSBwYXJzZWQ6IFN0YXJ0RnVuY3Rpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nU3RhcnRGdW5jdGlvbiddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogQ3JlYXRlUmVtb3RlVGhyZWFkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnOScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IERldmljZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdEZXZpY2UnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFJhd0FjY2Vzc1JlYWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxMCcKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBTb3VyY2VQcm9jZXNzR1VJRAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VQcm9jZXNzR1VJRCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZVByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBTb3VyY2VUaHJlYWRJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdTb3VyY2VUaHJlYWRJZCddIikKICAgICAgLSBwYXJzZWQ6IFNvdXJjZUltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1NvdXJjZUltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0UHJvY2Vzc0dVSUQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0dVSUQnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0UHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0SW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0SW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBHcmFudGVkQWNjZXNzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0dyYW50ZWRBY2Nlc3MnXSIpCiAgICAgIC0gcGFyc2VkOiBDYWxsVHJhY2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ2FsbFRyYWNlJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBQcm9jZXNzQWNjZXNzCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTEnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRGaWxlbmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRGaWxlbmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IEZpbGVDcmVhdGUKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxMicKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBFdmVudFR5cGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRXZlbnRUeXBlJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRPYmplY3QKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0T2JqZWN0J10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBSZWdpc3RyeUNyZWF0ZU9yRGVsCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTMnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogRXZlbnRUeXBlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0V2ZW50VHlwZSddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0T2JqZWN0CiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1RhcmdldE9iamVjdCddIikKICAgICAgLSBwYXJzZWQ6IERldGFpbHMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGV0YWlscyddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUmVnaXN0cnlTZXRWYWx1ZQogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzE0JwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEV2ZW50VHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudFR5cGUnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IFRhcmdldE9iamVjdAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRPYmplY3QnXSIpCiAgICAgIC0gcGFyc2VkOiBOZXdOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J05ld05hbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFJlZ2lzdHJ5UmVuYW1lCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTUnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBUYXJnZXRGaWxlbmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRGaWxlbmFtZSddIikKICAgICAgLSBwYXJzZWQ6IENyZWF0aW9uVXRjVGltZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdDcmVhdGlvblV0Y1RpbWUnXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IEZpbGVDcmVhdGVTdHJlYW1IYXNoCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTYnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogQ29uZmlndXJhdGlvbkZpbGVIYXNoCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbmZpZ3VyYXRpb25GaWxlSGFzaCddIikKICAgICAgLSBwYXJzZWQ6IENvbmZpZ3VyYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nQ29uZmlndXJhdGlvbiddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogU3lzbW9uQ29uZmlnQ2hhbmdlCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTcnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBQaXBlTmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQaXBlTmFtZSddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogUGlwZUNyZWF0ZWQKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcxOCcKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzR3VpZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzR3VpZCddIikKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NJZAogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdQcm9jZXNzSWQnXSIpCiAgICAgIC0gcGFyc2VkOiBJbWFnZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdJbWFnZSddIikKICAgICAgLSBwYXJzZWQ6IFBpcGVOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1BpcGVOYW1lJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBQaXBlQ29ubmVjdGVkCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTknCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogRXZlbnRUeXBlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0V2ZW50VHlwZSddIikKICAgICAgLSBwYXJzZWQ6IE9wZXJhdGlvbgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdPcGVyYXRpb24nXSIpCiAgICAgIC0gcGFyc2VkOiBVc2VyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1VzZXInXSIpCiAgICAgIC0gcGFyc2VkOiBFdmVudE5hbWVzcGFjZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudE5hbWVzcGFjZSddIikKICAgICAgLSBwYXJzZWQ6IE5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nTmFtZSddIikKICAgICAgLSBwYXJzZWQ6IFF1ZXJ5CiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5J10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBXbWlFdmVudEZpbHRlcgogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzIwJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IEV2ZW50VHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdFdmVudFR5cGUnXSIpCiAgICAgIC0gcGFyc2VkOiBPcGVyYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nT3BlcmF0aW9uJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogVHlwZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUeXBlJ10iKQogICAgICAtIHBhcnNlZDogTmFtZQogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdOYW1lJ10iKQogICAgICAtIHBhcnNlZDogRGVzdGluYXRpb24KICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRGVzdGluYXRpb24nXSIpCiAgICAgIC0gbWV0YTogU3lzbW9uRXZlbnRUeXBlCiAgICAgICAgdmFsdWU6IFdtaUV2ZW50Q29uc3VtZXIKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcyMScKICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiBFdmVudFR5cGUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nRXZlbnRUeXBlJ10iKQogICAgICAtIHBhcnNlZDogT3BlcmF0aW9uCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J09wZXJhdGlvbiddIikKICAgICAgLSBwYXJzZWQ6IFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVXNlciddIikKICAgICAgLSBwYXJzZWQ6IENvbnN1bWVyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NvbnN1bWVyJ10iKQogICAgICAtIHBhcnNlZDogRmlsdGVyCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ZpbHRlciddIikKICAgICAgLSBtZXRhOiBTeXNtb25FdmVudFR5cGUKICAgICAgICB2YWx1ZTogV21pRXZlbnRDb25zdW1lclRvRmlsdGVyCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMjInCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogUXVlcnlOYW1lCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5TmFtZSddIikKICAgICAgLSBwYXJzZWQ6IFF1ZXJ5U3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5U3RhdHVzJ10iKQogICAgICAtIHBhcnNlZDogUXVlcnlSZXN1bHRzCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1F1ZXJ5UmVzdWx0cyddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBETlNFdmVudAogIC0gZmlsdGVyOiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzIzJwogICAgc3RhdGljczoKICAgICAgLSBwYXJzZWQ6IFByb2Nlc3NHdWlkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NHdWlkJ10iKQogICAgICAtIHBhcnNlZDogUHJvY2Vzc0lkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Byb2Nlc3NJZCddIikKICAgICAgLSBwYXJzZWQ6IFVzZXIKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVXNlciddIikKICAgICAgLSBwYXJzZWQ6IEltYWdlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0ltYWdlJ10iKQogICAgICAtIHBhcnNlZDogVGFyZ2V0RmlsZW5hbWUKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nVGFyZ2V0RmlsZW5hbWUnXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogSXNFeGVjdXRhYmxlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0lzRXhlY3V0YWJsZSddIikKICAgICAgLSBwYXJzZWQ6IEFyY2hpdmVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0FyY2hpdmVkJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBGaWxlRGVsZXRlCiAgLSBmaWx0ZXI6IGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMjQnCiAgICBzdGF0aWNzOgogICAgICAtIHBhcnNlZDogUHJvY2Vzc0d1aWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0d1aWQnXSIpCiAgICAgIC0gcGFyc2VkOiBQcm9jZXNzSWQKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nUHJvY2Vzc0lkJ10iKQogICAgICAtIHBhcnNlZDogVXNlcgogICAgICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdVc2VyJ10iKQogICAgICAtIHBhcnNlZDogSW1hZ2UKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSW1hZ2UnXSIpCiAgICAgIC0gcGFyc2VkOiBTZXNzaW9uCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J1Nlc3Npb24nXSIpCiAgICAgIC0gcGFyc2VkOiBDbGllbnRJbmZvCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0NsaWVudEluZm8nXSIpCiAgICAgIC0gcGFyc2VkOiBIYXNoZXMKICAgICAgICBleHByZXNzaW9uOiAgWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSGFzaGVzJ10iKQogICAgICAtIHBhcnNlZDogSXNFeGVjdXRhYmxlCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0lzRXhlY3V0YWJsZSddIikKICAgICAgLSBwYXJzZWQ6IEFyY2hpdmVkCiAgICAgICAgZXhwcmVzc2lvbjogIFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbQE5hbWU9J0FyY2hpdmVkJ10iKQogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBDbGlwYm9hcmRDaGFuZ2UKICAtIGZpbHRlcjogZXZ0LlBhcnNlZC5FdmVudElEID09ICcyMjUnCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IFN5c21vbkV2ZW50VHlwZQogICAgICAgIHZhbHVlOiBTeXNtb25JbnRlcm5hbEVycm9yCgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHN5c21vbgogIC0gbWV0YTogUnVsZU5hbWUKICAgIGV4cHJlc3Npb246ICBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdSdWxlTmFtZSddIik=", "description": "Parse sysmon events", "author": "crowdsecurity", "labels": null }, "crowdsecurity/tcpdump-logs": { "path": "parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "e51892c14d137cc4f12d2203c851a953e743f262561c48ff6108bd4222fff254", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHRjcGR1bXAgbG9ncy4KClRvIG1ha2UgdGhpcyBwYXJzZXIgcmVsZXZhbnQsIHlvdSBzaG91bGQgaGF2ZSBhZGQgdGNwZHVtcCBjb21tYW5kIHRoYXQgbG9nIHRjcCBzY2FuIDoKCkFuIGV4YW1wbGU6CmBgYGJhc2gKY2F0IDw8RU9GID4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS90Y3BkdW1wLnNlcnZpY2UKW1VuaXRdCkRlc2NyaXB0aW9uPVRDUERVTVAKCltTZXJ2aWNlXQpUeXBlPXNpbXBsZQpVc2VyPXJvb3QKRXhlY1N0YXJ0PS9iaW4vc2ggLWMgJ3RjcGR1bXAgLWwgLW4gLWkgZXRoMCAidGNwW3RjcGZsYWdzXSAmICh0Y3Atc3luKSAhPSAwIiA+PiAvdmFyL2xvZy90Y3BkdW1wLm91dCcKUmVzdGFydD1vbi1mYWlsdXJlCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApzeXN0ZW1jdGwgZW5hYmxlIHRjcGR1bXAuc2VydmljZQpzZXJ2aWNlIHRjcGR1bXAgc3RhcnQKYGBgCgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndGNwZHVtcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGNwZHVtcC1sb2dzCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIlBhcnNlIHRjcGR1bXAgcmF3IGxvZ3MiCmdyb2s6CiAgbmFtZTogIlRDUERVTVBfT1VUUFVUIgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdGNwX3N5bgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiBkZXN0X2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRlc3RfaXAiCiAgICAtIG1ldGE6IGRlc3RfcG9ydAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCiAgICAtIHBhcnNlZDogIm5ld19jb25uZWN0aW9uIgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50Y3BmbGFncyBjb250YWlucyAnUycgPyAndHJ1ZScgOiAnZmFsc2UnIg==", "description": "Parse tcpdump raw logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/teamspeak3-logs": { "path": "parsers/s01-parse/crowdsecurity/teamspeak3-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "ad06951c76f4f270e7c15325011735c715e476a3c1edb8aba086b05b0c86970f", "deprecated": false }, "0.2": { "digest": "255a289431812be0e9ff76638dfea59e1c8c6512137db367ac40c51b43d32eb2", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHRlYW1zcGVhazMgc2VydmVyIGxvZ3MuCgpBcyB0ZWFtc3BlYWszIGxvZ2dpbmcgaXMgbGltaXRlZCwgb25seSBmYWlsZWQgbG9naW5zIHZpYSBzc2gvdGVsbmV0IGFyZSBwYXJzZWQuCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndHMzJyIKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWFtc3BlYWszLWxvZ3MKI2RlYnVnOiB0cnVlCmRlc2NyaXB0aW9uOiAiUGFyc2UgdGVhbXNwZWFrMyBzZXJ2ZXIgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9QSVBFOiAnW2EtekEtWlxzXSsnCiAgVFMzX0FVVEhfRkFJTDogJ14le1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH1cfCV7Tk9QSVBFOmxldmVsfVx8JXtOT1BJUEU6c2VydmljZX1cfCV7Tk9QSVBFOmVtcHR5fVx8cXVlcnkgZnJvbSAle0lOVDpjaGFufSBcWz8le0lQOnNyY19pcH1cXT86JXtJTlQ6c3JjX3BvcnR9IGF0dGVtcHRlZCB0byBsb2dpbiB3aXRoIGFjY291bnQgIiV7REFUQTpsb2dpbn0iIGFuZCBmYWlsZWQhJCcKIzIwMjItMTItMjkgMTE6Mzk6MjYuMDA5NzU2fElORk8gICAgfFF1ZXJ5ICAgICAgICAgfCAgIHxxdWVyeSBmcm9tIDExIDEyNy4wLjAuMTo0ODQyNiBhdHRlbXB0ZWQgdG8gbG9naW4gd2l0aCBhY2NvdW50ICJ0b3RvIiBhbmQgZmFpbGVkIQojMjAyMy0wMS0xMyAwMDo0NDoyNy41NDMzMzN8SU5GTyAgICB8UXVlcnkgICAgICAgICB8ICAgfHF1ZXJ5IGZyb20gMTAxIFtmZDAwOmZlZWQ6ZGVhZDpiZWVmOjQwNWY6MjZmZjpmZTA2OmQ0Yl06MzQyMzIgYXR0ZW1wdGVkIHRvIGxvZ2luIHdpdGggYWNjb3VudCAidG90byIgYW5kIGZhaWxlZCEKCmdyb2s6CiAgbmFtZTogVFMzX0FVVEhfRkFJTAogIGFwcGx5X29uOiBtZXNzYWdlCiAgc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVhbXNwZWFrMwogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdHMzX2ZhaWxfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3JjX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCg==", "description": "Parse teamspeak3 server logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/teleport-logs": { "path": "parsers/s01-parse/crowdsecurity/teleport-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "3fbeaceed0ed03d0a23244c6c3cf3774aa69e9bbf3c77638e5cfb3532ddd67b2", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHRlbGVwb3J0IGpzb24gbG9ncw==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS90ZWxlcG9ydC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgdGVsZXBvcnQgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICd0ZWxlcG9ydCcgJiYgVW5tYXJzaGFsSlNPTihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgJ3RlbGVwb3J0JykgaW4gWycnLCBuaWxdIgojZGVidWc6IHRydWUKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogdGVsZXBvcnQKICAtIG1ldGE6IHN1Yl90eXBlCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQudGVsZXBvcnQuZXZlbnQKICAtIG1ldGE6IHN1Y2Nlc3MKICAgIGV4cHJlc3Npb246ICJldnQuVW5tYXJzaGFsZWQudGVsZXBvcnQuc3VjY2VzcyA/ICd0cnVlJyA6ICdmYWxzZSciCiMjIFNldCBmb3IgaW1wb3NzaWJsZSB0cmF2ZWwgc2NlbmFyaW8KICAtIG1ldGE6IGxvZ190eXBlCiAgICBleHByZXNzaW9uOiAiZXZ0LlVubWFyc2hhbGVkLnRlbGVwb3J0LnN1Y2Nlc3MgPyAnYXV0aF9zdWNjZXNzJyA6ICdhdXRoX2ZhaWxlZCciCiMjQ29udmVydGluZyBhIGJvb2wgd2l0aCBzcHJpbnRmIGlzIHZlcnkgc2xvdywgc28gd2UgdXNlIGEgdGVybmFyeSBleHByZXNzaW9uCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQudGVsZXBvcnQudGltZQogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLnRlbGVwb3J0LnVzZXIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogU3BsaXQoZXZ0LlVubWFyc2hhbGVkLnRlbGVwb3J0WyJhZGRyLnJlbW90ZSJdLCAnOicpWzBdCiAgLSBtZXRhOiBodHRwX3VzZXJfYWdlbnQKICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC50ZWxlcG9ydFsidXNlcl9hZ2VudCJd", "description": "Parse teleport logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/thehive-logs": { "path": "parsers/s01-parse/crowdsecurity/thehive-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "777997fbca7b59c7cd67a890e298ff8cbc648013a8e9db484ec1754318b3e389", "deprecated": false } }, "long_description": "VGhlaGl2ZSBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIHBhcnNlci4KClJlZmVyZW5jZToKaHR0cHM6Ly9kb2NzLnN0cmFuZ2ViZWUuY29tL3RoZWhpdmUvc2V0dXAv", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVGhlaGl2ZSBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3RoZWhpdmUnIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdcW2luZm9cXSBvLnQucy5BY2Nlc3NMb2dGaWx0ZXIgXFsuKlxdICV7SVA6c291cmNlX2lwfSBQT1NUIC9hcGkvdjEvbG9naW4gdG9vayAle0lOVH1tcyBhbmQgcmV0dXJuZWQgNDAxICV7SU5UfSBieXRlcycKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogdGhlaGl2ZV9mYWlsZWRfYXV0aAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICB2YWx1ZTogdG90bw==", "description": "Parse Thehive logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/traefik-logs": { "path": "parsers/s01-parse/crowdsecurity/traefik-logs.yaml", "stage": "s01-parse", "version": "0.9", "versions": { "0.1": { "digest": "3dcf2e166ad138a69d009bfd364e30dee50debc5ed882ed9d8bbf52f2509c600", "deprecated": false }, "0.2": { "digest": "a461c760c7a669f5c7aab35587c65f0b08b145002ff77f4907e0b94d997b32c8", "deprecated": false }, "0.3": { "digest": "e7691b4dddb010d87945c12753ce6e5c9da4d069694227000b0cc6cdf66f4810", "deprecated": false }, "0.4": { "digest": "36eed0ae5e3fdf0a59538f0af2262311cadc81d7d5c9fba9051cf69c41cd3533", "deprecated": false }, "0.5": { "digest": "5b2ad9def31d7314a701a8f3be0f7e80e15a036dc0d13ab2bd45cf04eb30a121", "deprecated": false }, "0.6": { "digest": "e200a068b6781f26f9ce07e20e0e7d74ebb63c8977fa1f6a2618d1a05f71624e", "deprecated": false }, "0.7": { "digest": "b2ff5d3441d12d72c50af05dd8208f2359b30bb8f96aa18760f35c46fb1859da", "deprecated": false }, "0.8": { "digest": "573d81db95901f40f3150e651696dff2c236b6ad2b4fca81f6b550b415466439", "deprecated": false }, "0.9": { "digest": "0b3eb296548ee739a7665ddbbc62e36163e1f347b7dc2595f1d955731d5c7336", "deprecated": false } }, "long_description": "PiBDby1hdXRob3JlZCB3aXRoIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCgpUaGlzIHRyYWVmaWsgcGFyc2VyIHN1cHBvcnRzIGFjY2VzcyBsb2dzIGluIHRoZSBDb21tb24gTG9nIEZvcm1hdCAoW2RlZmluZWQgaGVyZSBmb3IgVHJhZWZpa10oaHR0cHM6Ly9kb2MudHJhZWZpay5pby90cmFlZmlrL29ic2VydmFiaWxpdHkvYWNjZXNzLWxvZ3MvI2Zvcm1hdCkpIGFuZCBKU09OIGZvcm1hdHMuCg==", "content": "IyBjby1hdXRob3JlZCB3aXRoIGdtZWxvZGllIChodHRwczovL2dpdGh1Yi5jb20vZ21lbG9kaWUpCm5hbWU6IGNyb3dkc2VjdXJpdHkvdHJhZWZpay1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVHJhZWZpayBhY2Nlc3MgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ3RyYWVmaWsnIgojZGVidWc6IHRydWUKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFRSQUVGSUtfUk9VVEVSOiAnKCV7VVNFUn1AJXtVUklIT1NUfXxcLSknCiAgVFJBRUZJS19TRVJWRVJfVVJMOiAnKCV7VVJJfXxcLSknCiAgTlVNQkVSX01JTlVTOiAnWzAtOS1dKycKICBOR0NVU1RPTVVTRVI6ICdbYS16QS1aMC05XC5cQFwtXCtfJV0rJwogIE5HSU5YQUNDRVNTMjogJyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gJXtOR0NVU1RPTVVTRVI6cmVtb3RlX3VzZXJ9IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtEQVRBOnJlcXVlc3R9IEhUVFAvJXtOVU1CRVI6aHR0cF92ZXJzaW9ufSIgJXtOVU1CRVJfTUlOVVM6c3RhdHVzfSAle05VTUJFUl9NSU5VUzpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSInCm5vZGVzOgogIC0gZ3JvazogIyBDTEYgcGFyc2VyCiAgICAgIHBhdHRlcm46ICcle05HSU5YQUNDRVNTMn0gJXtOVU1CRVI6bnVtYmVyX29mX3JlcXVlc3RzX3JlY2VpdmVkX3NpbmNlX3RyYWVmaWtfc3RhcnRlZH0gIiV7VFJBRUZJS19ST1VURVI6dHJhZWZpa19yb3V0ZXJfbmFtZX0iICIle1RSQUVGSUtfU0VSVkVSX1VSTDp0cmFlZmlrX3NlcnZlcl91cmx9IiAle05VTUJFUjpyZXF1ZXN0X2R1cmF0aW9uX2luX21zfW1zJwogICAgICBhcHBseV9vbjogbWVzc2FnZQojIFdlIG11c3QgdXNlIGV2dC5QYXJzZWQubWVzc2FnZSB0byBtYWtlIHN1cmUgd2UgcmVzcGVjdCBzMDAgc3RhZ2UKICAtIGZpbHRlcjogVW5tYXJzaGFsSlNPTihldnQuUGFyc2VkLm1lc3NhZ2UsIGV2dC5Vbm1hcnNoYWxlZCwgInRyYWVmaWsiKSBpbiBbIiIsIG5pbF0KICAgIHN0YXRpY3M6CiAgICAgIC0gcGFyc2VkOiByZW1vdGVfYWRkcgogICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC50cmFlZmlrLkNsaWVudEhvc3QKICAgICAgLSBwYXJzZWQ6IGRlc3RfYWRkcgogICAgICAgICMjIFNwbGl0IGRlc3RfYWRkciB0byBnZXQgSVAgb25seSBhcyB0aGlzIGlzIG9yaWdpbmFsIGZ1bmN0aW9uYWxpdHkKICAgICAgICBleHByZXNzaW9uOiBTcGxpdChldnQuVW5tYXJzaGFsZWQudHJhZWZpay5DbGllbnRBZGRyLCAnOicpWzBdCiAgICAgIC0gcGFyc2VkOiByZXF1ZXN0X2FkZHIKICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQudHJhZWZpay5SZXF1ZXN0QWRkcgogICAgICAtIHBhcnNlZDogc2VydmljZV9hZGRyCiAgICAgICAgIyMgU3BsaXQgc2VydmljZV9hZGRyIHRvIGdldCBJUCBvbmx5IGFzIHRoaXMgaXMgb3JpZ2luYWwgZnVuY3Rpb25hbGl0eQogICAgICAgIGV4cHJlc3Npb246ICJldnQuVW5tYXJzaGFsZWQudHJhZWZpay5TZXJ2aWNlQWRkciAhPSBuaWwgPyBTcGxpdChldnQuVW5tYXJzaGFsZWQudHJhZWZpay5TZXJ2aWNlQWRkciwgJzonKVswXSA6IG5pbCIKICAgICAgLSBwYXJzZWQ6IGh0dHBfdXNlcl9hZ2VudAogICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC50cmFlZmlrWyJyZXF1ZXN0X1VzZXItQWdlbnQiXSAjIyBXZSBoYXZlIHRvIGFjY2VzcyB2aWEgW10gYXMgdGhlIGtleSBjb250YWlucyBhIGRhc2ggCiAgICAgIC0gcGFyc2VkOiBib2R5X2J5dGVzX3NlbnQKICAgICAgICAjIyBXZSBoYXZlIHRvIGNoZWNrIGlmIERvd25zdHJlYW1Db250ZW50U2l6ZSBpcyBuaWwsIGFzIGl0IHdpbGwgY2F1c2UgRVhQUiBlcnJvciBpZiBpdCBpcyAKICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlVubWFyc2hhbGVkLnRyYWVmaWsuRG93bnN0cmVhbUNvbnRlbnRTaXplICE9IG5pbCA/IGludChldnQuVW5tYXJzaGFsZWQudHJhZWZpay5Eb3duc3RyZWFtQ29udGVudFNpemUpIDogbmlsIgogICAgICAtIHBhcnNlZDogcmVxdWVzdF9kdXJhdGlvbl9pbl9tcwogICAgICAgIGV4cHJlc3Npb246IGludChldnQuVW5tYXJzaGFsZWQudHJhZWZpay5EdXJhdGlvbikKICAgICAgLSBwYXJzZWQ6IHRyYWVmaWtfcm91dGVyX25hbWUKICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQudHJhZWZpay5Sb3V0ZXJOYW1lCiAgICAgIC0gcGFyc2VkOiB0aW1lX2xvY2FsCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlVubWFyc2hhbGVkLnRyYWVmaWsudGltZQogICAgICAtIHBhcnNlZDogdmVyYgogICAgICAgIGV4cHJlc3Npb246IGV2dC5Vbm1hcnNoYWxlZC50cmFlZmlrLlJlcXVlc3RNZXRob2QKICAgICAgLSBwYXJzZWQ6IHJlcXVlc3QKICAgICAgICBleHByZXNzaW9uOiBldnQuVW5tYXJzaGFsZWQudHJhZWZpay5SZXF1ZXN0UGF0aAogICAgICAtIHBhcnNlZDogaHR0cF92ZXJzaW9uCiAgICAgICAgIyMgU3BsaXQgaHR0cF92ZXJzaW9uIHRvIGdldCB2ZXJzaW9uIG9ubHkgYXMgdGhpcyBpcyBvcmlnaW5hbCBmdW5jdGlvbmFsaXR5CiAgICAgICAgZXhwcmVzc2lvbjogU3BsaXQoZXZ0LlVubWFyc2hhbGVkLnRyYWVmaWsuUmVxdWVzdFByb3RvY29sLCAnLycpWzFdCiAgICAgIC0gcGFyc2VkOiBzdGF0dXMKICAgICAgICBleHByZXNzaW9uOiBpbnQoZXZ0LlVubWFyc2hhbGVkLnRyYWVmaWsuRG93bnN0cmVhbVN0YXR1cykKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBodHRwCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX3VzZXIiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZV9sb2NhbCIKICAtIG1ldGE6IHRyYWVmaWtfcm91dGVyX25hbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRyYWVmaWtfcm91dGVyX25hbWUiCiAgLSBtZXRhOiBodHRwX3ZlcmIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnZlcmIiCg==", "description": "Parse Traefik access logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/unifi-logs": { "path": "parsers/s00-raw/crowdsecurity/unifi-logs.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "fd8bfd95085177fec395efdddf00161bcf490a2d156aabcea5fc1c2cae6f3f17", "deprecated": false } }, "long_description": "IyBVbmlmaSBzeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgcGFyc2VyIGZvciBzeXNsb2cgbG9ncyByZWNlaXZlZCBmcm9tIGFuIFVuaWZpIGRldmljZS4KClRob3NlIGxvZ3MgYXJlIHNsaWd0aGx5IG5vbi1jb25mb3JtYW50IHRvIHRoZSBzeXNsb2cgc3RhbmRhcmQsIGhlbmNlIHRoZSBuZWVkIGZvciBhIGN1c3RvbSBwYXJzZXIuCgojIyBFeGFtcGxlIGNvbmZpZ3VyYXRpb24KCkFzIGNyb3dkc2VjIGRvZXMgbm90IHJ1biBlYXNpbHkgZGlyZWN0bHkgb24gYW4gVURNLCB5b3UnbGwgbGlrZWx5IHdhbnQgdG8gc2V0dXAgc3lzbG9nIGV4cG9ydCBvbiB5b3VyIFVETSwgYW5kIHVzZSB0aGUgZm9sbG93aW5nIGFjcXVpc2l0aW9uIGNvbmZpZzoKCmBgYHlhbWwKc291cmNlOiBzeXNsb2cKbGlzdGVuX2FkZHI6IDAuMC4wLjAKbGlzdGVuX3BvcnQ6IDQyNDIKbGFiZWxzOgogdHlwZTogdW5pZmkKYGBg", "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTGFiZWxzLnR5cGUgPT0gJ3VuaWZpJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFNZU0xPR0JBU0VfVU5JRkk6ICcoPzole1NZU0xPR1RJTUVTVEFNUDp0aW1lc3RhbXB9fCV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wODYwMX0pICg/OiV7U1lTTE9HRkFDSUxJVFl9ICk/JXtEQVRBOmxvZ3NvdXJjZX0rKD86ICV7U1lTTE9HUFJPR306fCknCiAgU1lTTE9HTElORV9VTklGSTogJyV7U1lTTE9HQkFTRV9VTklGSX0gJXtHUkVFRFlEQVRBOm1lc3NhZ2V9JwpuYW1lOiBjcm93ZHNlY3VyaXR5L3VuaWZpLWxvZ3MKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiXiV7U1lTTE9HTElORV9VTklGSX0iCiAgICAgIGFwcGx5X29uOiBMaW5lLlJhdwpzdGF0aWNzOgogIC0gbWV0YTogbWFjaGluZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5sb2dzb3VyY2UKICAtIHBhcnNlZDogImxvZ3NvdXJjZSIKICAgIHZhbHVlOiAic3lzbG9nIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wODYwMQogIC0gbWV0YTogZGF0YXNvdXJjZV9wYXRoCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5TcmMKICAtIG1ldGE6IGRhdGFzb3VyY2VfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTW9kdWxl", "author": "crowdsecurity", "labels": null }, "crowdsecurity/vsftpd-logs": { "path": "parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "39d986c6005d2b96b8941a71ee81c4af35bd22b1094685a8b7f7fbc00e1b4f7f", "deprecated": false }, "0.2": { "digest": "a06ecb5ef08f47fd4e0d70abfa1c78a8570488c8741d660614d97354c17cc4cc", "deprecated": false }, "0.3": { "digest": "2d32b1f35244aeeaa36e66ae3f5538d2d1aa22a66cbe350b26a3845bf99de4c5", "deprecated": false } }, "long_description": "RlRQIChbdnNmdHBkXShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9Wc2Z0cGQpKSBhdXRoZW50aWNhdGlvbiBmYWlsIHBhcnNlci4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHZzZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVlNGVFBEIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndnNmdHBkJyIKI2RlYnVnOiB0cnVlCnBhdHRlcm5fc3ludGF4OgogICMgQ3VzdG9tIGdyb2sgZm9yIHNvbWUgdmVyc2lvbnMgdGhhdCBhZGQgYW4gZXh0cmEgc3BhY2UgYmVmb3JlIHNpbmdsZSBkaWdpdCBtb250aGRheQogICMgTm90IHBlcmZlY3QgYmVjYXVzZSBleHRyYSAsc3BhY2VzIGFyZSBub3QgdHJpbW1lZCBpbiByZXN1bHRpbmcgJ3RpbWVzdGFtcCcgY2FwdHVyZQogIENVU1RPTV9IVFRQREVSUk9SX0RBVEU6ICcle0RBWX0gJXtNT05USH0gKD86XHM/KSV7TU9OVEhEQVl9ICV7VElNRX0gJXtZRUFSfScKICBGVFBfQVVUSF9GQUlMOiAnJXtDVVNUT01fSFRUUERFUlJPUl9EQVRFOnRpbWVzdGFtcH0gXFtwaWQgJXtOVU1CRVJ9XF0gXFsle0dSRUVEWURBVEE6dXNlcn1cXSBGQUlMIExPR0lOOiBDbGllbnQgIig6OmZmZmY6KT8le0lQOnNvdXJjZV9pcH0iJwogIEZUUF9ERU5JRURfVVNFUjogJyV7Q1VTVE9NX0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRlRQIHJlc3BvbnNlOiBDbGllbnQgIig6OmZmZmY6KT8le0lQOnNvdXJjZV9pcH0iLCAiNTMwIFBlcm1pc3Npb24gZGVuaWVkLiInCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7RlRQX0FVVEhfRkFJTH0iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtGVFBfREVOSUVEX1VTRVJ9IgogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBwcm9ncmFtCiAgICAgIHZhbHVlOiB2c2Z0cGQKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgICB2YWx1ZTogIk1vbiBKYW4gXzIgMTU6MDQ6MDUgMjAwNiIK", "description": "Parse VSFTPD logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/whitelists": { "path": "parsers/s02-enrich/crowdsecurity/whitelists.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "f51f41270a7ff9900d9c815beccc3ded36a1c377a6e21dd19f9d8209623789b1", "deprecated": false }, "0.2": { "digest": "326da7ad71aee690bf71c5a392ac6dbd028f502e617a8b8ed7a5c5554ecaf72c", "deprecated": false } }, "long_description": "QSBnZW5lcmljIHdoaXRlbGlzdCB0byBhdm9pZCBiYW5uaW5nIHlvdXJzZWxmLgoKIyMjIHdoaXRlbGlzdGVkIGlwczoKIC0gMTI3LjAuMC4xCiAtIDo6MQoKIyMjIHdoaXRlbGlzdGVkIHJhbmdlczoKIC0gMTkyLjE2OC4wLjAvMTYKIC0gMTAuMC4wLjAvOAogLSAxNzIuMTYuMC4wLzEyCg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS93aGl0ZWxpc3RzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIHByaXZhdGUgaXB2NCBhZGRyZXNzZXMiCndoaXRlbGlzdDoKICByZWFzb246ICJwcml2YXRlIGlwdjQvaXB2NiBpcC9yYW5nZXMiCiAgaXA6IAogICAgLSAiMTI3LjAuMC4xIgogICAgLSAiOjoxIgogIGNpZHI6CiAgICAtICIxOTIuMTY4LjAuMC8xNiIKICAgIC0gIjEwLjAuMC4wLzgiCiAgICAtICIxNzIuMTYuMC4wLzEyIgogICMgZXhwcmVzc2lvbjoKICAjICAgLSAiJ2Zvby5jb20nIGluIGV2dC5NZXRhLnNvdXJjZV9pcC5yZXZlcnNlIiAKCg==", "description": "Whitelist events from private ipv4 addresses", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-auth": { "path": "parsers/s01-parse/crowdsecurity/windows-auth.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "deprecated": false }, "0.2": { "digest": "c0e604a0512e61cdd102c9ebc9267c3e546712f05b75a912695808a45e08dc51", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIHdpbmRvd3MgYXV0aCBldmVudHMgcmVhZCBmcm9tIHRoZSBldmVudHMgbG9nLgoKT25seSBhY2NlcHRzIGV2ZW50cyB3aXRoIGZyb20gdGhlIFNlY3VyaXR5IGNoYW5uZWwgd2l0aCBJRCA0NjI1Lg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLkNoYW5uZWwgPT0gJ1NlY3VyaXR5JyAmJiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzQ2MjUnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYXV0aApkZXNjcmlwdGlvbjogIlBhcnNlIHdpbmRvd3MgYXV0aGVudGljYXRpb24gZmFpbHVyZSBldmVudHMgKGlkIDQ2MjUpIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVtATmFtZT0nSXBBZGRyZXNzJ10iKQogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhW0BOYW1lPSdUYXJnZXRVc2VyTmFtZSddIikKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHdpbmRvd3NfZmFpbGVkX2F1dGg=", "description": "Parse windows authentication failure events (id 4625)", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-firewall-logs": { "path": "parsers/s01-parse/crowdsecurity/windows-firewall-logs.yaml", "stage": "s01-parse", "version": "0.3", "versions": { "0.1": { "digest": "a093e7fccc9ca714c70284b7f2898a1e2c785b565fbdc63778960c07306ecf7f", "deprecated": false }, "0.2": { "digest": "44779151d40327fa5b2a882165dac19c71f47a75aa994dda0ff9190b7417ef5f", "deprecated": false }, "0.3": { "digest": "006ab41688651b1151c017f6a9da16e6ae86e74d171c9a28dbbb092ca8a38b94", "deprecated": false } }, "long_description": "CkEgcGFyc2VyIGZvciB3aW5kb3dzIGZpcmV3YWxsIGxvZ3MuCgpUaGlzIG9ubHkgaGFuZGxlcyBsb2dzIHRoYXQgY29udGFpbnMgYm90aCBgRFJPUGAgYW5kIGBSRUNFSVZFYCB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMgZm9yIG91dGdvaW5nIHRyYWZmaWMgb3IgbG9nZ2luZyBmb3Igc3VjY2Vzc2Z1bCBjb25uZWN0aW9ucy4KCllvdSBuZWVkIHRvIGVuYWJsZSBsb2dnaW5nIGZvciBkcm9wcGVkIHBhY2tldHMgKG9mZiBieSBkZWZhdWx0KTogaHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi93aW5kb3dzLWZpcmV3YWxsL2NvbmZpZ3VyZS10aGUtd2luZG93cy1maXJld2FsbC1sb2cKCkZvcm1hdCBpczoKYGBgCiNGaWVsZHM6IGRhdGUgdGltZSBhY3Rpb24gcHJvdG9jb2wgc3JjLWlwIGRzdC1pcCBzcmMtcG9ydCBkc3QtcG9ydCBzaXplIHRjcGZsYWdzIHRjcHN5biB0Y3BhY2sgdGNwd2luIGljbXB0eXBlIGljbXBjb2RlIGluZm8gcGF0aCBwaWQKMjAyMi0wMS0zMSAxMjoyNDo1MSBEUk9QIFRDUCAxOTIuMTY4LjkuMTYzIDE5Mi4xNjguOS4yMTIgNjM2MTkgNDQ1IDY0IFMgMTAzMTM2NTg1NSAwIDY1NTM1IC0gLSAtIFJFQ0VJVkUgNApgYGA=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnd2luZG93cy1maXJld2FsbCcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnIERST1AgVENQICcgYW5kIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnIFJFQ0VJVkUnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtZmlyZXdhbGwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHdpbmRvd3MgZmlyZXdhbGwgZHJvcCBsb2dzIgpncm9rOgogIHBhdHRlcm46ICIle1RJTUVTVEFNUF9JU084NjAxOmRhdGV9IERST1AgVENQICV7SVA6c3JjX2lwfSAle0lQOmRzdF9pcH0gJXtJTlQ6c3JjX3BvcnR9ICV7SU5UOmRzdF9wb3J0fSAle0lOVDpzaXplfSAle1dPUkQ6ZmxhZ3N9ICV7SU5UOnRjcHN5bn0gJXtJTlQ6dGNwYWNrfSAle0lOVDp3aW5kb3d9IC0gLSAtIFJFQ0VJVkUoICV7SU5UOnBpZH0pPyIgCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCgo=", "description": "Parse windows firewall drop logs", "author": "crowdsecurity", "labels": null }, "crowdsecurity/windows-logs": { "path": "parsers/s00-raw/crowdsecurity/windows-logs.yaml", "stage": "s00-raw", "version": "0.4", "versions": { "0.1": { "digest": "f51a9f48a321f6935c44515ee8ec312d7771a6ced5bf63d9ab8dede2a3b77e9d", "deprecated": false }, "0.2": { "digest": "65d086df4579e371213259dffdf4ff22b27a107a4200327b0b86b5605fed4d43", "deprecated": false }, "0.3": { "digest": "686608f2d4fb9813b41bd8a1d8683a0a2ee69ff453b6dfd2905e27e1d38634d2", "deprecated": false }, "0.4": { "digest": "800aad4d3be5717d2c389a774462b54eb8ccd2f23755e328fb7d8865f426fa67", "deprecated": false } }, "content": "ZmlsdGVyOiAiZXZ0LkxpbmUuTW9kdWxlID09ICd3aW5ldmVudGxvZyciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtZXZlbnRsb2cKc3RhdGljczoKICAtIG1ldGE6IGRhdGFzb3VyY2VfcGF0aAogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuU3JjCiAgLSBtZXRhOiBkYXRhc291cmNlX3R5cGUKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLk1vZHVsZQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgI1dlIG5lZWQgWE1MR2V0QXR0cmlidXRlVmFsdWUgYmVjYXVzZSBldHJlZSBkb2VzIG5vdCBzdXBwb3J0IGdldHRpbmcgYW4gYXR0cmlidXRlIHZhbHVlIChvciBhdCBsZWFzdCwgaSBkaWRuJ3QgbWFuYWdlIHRvIG1ha2UgdGhlIGNvcnJlY3QgcXVlcnkpCiAgICBleHByZXNzaW9uOiBYTUxHZXRBdHRyaWJ1dGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvU3lzdGVtWzFdL1RpbWVDcmVhdGVkIiwgIlN5c3RlbVRpbWUiKQogIC0gcGFyc2VkOiBDaGFubmVsCiAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9DaGFubmVsIikKICAtIHBhcnNlZDogRXZlbnRJRAogICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9TeXN0ZW1bMV0vRXZlbnRJRCIpCiAgLSBwYXJzZWQ6IFNvdXJjZQogICAgZXhwcmVzc2lvbjogWE1MR2V0QXR0cmlidXRlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9Qcm92aWRlciIsICJOYW1lIikKICAtIHBhcnNlZDogQ29tcHV0ZXIKICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvU3lzdGVtWzFdL0NvbXB1dGVyIikKICAtIHBhcnNlZDogVXNlclNJRAogICAgZXhwcmVzc2lvbjogWE1MR2V0QXR0cmlidXRlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L1N5c3RlbVsxXS9TZWN1cml0eSIsICJVc2VySUQiKQogIC0gcGFyc2VkOiBwcm9ncmFtCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5MYWJlbHMudHlwZQotLS0KZmlsdGVyOiAiZXZ0LkxpbmUuTW9kdWxlICE9ICd3aW5ldmVudGxvZyciCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3Mtbm9uLWV2ZW50bG9nCnN0YXRpY3M6CiAgLSBwYXJzZWQ6IG1lc3NhZ2UKICAgIGV4cHJlc3Npb246IGV2dC5MaW5lLlJhdwogIC0gcGFyc2VkOiBwcm9ncmFtCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5MYWJlbHMudHlwZQogIC0gbWV0YTogZGF0YXNvdXJjZV9wYXRoCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5TcmMKICAtIG1ldGE6IGRhdGFzb3VyY2VfdHlwZQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTW9kdWxlCgo=", "author": "crowdsecurity", "labels": null }, "crowdsecurity/wireguard-logs": { "path": "parsers/s01-parse/crowdsecurity/wireguard-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "fa206b8f4bed11951bf44f85790c87c9eebd410c1ab623347cbe6ebf64274229", "deprecated": false } }, "long_description": "SW4gb3JkZXIgZm9yIENyb3dkU2VjIHRvIGRldGVjdCBhdHRhY2tzIG9uIFdpcmVndWFyZCBpdCBuZWVkcyBsb2dzIGFuZCBzaW5jZSBXaXJlZ3VhcmQgYnkgZGVmYXVsdCBsb2dzIGNsb3NlIHRvIG5vdGhpbmcgd2UgbmVlZCB0byBlbmFibGUgV2lyZWd1YXJkJ3MgZHluZGJnIGxvZ2dpbmcgd2hpY2ggc2VuZHMgbG9nIG1lc3NhZ2VzIHRvIHRoZSBMaW51eCBrZXJuZWwgbWVzc2FnZSBidWZmZXIsIGBrbXNnYC4gClRoZXNlIHdpbGwgYmUgcGlja2VkIHVwIGJ5IHlvdXIgTGludXggZGlzdHJvJ3Mgc3lzbG9nIHNlcnZpY2UgKGF0IGxlYXN0IG9uIERlYmlhbiwgcHJvYmFibHkgYWxzbyBvbiBtb3N0IG90aGVycykgYW5kIGxvZ2dlZCBpbiBgL3Zhci9rZXJuLmxvZ2AuIE9uIG90aGVyIGRpc3Ryb3MgdGhleSB3aWxsIGJlIGxvZ2dlZCB0byBgL3Zhci9sb2cvbWVzc2FnZXNgLgoKVG8gZW5hYmxlIFdpcmVndWFyZCdzIGR5bmRiZyBsb2dnaW5nOgpgYGBjb25zb2xlCiQgc3VkbyBtb2Rwcm9iZSB3aXJlZ3VhcmQKJCBlY2hvIG1vZHVsZSB3aXJlZ3VhcmQgK3AgfCBzdWRvIHRlZSAvc3lzL2tlcm5lbC9kZWJ1Zy9keW5hbWljX2RlYnVnL2NvbnRyb2wKYGBgCgpNb3JlIGRldGFpbHMgb24gd2hhdCB3ZSdyZSBsb29raW5nIGZvciwgd2h5IGFuZCBvdGhlciB3YXlzIHRvIGRvIGxvZ2dpbmcgb24gV2lyZWd1YXJkLCBwbGVhc2UgZ28gdG86Cmh0dHBzOi8vd3d3LnByb2N1c3RvZGlidXMuY29tL2Jsb2cvMjAyMS8wMy93aXJlZ3VhcmQtbG9ncy8=", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdrZXJuZWwnIGFuZCBldnQuUGFyc2VkLm1lc3NhZ2UgY29udGFpbnMgJ3dpcmVndWFyZDonIgojZGVidWc6IHRydWUKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvd2lyZWd1YXJkLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZXMgd2lyZWd1YXJkIGxvZyB2aWEgZHluZGJnIgpwYXR0ZXJuX3N5bnRheDoKICBXSVJFR1VBUkRfSU5WQUxJRF9IQU5EU0hBS0U6ICd3aXJlZ3VhcmQ6IHdnJXtJTlR9OiBQYWNrZXQgaGFzIHVuYWxsb3dlZCBzcmMgSVAgXCgle0lQfVwpIGZyb20gcGVlciAle0lOVH0gXCgle0lQOnNvdXJjZV9pcH06JXtJTlR9XCknCiAgV0lSRUdVQVJEX1VOQVVUSE9SSVpFRF9QQUNLRVQ6ICd3aXJlZ3VhcmQ6IHdnJXtJTlR9OiBJbnZhbGlkIGhhbmRzaGFrZSBpbml0aWF0aW9uIGZyb20gJXtJUDpzb3VyY2VfaXB9OiV7SU5UfScKbm9kZXM6CiAtIGdyb2s6CiAgICAgbmFtZTogIldJUkVHVUFSRF9JTlZBTElEX0hBTkRTSEFLRSIKICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgIHN0YXRpY3M6CiAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgIHZhbHVlOiB3aXJlZ3VhcmRfZmFpbGVkX2F1dGgKICAgICAgIC0gbWV0YTogbG9nX3N1YnR5cGUKICAgICAgICAgdmFsdWU6IHdpcmVndWFyZF9pbnZhbGlkX2hhbmRzaGFrZQogLSBncm9rOgogICAgIG5hbWU6ICJXSVJFR1VBUkRfVU5BVVRIT1JJWkVEX1BBQ0tFVCIKICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgIHN0YXRpY3M6CiAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgIHZhbHVlOiB3aXJlZ3VhcmRfZmFpbGVkX2F1dGgKICAgICAgIC0gbWV0YTogbG9nX3N1YnR5cGUKICAgICAgICAgdmFsdWU6IHdpcmVndWFyZF91bmF1dGhvcml6ZWRfcGFja2V0CgpzdGF0aWNzOgogLSBtZXRhOiBzZXJ2aWNlCiAgIHZhbHVlOiB3aXJlZ3VhcmQKIC0gbWV0YTogc291cmNlX2lwCiAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCI=", "description": "Parses wireguard log via dyndbg", "author": "crowdsecurity", "labels": null }, "darkclip/charon-ipsec-logs": { "path": "parsers/s01-parse/darkclip/charon-ipsec-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "78622315a1cd3b5c4c8650479388ca4846daa6341134a172735044486be8072a", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBDaGFyb24gSVBzZWMgYXV0aGVudGljYXRpb24gZmFpbC4=", "content": "bmFtZTogZGFya2NsaXAvY2hhcm9uLWlwc2VjLWxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnY2hhcm9uJyIKZGVzY3JpcHRpb246IFBhcnNlIENoYXJvbiBJUHNlYyBsb2dzCm9uc3VjY2VzczogbmV4dF9zdGFnZQpwYXR0ZXJuX3N5bnRheDoKICBJUFNFQ19JRDogJzwle0RBVEF9XHwle05VTUJFUn0+Jwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtOVU1CRVI6dGhyZWFkfVxbJXtXT1JEOnN1YnN5c31cXSAle0lQU0VDX0lEOmlwc2VjX2lkfS4qdmVyaWZpY2F0aW9uLipmYWlsZWQuKicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXNoOgogICAgICAtIG5hbWU6IGNoYXJvbl9pcHNlY19sb2dzCiAgICAgICAga2V5OiBldnQuUGFyc2VkLnRocmVhZAogICAgICAgIHZhbHVlOiBldnQuUGFyc2VkLmlwc2VjX2lkCiAgICAgICAgdHRsOiA1cwogICAgICAgIHNpemU6IDEwCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7TlVNQkVSOnRocmVhZH1cWyV7V09SRDpzdWJzeXN9XF0gJXtJUFNFQ19JRDppcHNlY19pZH0uKmF1dGhlbnRpY2F0aW9uLipmYWlsZWQuKicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXNoOgogICAgICAtIG5hbWU6IGNoYXJvbl9pcHNlY19sb2dzCiAgICAgICAga2V5OiBldnQuUGFyc2VkLnRocmVhZAogICAgICAgIHZhbHVlOiBldnQuUGFyc2VkLmlwc2VjX2lkCiAgICAgICAgdHRsOiA1cwogICAgICAgIHNpemU6IDEwCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7TlVNQkVSOnRocmVhZH1cWyV7V09SRDpzdWJzeXN9XF0gJXtJUFNFQ19JRDppcHNlY19pZH0gc2VuZGluZyBwYWNrZXRcOiBmcm9tICV7SVA6dGFyZ2V0X2lwfVxbJXtOVU1CRVI6dGFyZ2V0X3BvcnR9XF0gdG8gJXtJUDpzb3VyY2VfaXB9XFsle05VTUJFUjpzb3VyY2VfcG9ydH1cXS4qJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiR2V0RnJvbVN0YXNoKCdjaGFyb25faXBzZWNfbG9ncycsIGV2dC5QYXJzZWQudGhyZWFkKSAhPSAnJyAmJiBHZXRGcm9tU3Rhc2goJ2NoYXJvbl9pcHNlY19sb2dzJywgZXZ0LlBhcnNlZC50aHJlYWQpID09IGV2dC5QYXJzZWQuaXBzZWNfaWQiCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGNoYXJvbl9pcHNlY19hdXRoX2ZhaWwKICAgICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGNoYXJvbl9pcHNlYwo=", "description": "Parse Charon IPsec logs", "author": "darkclip", "labels": null }, "firewallservices/lemonldap-ng": { "path": "parsers/s01-parse/firewallservices/lemonldap-ng.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "c83b26a572bdb7ea16dcc004729dff7977aa5293466fba834bb7e2d740526ec1", "deprecated": false } }, "long_description": "UGFyc2VzIExlbW9ubGRhcDo6TkcgbG9ncyBhbmQgZGV0ZWN0cyBmYWlsZWQgYXV0aGVudGljYXRpb24uIE9ubHkgd29ya2luZyBpZiB1c2luZyBhbiBMREFQIG9yIEFEIGF1dGhlbnRpY2F0aW9uIGJhY2tlbmQgZm9yIG5vdy4K", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIGluIFsnTExORycsJ2xlbW9ubGRhcC1uZyddIgpuYW1lOiBmaXJld2FsbC1zZXJ2aWNlcy9sZW1vbmxkYXAtbmctbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIExlbW9ubGRhcDo6TkcgbG9ncyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46IChcW3dhcm5cXXxMZW1vbmxkYXA6Ok5HIDopICV7VVNFUk5BTUU6dXNlcn0gd2FzIG5vdCBmb3VuZCBpbiBMREFQIGRpcmVjdG9yeSBcKCV7SVA6c3JjX2lwfVwpCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAoXFt3YXJuXF18TGVtb25sZGFwOjpORyA6KSBCYWQgcGFzc3dvcmQgZm9yICV7VVNFUk5BTUU6dXNlcn0gXCgle0lQOnNyY19pcH1cKQogICAgICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGxsbmcKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IGxsbmdfYXV0aF9mYWlsCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNyY19pcCIK", "description": "Parse Lemonldap::NG logs", "author": "firewallservices", "labels": null }, "firewallservices/pf-logs": { "path": "parsers/s01-parse/firewallservices/pf-logs.yaml", "stage": "s01-parse", "version": "0.5", "versions": { "0.1": { "digest": "2c0bd0180b9e018fea93d65782840ddd6927c1992072734b68cd03b9877d6529", "deprecated": false }, "0.2": { "digest": "51ce3d1dcda6976e95bffc259e7476b2d1e0dfeb3898c4575739622102780279", "deprecated": false }, "0.3": { "digest": "2dda7e888f302ec6e51158ae64f2a0f7152a474f034b0728e735ad4ec05d5894", "deprecated": false }, "0.4": { "digest": "13257da36d5003ab8f212c94fa8fc7f5249ef95341602a25d324a4a1416843e1", "deprecated": false }, "0.5": { "digest": "934d874b2811c83374a3555cbeefcb7f60d43a64e30c990f2c26c2b368d9e044", "deprecated": false } }, "long_description": "UGFyc2VzIHRoZSBwYWNrZXQgZmlsdGVyIGxvZ3Mgd2hpY2ggYXJlIGdlbmVyYXRlZCBieSBwZlNlbnNlIGFuZCBPUE5zZW5zZSBhbmQgb3RoZXIgRnJlZUJTRCBhbmQgT3BlbkJTRCBzeXN0ZW1zLgo=", "content": "IyBGb3IgbW9yZSBpbmZvcm1hdGlvbiBzZWUKIyBodHRwczovL2dpdGh1Yi5jb20vb3Buc2Vuc2UvcG9ydHMvYmxvYi9tYXN0ZXIvb3Buc2Vuc2UvZmlsdGVybG9nL2ZpbGVzL2Rlc2NyaXB0aW9uLnR4dAojIGFuZAojIGh0dHBzOi8vZG9jcy5uZXRnYXRlLmNvbS9wZnNlbnNlL2VuL2xhdGVzdC9tb25pdG9yaW5nL2xvZ3MvcmF3LWZpbHRlci1mb3JtYXQuaHRtbApmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2ZpbHRlcmxvZycgb3IgZXZ0LlBhcnNlZC5tZXNzYWdlIG1hdGNoZXMgJ15maWx0ZXJsb2c6JyIKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgcGFja2V0IGZpbHRlciBsb2dzIgpmb3JtYXQ6IDIuMApwYXR0ZXJuX3N5bnRheDoKICAjIFdPUkQgaW5jbHVkaW5nIHNwZWNpYWwgY2hhcmFjdGVycwogIFBGX1dPUkQ6ICcle1VTRVJOQU1FfScKICAKICAjIHJ1bGVuciwgc3VicnVsZW5yLCBhbmNob3JuYW1lLCBsYWJlbCB8ICIwIiwgaW50ZXJmYWNlLCByZWFzb24sIGFjdGlvbiwgZGlyCiAgUEZfQkFTRTogJyV7SU5UOnJ1bGV9LCgle0lOVDpzdWJfcnVsZX0pPywoJXtXT1JEOmFuY2hvcm5hbWV9KT8sKCV7V09SRDp0cmFja2VyfXwgMCksJXtQRl9XT1JEOmlmYWNlfSwle1dPUkQ6cmVhc29ufSwle1dPUkQ6YWN0aW9ufSwle1dPUkQ6ZGlyZWN0aW9ufScKCiAgIyB0b3MsIGVjbiwgdHRsLCBpZCwgb2Zmc2V0LCBmbGFncywgcHJvdG9udW0sIHByb3RvbmFtZSwgbGVuZ3RoLCBzcmMsIGRzdAogIFBGX0lQVjRfREFUQTogJyV7QkFTRTE2TlVNOmlwNF90b3N9LCgle0lOVDppcDRfZWNufSk/LCV7SU5UOmlwNF90dGx9LCV7SU5UOmlwNF9pZH0sJXtJTlQ6aXA0X29mZnNldH0sJXtXT1JEOmlwNF9mbGFnc30sJXtJTlQ6aXA0X3Byb3RvX2lkfSwle1dPUkQ6aXA0X3Byb3RvfScKICAjIGNsYXNzLCBmbG93LCBob3BsaW1pdCwgcHJvdG9uYW1lLCBwcm90b251bQogIFBGX0lQVjZfREFUQTogJyV7QkFTRTE2TlVNOmlwNl9jbGFzc30sJXtCQVNFMTZOVU06aXA2X2Zsb3dfbGFiZWx9LCV7SU5UOmlwNl9ob3BfbGltaXR9LCV7V09SRDppcDZfcHJvdG99LCV7SU5UOmlwNl9wcm90b19pZH0nCiAgIyBpcHZlcnNpb24sIC4uLiwgbGVuZ3RoLCBzcmMsIGRzdAogIFBGX0lQOiAnJXtJTlQ6aXBfdmVyfSwoJXtQRl9JUFY0X0RBVEF9fCV7UEZfSVBWNl9EQVRBfSksJXtJTlQ6bGVuZ3RofSwle0lQOnNyY19pcH0sJXtJUDpkc3RfaXB9JwoKICAjIHNyY3BvcnQsIGRzdHBvcnQsIGRhdGFsZW4KICBQRl9VRFBfREFUQTogJyV7UE9TSU5UOnNyY19wb3J0fSwle1BPU0lOVDpkc3RfcG9ydH0sJXtJTlQ6ZGF0YV9sZW5ndGh9JwogICMgc3JjcG9ydCwgZHN0cG9ydCwgZGF0YWxlbiwgZmxhZ3MsIHNlcSwgYWNrLCB3aW5kb3csIHVyZywgb3B0aW9ucwogIFBGX1RDUF9EQVRBOiAnJXtXT1JEOnRjcF9mbGFnc30sJXtJTlQ6c2VxdWVuY2VfbnVtYmVyfSwoPzole0lOVDphY2tfbnVtYmVyfSk/LCV7SU5UOnRjcF93aW5kb3d9LCgle0RBVEE6dXJnX2RhdGF9KT8sJXtHUkVFRFlEQVRBOnRjcF9vcHRpb25zfScKICAjIGJvdGggcHJvdG9jb2xzIHN0YXJ0IHdpdGggdGhlIHNhbWUgdGhyZWUgdmFsdWVzCiAgUEZfUFJPVE9DT0w6ICcle1BGX1VEUF9EQVRBfSgsJXtQRl9UQ1BfREFUQX0pPycKZ3JvazoKICBwYXR0ZXJuOiAiJXtQRl9CQVNFfSwle1BGX0lQfSwle1BGX1BST1RPQ09MfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBwZgotLS0KZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3BmJyBhbmQgZXZ0LlBhcnNlZC5hY3Rpb24gPT0gJ2Jsb2NrJyIKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1sb2dzLWRyb3AKZGVzY3JpcHRpb246ICJJZGVudGlmeSBkcm9wcGVkIHBhY2tldHMiCm9uc3VjY2VzczogbmV4dF9zdGFnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaXA0X3Byb3RvICE9IG5pbCA/IGV2dC5QYXJzZWQuaXA0X3Byb3RvIDogZXZ0LlBhcnNlZC5pcDZfcHJvdG8iCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHBmX2Ryb3AKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3JjX2lwIgo=", "description": "Parse packet filter logs", "author": "firewallservices", "labels": null }, "firewallservices/zimbra-logs": { "path": "parsers/s01-parse/firewallservices/zimbra-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "f01fc443e18d03cc336c4a8a6cbf7afc47e0faba7b07129f58f802415fc8a394", "deprecated": false } }, "long_description": "WmltYnJhIGZhaWxlZCBhdXRoZW50aWNhdGlvbiBwYXJzZXIuIFRvIHVzZSBpdCwgeW91IHNob3VsZCBhZGQgYW4gYWNxdWlzaXRpb24gbGlrZQpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAgLSAvb3B0L3ppbWJyYS9sb2cvbWFpbGJveC5sb2cKbGFiZWxzOgogIHR5cGU6IHppbWJyYQpgYGAKTm90ZSB0aGF0IGlmIHlvdSBydW4gWmltYnJhIG9uIHNldmVyYWwgc2VydmVycyA6Ci0gQWNxdWlzaXRpb24gc2hvdWxkIGJlIGRvbmUgb24gdGhlIG1haWxib3ggc2VydmVycwotIFlvdSBzaG91bGQgc2V0IHppbWJyYU1haWxUcnVzdGVkSVAgdG8gdGhlIGxpc3Qgb2YgSVAgb2YgeW91ciBaaW1icmEgcHJveHkgdG8gZW5zdXJlIHRoZSBvcmlnaW5hbCBjbGllbnQgSVAgd2lsbCBhcHBlYXIgaW4gdGhlIGxvZ3MuIEZvciBleGFtcGxlOgpgYGBiYXNoCnptcHJvdiBtY2YgK3ppbWJyYU1haWxUcnVzdGVkSVAgMTAuMzAuMS4xMwpgYGAK", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ3ppbWJyYSciCm9uc3VjY2VzczogbmV4dF9zdGFnZQojZGVidWc6IHRydWUKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy96aW1icmEtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHppbWJyYSBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcyIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lX2xvY2FsfTpbMC05XSssLiole1dPUkQ6cHJvdG99Oi8vJXtIT1NUTkFNRTpzZXJ2ZXJ9OiV7SU5UOnBvcnR9L3NlcnZpY2UvYWRtaW4vc29hcC8oQXV0aFJlcXVlc3QpP1xdIFxbLipvaXA9JXtJUDpzcmNfaXB9LipcXSBTb2FwRW5naW5lIC0gaGFuZGxlciBleGNlcHRpb246IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCBmb3IgXFsle05HVVNFUjp1c2VyfVxdJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZV9sb2NhbH06WzAtOV0rLC4qJXtXT1JEOnByb3RvfTovLyV7SE9TVE5BTUU6c2VydmVyfTole0lOVDpwb3J0fS9zZXJ2aWNlL2FkbWluL3NvYXAvKEF1dGhSZXF1ZXN0KT9cXSBcWy4qbmFtZT0le05HVVNFUjp1c2VyfS4qb2lwPSV7SVA6c3JjX2lwfS4qXF0gU29hcEVuZ2luZSAtIGhhbmRsZXIgZXhjZXB0aW9uJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZV9sb2NhbAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7VElNRVNUQU1QX0lTTzg2MDE6dGltZV9sb2NhbH06WzAtOV0rLC4qXFsuKm9pcD0le0lQOnNyY19pcH0uKlxdIGltYXAgLSBhdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIFxbJXtOR1VTRVI6dXNlcn1cXScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIHN0YXRpY3M6CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiB6aW1icmEKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogemltYnJhX2F1dGhfZmFpbAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VyIgo=", "description": "Parse zimbra authentication failures", "author": "firewallservices", "labels": null }, "firix/authentik-logs": { "path": "parsers/s01-parse/firix/authentik-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "b589807f2d6a21aa2dd07bf5a382f7c1d1ab18eb76108a714798258092d9e677", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQXV0aGVudGlrXShodHRwczovL2dvYXV0aGVudGlrLmlvKSBMb2dzLgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9hdXRoZW50aWsubG9nCmxhYmVsczoKICB0eXBlOiBhdXRoZW50aWsKYGBgCgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gYXV0aGVudGlrCmxhYmVsczoKICB0eXBlOiBhdXRoZW50aWsKYGBgCg==", "content": "bmFtZTogZmlyaXgvYXV0aGVudGlrLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBBdXRoZW50aWsgbG9ncyIKZmlsdGVyOiAiTG93ZXIoZXZ0LlBhcnNlZC5wcm9ncmFtKSA9PSAnYXV0aGVudGlrJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5vZGVzOgogIC0gZmlsdGVyOiAiSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnYWN0aW9uJykgPT0gJ2xvZ2luX2ZhaWxlZCciCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IGF1dGhlbnRpa19mYWlsZWRfYXV0aAogICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiY29udGV4dC51c2VybmFtZSIpCiAgLSBmaWx0ZXI6ICJKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdhY3Rpb24nKSA9PSAnaW52YWxpZF9pZGVudGlmaWVyJyIKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogYXV0aGVudGlrX2ludmFsaWRfdXNlcm5hbWUKICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImlkZW50aWZpZXIiKQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGF1dGhlbnRpawogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJjbGllbnRfaXAiKQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZXN0YW1wIikgKyAiWiIK", "description": "Parse Authentik logs", "author": "firix", "labels": null }, "fulljackz/proxmox-logs": { "path": "parsers/s01-parse/fulljackz/proxmox-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "889e85448093d9acb0a65e625eeb3e889e2bc2d7a43c3877a7f047d63f7fab28", "deprecated": false }, "0.2": { "digest": "51329df99cd69cf6cf0195157a8589adaf6928aa84bc852deeb868f30cca4932", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgoKQSBzaW1wbGUgcGFyc2VyIGZvciBQcm94bW94IFZFIFdlYiBpbnRlcmZhY2UuClByb3htb3ggVkUgaXMgbGlzdGVuaW5nIG9uIHBvcnQgODAwNi90Y3AgYW5kIHdyaXRlIHNzaCBmYWlscyBpbnRvIHN5c2xvZyAKCiMgTG9ncwoKICAtIEVycm9yCgpgYGAKSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQpKYW4gIDQgMTc6MzQ6MjIgaHlwZXJ2aXNvciBwdmVkYWVtb25bMzQ4Mzc0NF06IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IHJob3N0PTo6ZmZmZjoxNzIuMjEuMTAuMiB1c2VyPXJvb3RAcGFtIG1zZz1BdXRoZW50aWNhdGlvbiBmYWlsdXJlCmBgYAoKPiBJbiB0aGUgZmlyc3Qgc3RyaW5nLCB0aGUgdXNlciBkb2VzIG5vdCBleGlzdC4KPiBJbiB0aGUgc2Vjb25kIHVzZXIgZXhpc3RzIGJ1dCBhdXRoIGZhaWwuCgogIC0gU3VjY2VzcwoKYGBgCkphbiAgNCAxNzozNDoyNyBoeXBlcnZpc29yIHB2ZWRhZW1vblsyODkxODI1XTogPHJvb3RAcGFtPiBzdWNjZXNzZnVsIGF1dGggZm9yIHVzZXIgJ3Jvb3RAcGFtJwpgYGAKCiMgVG8gYmUgZG9uZQoKICAtID8KCiMgRXhwbGFpbiBvdXRwdXQKCiAgLSBQcm94bW94LWxvZ3MgcGFyc2VyIGlzIHVzZWQgb25seSBmb3IgYXV0aGVudGljYXRpb24gZmFpbHVyZXMuCgpgYGAKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjAxIGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM2NjMzMzldOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj10b29yQHBhbSBtc2c9bm8gc3VjaCB1c2VyICgndG9vckBwYW0nKQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA3IGh5cGVydmlzb3IgcHZlZGFlbW9uWzM0ODM3NDRdOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj1yb290QHBhbSBtc2c9QXV0aGVudGljYXRpb24gZmFpbHVyZQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjA4IGh5cGVydmlzb3IgcHZlZGFlbW9uWzI4OTE4MjVdOiA8cm9vdEBwYW0+IHN1Y2Nlc3NmdWwgYXV0aCBmb3IgdXNlciAncm9vdEBwYW0nCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5S0IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKCeKUlC0tLS0tLS0tIHBhcnNlciBmYWlsdXJlIPCflLQKCmxpbmU6IEphbiAgNCAxNzozNDowOCBoeXBlcnZpc29yIHB2ZWRhZW1vblszNjYzMzM5XTogYXV0aGVudGljYXRpb24gZmFpbHVyZTsgcmhvc3Q9OjpmZmZmOjE3Mi4yMS4xMC4yIHVzZXI9dG9vckBwYW0gbXNnPW5vIHN1Y2ggdXNlciAoJ3Rvb3JAcGFtJykKCeKUnCBzMDAtcmF3Cgl8CeKUlCDwn5+iIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MgKGZpcnN0X3BhcnNlcikKCeKUnCBzMDEtcGFyc2UKCXwJ4pSUIPCfn6IgZnVsbGphY2t6L3Byb3htb3gtbG9ncyAoKzgpCgnilJwtLS0tLS0tLSBwYXJzZXIgc3VjY2VzcyDwn5+iCgnilJwgU2NlbmFyaW9zCgkJ4pSUIPCfn6IgZnVsbGphY2t6L3Byb3htb3gtYmYKCmxpbmU6IEphbiAgNCAxNzozNDoxMSBoeXBlcnZpc29yIHB2ZWRhZW1vblsyODkxODI1XTogPHJvb3RAcGFtPiBzdWNjZXNzZnVsIGF1dGggZm9yIHVzZXIgJ3Jvb3RAcGFtJwoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+UtCBmdWxsamFja3ovcHJveG1veC1sb2dzCgnilJQtLS0tLS0tLSBwYXJzZXIgZmFpbHVyZSDwn5S0CgpsaW5lOiBKYW4gIDQgMTc6MzQ6MTIgaHlwZXJ2aXNvciBwdmVkYWVtb25bMzQ4Mzc0NF06IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IHJob3N0PTo6ZmZmZjoxNzIuMjEuMTAuMiB1c2VyPXJvb3RAcGFtIG1zZz1BdXRoZW50aWNhdGlvbiBmYWlsdXJlCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5+iIGZ1bGxqYWNrei9wcm94bW94LWxvZ3MgKCs4KQoJ4pScLS0tLS0tLS0gcGFyc2VyIHN1Y2Nlc3Mg8J+fogoJ4pScIFNjZW5hcmlvcwoJCeKUlCDwn5+iIGZ1bGxqYWNrei9wcm94bW94LWJmCgpsaW5lOiBKYW4gIDQgMTc6MzQ6MTMgaHlwZXJ2aXNvciBwdmVkYWVtb25bMjg5MTgyNV06IDxyb290QHBhbT4gc3VjY2Vzc2Z1bCBhdXRoIGZvciB1c2VyICdyb290QHBhbScKCeKUnCBzMDAtcmF3Cgl8CeKUlCDwn5+iIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MgKGZpcnN0X3BhcnNlcikKCeKUnCBzMDEtcGFyc2UKCXwJ4pSUIPCflLQgZnVsbGphY2t6L3Byb3htb3gtbG9ncwoJ4pSULS0tLS0tLS0gcGFyc2VyIGZhaWx1cmUg8J+UtAoKbGluZTogSmFuICA0IDE3OjM0OjAyIGh5cGVydmlzb3IgcHZlZGFlbW9uWzM0ODM3NDRdOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD06OmZmZmY6MTcyLjIxLjEwLjIgdXNlcj1yb290QHBhbSBtc2c9QXV0aGVudGljYXRpb24gZmFpbHVyZQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1sb2dzICgrOCkKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHJveG1veC1iZgoKbGluZTogSmFuICA0IDE3OjM0OjAzIGh5cGVydmlzb3IgcHZlZGFlbW9uWzI4OTE4MjVdOiA8cm9vdEBwYW0+IHN1Y2Nlc3NmdWwgYXV0aCBmb3IgdXNlciAncm9vdEBwYW0nCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5S0IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKCeKUlC0tLS0tLS0tIHBhcnNlciBmYWlsdXJlIPCflLQKYGBgIAo=", "content": "I2RlYnVnOiB0cnVlCm5hbWU6IGZ1bGxqYWNrei9wcm94bW94LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBwcm94bW94IGxvZ3MgZm9yIGJydXRlZm9yY2UgYXR0ZW1wdHMiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncHZlZGFlbW9uJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCnBhdHRlcm5fc3ludGF4OgogIFBWRV9BVVRIX0ZBSUw6ICdhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyByaG9zdD0le0lQOmNsaWVudF9pcH0gdXNlcj0le1VTRVJOQU1FOnNvdXJjZV91c2VyfUAle1dPUkQ6cmVhbG19IG1zZz0nCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIlBWRV9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB2ZV9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV91c2VyIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBwdmVkYWVtb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNsaWVudF9pcCIK", "description": "Parse proxmox logs for bruteforce attempts", "author": "fulljackz", "labels": null }, "fulljackz/pureftpd-logs": { "path": "parsers/s01-parse/fulljackz/pureftpd-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "db21a9c06ffb7dbcdd420b62b51e5c13333dcc48556faae3fb49c65058b16737", "deprecated": false } }, "long_description": "IyBEZXNjcmlwdGlvbgoKQSBzaW1wbGUgcGFyc2VyIGZvciBQdXJlZnRwZC4KCiMgTG9ncwoKICAtIEVycm9yCgpgYGAKSmFuICA3IDE0OjE5OjM1IGZ0cGNkciBwdXJlLWZ0cGQ6ICg/QDE3Mi4yMS4xMC4yKSBbV0FSTklOR10gQXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyIFtyb290XQpKYW4gIDcgMTQ6MTk6MzYgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtXQVJOSU5HXSBBdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgW3Jvb3RdCmBgYAoKICAtIFN1Y2Nlc3MKCmBgYApKYW4gIDcgMTQ6MjA6MDYgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtJTkZPXSB1c2VyQHRlc3QuY29tIGlzIG5vdyBsb2dnZWQgaW4KYGBgCgojIFRvIGJlIGRvbmUKCiAgLSA/CgojIEV4cGxhaW4gb3V0cHV0CgogIC0gUHVyZWZ0cGQtbG9ncyBwYXJzZXIgaXMgdXNlZCBvbmx5IGZvciBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcy4KCmBgYApsaW5lOiBKYW4gIDcgMTQ6MjA6MDEgZnRwY2RyIHB1cmUtZnRwZDogKD9AMTcyLjIxLjEwLjIpIFtXQVJOSU5HXSBBdXRoZW50aWNhdGlvbiBmYWlsZWQgZm9yIHVzZXIgW3Jvb3RdCgnilJwgczAwLXJhdwoJfAnilJQg8J+foiBjcm93ZHNlY3VyaXR5L3N5c2xvZy1sb2dzIChmaXJzdF9wYXJzZXIpCgnilJwgczAxLXBhcnNlCgl8CeKUlCDwn5+iIGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzICgrNikKCeKUnC0tLS0tLS0tIHBhcnNlciBzdWNjZXNzIPCfn6IKCeKUnCBTY2VuYXJpb3MKCQnilJQg8J+foiBmdWxsamFja3ovcHVyZWZ0cGQtYmYKCmxpbmU6IEphbiAgNyAxNDoyMDowNiBmdHBjZHIgcHVyZS1mdHBkOiAoP0AxNzIuMjEuMTAuMikgW0lORk9dIHVzZXJAdGVzdC5jb20gaXMgbm93IGxvZ2dlZCBpbgoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+UtCBmdWxsamFja3ovcHVyZWZ0cGQtbG9ncwoJ4pSULS0tLS0tLS0gcGFyc2VyIGZhaWx1cmUg8J+UtAoKbGluZTogSmFuICA3IDE0OjE5OjMxIGZ0cGNkciBwdXJlLWZ0cGQ6ICg/QDE3Mi4yMS4xMC4yKSBbV0FSTklOR10gQXV0aGVudGljYXRpb24gZmFpbGVkIGZvciB1c2VyIFtyb290XQoJ4pScIHMwMC1yYXcKCXwJ4pSUIPCfn6IgY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncyAoZmlyc3RfcGFyc2VyKQoJ4pScIHMwMS1wYXJzZQoJfAnilJQg8J+foiBmdWxsamFja3ovcHVyZWZ0cGQtbG9ncyAoKzYpCgnilJwtLS0tLS0tLSBwYXJzZXIgc3VjY2VzcyDwn5+iCgnilJwgU2NlbmFyaW9zCgkJ4pSUIPCfn6IgZnVsbGphY2t6L3B1cmVmdHBkLWJmCmBgYCAK", "content": "I2RlYnVnOiB0cnVlCm5hbWU6IGZ1bGxqYWNrei9wdXJlZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgcHVyZWZ0cGQgbG9ncyBmb3IgYnJ1dGVmb3JjZSBhdHRlbXB0cyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdwdXJlLWZ0cGQnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKcGF0dGVybl9zeW50YXg6CiAgUEZUUERfQVVUSF9GQUlMOiAnXCg/QCV7SVA6Y2xpZW50X2lwfVwpIFxbV0FSTklOR1xdIEF1dGhlbnRpY2F0aW9uIGZhaWxlZCBmb3IgdXNlciBcWyV7V09SRDp1c2VyfVxdJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJQRlRQRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHBmdHBkX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciIKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogcHVyZWZ0cGQKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNsaWVudF9pcCIK", "description": "Parse pureftpd logs for bruteforce attempts", "author": "fulljackz", "labels": null }, "gauth-fr/immich-logs": { "path": "parsers/s01-parse/gauth-fr/immich-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "5a9e8bfc8183eac0ae04713773e2fe932771a70eeebbd191b88d48abca944aad", "deprecated": false }, "0.2": { "digest": "a8e655f18af1598eee89e0bc8a417f52c6c48139c8124b4e9bdee32357faa85d", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbSW1taWNoXShodHRwczovL2dpdGh1Yi5jb20vaW1taWNoLWFwcC9pbW1pY2gpIExvZ3MuCgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2ltbWljaF9zZXJ2ZXIubG9nCmxhYmVsczoKICB0eXBlOiBpbW1pY2gKYGBgCgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0gaW1taWNoX3NlcnZlcgojY29udGFpbmVyX2lkOgojIC0gODQzZWU5MmQyMzFiCmxhYmVsczoKICB0eXBlOiBpbW1pY2gKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogZ2F1dGgtZnIvaW1taWNoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBJbW1pY2ggbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdpbW1pY2gnIgpwYXR0ZXJuX3N5bnRheDoKICBJTU1JQ0hfQ1VTVE9NREFURV9QTTogIiV7TU9OVEhOVU0yfS8le01PTlRIREFZfS8le1lFQVJ9LCAle1RJTUV9IChBTXxQTXxhbXxwbSkiCiAgSU1NSUNIX0NVU1RPTURBVEU6ICIle01PTlRITlVNMn0vJXtNT05USERBWX0vJXtZRUFSfSwgJXtUSU1FfSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiLiole0lNTUlDSF9DVVNUT01EQVRFX1BNOnRpbWVzdGFtcH0uKkZhaWxlZCBsb2dpbiBhdHRlbXB0IGZvciB1c2VyICV7RU1BSUxBRERSRVNTOnVzZXJuYW1lfSBmcm9tIGlwIGFkZHJlc3MgJXtJUDpzb3VyY2VfaXB9LioiCiAgICAgICNbTmVzdF0gNyAgLSAwOC8wMi8yMDIzLCA3OjM0OjAzIFBNICAgIFdBUk4gW0F1dGhTZXJ2aWNlXSBGYWlsZWQgbG9naW4gYXR0ZW1wdCBmb3IgdXNlciBmZHNAaGRkLmNvbSBmcm9tIGlwIGFkZHJlc3MgMTc2LjE3Mi40NC4yMTEKCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGltbWljaF9mYWlsZWRfYXV0aAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgICAgICAgdmFsdWU6ICIwMS8wMi8yMDA2LCAzOjA0OjA1IFBNIgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIi4qJXtJTU1JQ0hfQ1VTVE9NREFURTp0aW1lc3RhbXB9LipGYWlsZWQgbG9naW4gYXR0ZW1wdCBmb3IgdXNlciAle0VNQUlMQUREUkVTUzp1c2VybmFtZX0gZnJvbSBpcCBhZGRyZXNzICV7SVA6c291cmNlX2lwfS4qIgogICAgICAjW05lc3RdIDcgIC0gMDgvMDIvMjAyMywgNzozNDowMyAgICBXQVJOIFtBdXRoU2VydmljZV0gRmFpbGVkIGxvZ2luIGF0dGVtcHQgZm9yIHVzZXIgZmRzQGhkZC5jb20gZnJvbSBpcCBhZGRyZXNzIDE3Ni4xNzIuNDQuMjExCgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBpbW1pY2hfZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWVGb3JtYXQKICAgICAgICAgIHZhbHVlOiAiMDEvMDIvMjAwNiwgMTU6MDQ6MDUiCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBpbW1pY2gKICAgIC0gbWV0YTogdXNlcgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC51c2VybmFtZSIKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAo=", "description": "Parse Immich logs", "author": "gauth-fr", "labels": null }, "hitech95/nginx-mail-logs": { "path": "parsers/s01-parse/hitech95/nginx-mail-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "52e65aa1d01faed9b6c45508c1c13a75b0c7228ac734490baa43ae2d0976f392", "deprecated": false }, "0.2": { "digest": "5013628977cb53d8e5f287db60811e9b896afec12dfbe8f3e578fdb889d62e8c", "deprecated": false } }, "long_description": "IyMgTmdpbnggRW1haWwgUHJveHkgcGFyc2VyCkEgZ2VuZXJpYyBwYXJzZXIgZm9yIGBuZ3hfbWFpbF9jb3JlYCBtb2R1bGU6CiAtIERldGVjdCBuZXcgc2Vzc2lvbgogLSBEZXRlY3QgYXV0aCBmYWlsdXJlcyB3aGVuIHVzaW5nIGBuZ3hfbWFpbF9hdXRoX2h0dHBfbW9kdWxlYAoKIyMgQWNxdWlzaXRpb24gdGVtcGxhdGUKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbmdpbngvKi5sb2cKbGFiZWxzOgogIHR5cGU6IG5naW54CmBgYA==", "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGhpdGVjaDk1L25naW54LW1haWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE5naW54IE1haWwgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7TkdJTlhFUlJUSU1FOnRpbWV9IFxbJXtMT0dMRVZFTDpsb2dsZXZlbH1cXSAle05PTk5FR0lOVDpwaWR9IyV7Tk9OTkVHSU5UOnRpZH06IChcKiV7Tk9OTkVHSU5UOmNpZH0gKT9jbGllbnQgJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn06JXtQT1NJTlQ6cmVtb3RlX3BvcnR9IGNvbm5lY3RlZCB0byAle0lQT1JIT1NUOmRlc3RfaXB9OiV7UE9TSU5UOmRlc3RfcG9ydH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6ICJtYWlsX25ld19zZXNzaW9uIgogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtOR0lOWEVSUlRJTUU6dGltZX0gXFsle0xPR0xFVkVMOmxvZ2xldmVsfVxdICV7Tk9OTkVHSU5UOnBpZH0jJXtOT05ORUdJTlQ6dGlkfTogKFwqJXtOT05ORUdJTlQ6Y2lkfSApPyV7R1JFRURZREFUQTptZXNzYWdlfSwgY2xpZW50OiAle0lQT1JIT1NUOnJlbW90ZV9hZGRyfSggdXNpbmcgc3RhcnR0bHMsfCwpIHNlcnZlcjogJXtJUE9SSE9TVDpkZXN0X2lwfTole1BPU0lOVDpkZXN0X3BvcnR9KCwgbG9naW46ICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iKT8oLCB1cHN0cmVhbTogJXtJUE9SSE9TVDpwcm94eV9pcH06JXtQT1NJTlQ6cHJveHlfcG9ydH0pPycKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnY2xpZW50ICciCiAgICBzdGF0aWNzOgogICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWUKICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiAibWFpbF9hdXRoIgogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tZXNzYWdlIGNvbnRhaW5zICdsb2dnZWQgaW4nIgogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1Yl90eXBlCiAgICAgICAgICAgIHZhbHVlOiAiYXV0aF9zdWNjZXNzIgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnbG9naW4gZmFpbGVkJyIKICAgICAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgICAgIE1BSUxfSFRUUF9BVVRIOiAnY2xpZW50IGxvZ2luIGZhaWxlZDogIiV7Tk9fRE9VQkxFX1FVT1RFOmF1dGhfcmVzdWx0fSIgd2hpbGUnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle01BSUxfSFRUUF9BVVRIfScKICAgICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgICAgICAtIG1ldGE6IGF1dGhfcmVzdWx0CiAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuYXV0aF9yZXN1bHQKIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBtYWlsCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9pcCIKICAtIG1ldGE6IGRlc3RfcG9ydAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0Igo=", "description": "Parse Nginx Mail logs", "author": "hitech95", "labels": null }, "inherent-io/keycloak-logs": { "path": "parsers/s01-parse/inherent-io/keycloak-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "82a556a0a3caba20dfc0d2cf5a6b794014cf0154dae388e979a249751673a5b2", "deprecated": false } }, "long_description": "WW91ciBvbmUgZml0cy1hbGwga2V5Y2xvYWsgcGFyc2VyIHdpdGggc3VwcG9ydCBmb3IgdGhlIG1vc3QgY29tbW9uIGtpbmQgb2YgZmFpbGVkIGF1dGhlbnRpY2F0aW9ucyBhbmQgZXJyb3JzLgo=", "content": "ZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tleWNsb2FrJwpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGtleWNsb2FrIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVUSU1FOiAiWzAtOV0rLVswLTldKy1bMC05XSsgWzAtMl1bMC05XTpbMC01XVswLTldOlswLTVdWzAtOV0sWzAtOV17M30iCiAgTE9HX0xFVkVMOiAiKFdBUk58RVJST1J8SU5GTykiCgogIExPR0lOX0VSUk9SX0RBVEE6ICJyZWFsbUlkPSV7R1JFRURZREFUQTpyZWFsbUlkfSwgY2xpZW50SWQ9JXtHUkVFRFlEQVRBOmNsaWVudElkfSwgdXNlcklkPSV7R1JFRURZREFUQTp1c2VySWR9LCBpcEFkZHJlc3M9JXtHUkVFRFlEQVRBOmlwQWRkcmVzc30sIGVycm9yPSV7R1JFRURZREFUQTplcnJvcn0sIGF1dGhfbWV0aG9kPSV7R1JFRURZREFUQTphdXRoX21ldGhvZH0sIGF1dGhfdHlwZT0le0dSRUVEWURBVEE6YXV0aF90eXBlfSwgcmVkaXJlY3RfdXJpPSV7R1JFRURZREFUQTpyZWRpcmVjdF91cml9LCBjb2RlX2lkPSV7R1JFRURZREFUQTpjb2RlX2lkfSwgdXNlcm5hbWU9JXtHUkVFRFlEQVRBOnVzZXJuYW1lfSwgYXV0aFNlc3Npb25QYXJlbnRJZD0le0dSRUVEWURBVEE6YXV0aFNlc3Npb25QYXJlbnRJZH0sIGF1dGhTZXNzaW9uVGFiSWQ9JXtHUkVFRFlEQVRBOmF1dGhTZXNzaW9uVGFiSWR9IgogIExPR0lOX0VSUk9SOiAiXiV7REFURVRJTUU6ZGF0ZXRpbWV9ICV7TE9HX0xFVkVMOmxvZ19sZXZlbH0gWyBdKi4rIHR5cGVcXD1MT0dJTl9FUlJPUiwgJXtMT0dJTl9FUlJPUl9EQVRBfSQiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkxPR0lOX0VSUk9SIgogICAgICBhcHBseV9vbjogTGluZS5SYXcKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogTE9HSU5fRVJST1IKICAgICAgICAtIG1ldGE6IGVycm9yCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmVycm9yCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuaXBBZGRyZXNzCiAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRldGltZQogIC0gbWV0YTogbG9nX2xldmVsCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmxvZ19sZXZlbAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgdmFsdWU6ICIyMDA2LTAxLTAyIDE1OjA0OjA1LDk5OTk5OTk5OSIK", "description": "Parse keycloak logs", "author": "inherent-io", "labels": null }, "jbowdre/miniflux-logs": { "path": "parsers/s01-parse/jbowdre/miniflux-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "abb550ae0d333a6bf061b6aa37dcc1afe2af65c30c3e08e77394dee02b8b1b57", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbTWluaWZsdXhdKGh0dHBzOi8vZ2l0aHViLmNvbS9taW5pZmx1eC92MikgTG9ncy4KCipTZXQgYExPR19EQVRFX1RJTUU9MWAgc28gTWluaWZsdXggd2lsbCB0aW1lc3RhbXAgdGhlIGxvZ3MuKgoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIG1pbmlmbHV4CmxhYmVsczoKICB0eXBlOiBtaW5pZmx1eApgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogZmFsc2UKbmFtZTogamJvd2RyZS9taW5pZmx1eC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTWluaWZsdXggbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtaW5pZmx1eCciCgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcuKnRpbWU9JXtEQVRBOnRpbWVzdGFtcH0gLiphdXRoZW50aWNhdGlvbl9mYWlsZWQ9dHJ1ZSBjbGllbnRfaXA9JXtJUDpzb3VyY2VfaXB9IC4qdXNlcm5hbWU9JXtVU0VSTkFNRTp1c2VybmFtZX0gLiplcnJvcj0ic3RvcmU6IGludmFsaWQgcGFzc3dvcmQgZm9yIFxcIiV7VVNFUk5BTUV9XFwiLioiJwogICAgICAjIG1pbmlmbHV4ICB8IHRpbWU9MjAyNC0wMS0xMlQyMjo1NTozMC4yNjVaIGxldmVsPVdBUk4gbXNnPSJJbmNvcnJlY3QgdXNlcm5hbWUgb3IgcGFzc3dvcmQiIGF1dGhlbnRpY2F0aW9uX2ZhaWxlZD10cnVlIGNsaWVudF9pcD0xOTIuMTY4LjAuMjU0IHVzZXJfYWdlbnQ9Ik1vemlsbGEvNS4wIChYMTE7IENyT1MgeDg2XzY0IDE0NTQxLjAuMCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMS4wLjAuMCBTYWZhcmkvNTM3LjM2IiB1c2VybmFtZT11c2VyMSBlcnJvcj0ic3RvcmU6IGludmFsaWQgcGFzc3dvcmQgZm9yIFwidXNlcjFcIiAoY3J5cHRvL2JjcnlwdDogaGFzaGVkUGFzc3dvcmQgaXMgbm90IHRoZSBoYXNoIG9mIHRoZSBnaXZlbiBwYXNzd29yZCkiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG1pbmlmbHV4X2ZhaWxlZF9hdXRoCiAgICAgICAgLSBtZXRhOiBsb2dfc3VidHlwZQogICAgICAgICAgdmFsdWU6IG1pbmlmbHV4X2JhZF9wYXNzd29yZAogICAgICAgIC0gbWV0YTogZXZ0LlN0clRpbWVGb3JtYXQKICAgICAgICAgIHZhbHVlOiAiMjAwNi0wMS0wMlQxNTowNDowNS45OTlaIgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJy4qdGltZT0le0RBVEE6dGltZXN0YW1wfSAuKmF1dGhlbnRpY2F0aW9uX2ZhaWxlZD10cnVlIGNsaWVudF9pcD0le0lQOnNvdXJjZV9pcH0gLip1c2VybmFtZT0le1VTRVJOQU1FOnVzZXJuYW1lfSAuKmVycm9yPSJzdG9yZTogdW5hYmxlIHRvIGZpbmQgdGhpcyB1c2VyOiAle1VTRVJOQU1FfSInCiAgICAgICMgbWluaWZsdXggIHwgdGltZT0yMDI0LTAxLTEyVDIyOjU0OjU2LjMwN1ogbGV2ZWw9V0FSTiBtc2c9IkluY29ycmVjdCB1c2VybmFtZSBvciBwYXNzd29yZCIgYXV0aGVudGljYXRpb25fZmFpbGVkPXRydWUgY2xpZW50X2lwPTE5Mi4xNjguMC4yNTQgdXNlcl9hZ2VudD0iTW96aWxsYS81LjAgKFgxMTsgQ3JPUyB4ODZfNjQgMTQ1NDEuMC4wKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIxLjAuMC4wIFNhZmFyaS81MzcuMzYiIHVzZXJuYW1lPWhhY2tlcjEgZXJyb3I9InN0b3JlOiB1bmFibGUgdG8gZmluZCB0aGlzIHVzZXI6IGhhY2tlcjEiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IG1pbmlmbHV4X2ZhaWxlZF9hdXRoCiAgICAgICAgLSBtZXRhOiBsb2dfc3VidHlwZQogICAgICAgICAgdmFsdWU6IG1pbmlmbHV4X2JhZF91c2VyCiAgICAgICAgLSBtZXRhOiBldnQuU3RyVGltZUZvcm1hdAogICAgICAgICAgdmFsdWU6ICIyMDA2LTAxLTAyVDE1OjA0OjA1Ljk5OVoiCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBtaW5pZmx1eAogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKCg==", "description": "Parse Miniflux logs", "author": "jbowdre", "labels": null }, "jusabatier/apereo-cas-audit-logs": { "path": "parsers/s01-parse/jusabatier/apereo-cas-audit-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "af0a0f7f973f2e7234b8b1866c3f4182e0b8945eedcf2dee2d0556a5aab87b6c", "deprecated": false }, "0.2": { "digest": "a8c04c2fd8c3c0980a0aec849bcc044c1140ca971a03cf606742228a584a49fa", "deprecated": false } }, "long_description": "VXNlIEFwZXJlbyBDQVMgYXVkaXQgbG9ncyA6IGh0dHBzOi8vYXBlcmVvLmdpdGh1Yi5pby9jYXMvNi40LngvYXVkaXRzL0F1ZGl0cy1GaWxlLmh0bWwKCk5lZWQgdG8gOiAKKiBhdGl2YXRlIGBjYXMuYXVkaXQuc2xmNGoudXNlLXNpbmdsZS1saW5lPXRydWVgIGluIENBUyBjb25maWd1cmF0aW9uCiogYWRkIGNhc19hdWRpdC5sb2cgZ2VuZXJhdGVkIGZpbGUgdG8gQ3Jvd2RTZWMgYWNxdWlzaXRpb25zCgpTYW1wbGUgbG9nNGogY29uZmlnIDogCgpgYGB4bWwKWy4uLl0KICAgICAgICA8Um9sbGluZ0ZpbGUgbmFtZT0iYXVkaXRsb2dmaWxlIiBmaWxlTmFtZT0iJHtiYXNlRGlyfS9jYXNfYXVkaXQubG9nIiBhcHBlbmQ9InRydWUiCiAgICAgICAgICAgICAgICAgICAgIGZpbGVQYXR0ZXJuPSIke2Jhc2VEaXJ9L2Nhc19hdWRpdC0lZHt5eXl5LU1NLWRkLUhIfS0laS5sb2ciPgogICAgICAgICAgICA8UGF0dGVybkxheW91dCBwYXR0ZXJuPSIlZCAlcCBbJWNdIC0gJW0lbiIvPgogICAgICAgICAgICA8UG9saWNpZXM+CiAgICAgICAgICAgICAgICA8T25TdGFydHVwVHJpZ2dlcmluZ1BvbGljeSAvPgogICAgICAgICAgICAgICAgPFNpemVCYXNlZFRyaWdnZXJpbmdQb2xpY3kgc2l6ZT0iMTAgTUIiLz4KICAgICAgICAgICAgICAgIDxUaW1lQmFzZWRUcmlnZ2VyaW5nUG9saWN5IC8+CiAgICAgICAgICAgIDwvUG9saWNpZXM+CiAgICAgICAgPC9Sb2xsaW5nRmlsZT4KCiAgICAgICAgPENhc0FwcGVuZGVyIG5hbWU9ImNhc0F1ZGl0Ij4KICAgICAgICAgICAgPEFwcGVuZGVyUmVmIHJlZj0iYXVkaXRsb2dmaWxlIiAvPgogICAgICAgIDwvQ2FzQXBwZW5kZXI+ClsuLi5dCiAgICAgICAgPEFzeW5jTG9nZ2VyIG5hbWU9Im9yZy5hcGVyZW8uaW5zcGVrdHIuYXVkaXQuc3VwcG9ydCIgbGV2ZWw9ImluZm8iIGluY2x1ZGVMb2NhdGlvbj0idHJ1ZSIgPgogICAgICAgICAgICA8QXBwZW5kZXJSZWYgcmVmPSJjYXNBdWRpdCIvPgogICAgICAgIDwvQXN5bmNMb2dnZXI+ClsuLi5dCmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2NhcyciCm5hbWU6IGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1hdWRpdC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgYXBlcmVvIENBUyBBdWRpdHMgbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU0VDT05EX1dPUktBUk9VTkQ6ICcoPzpbMC01XT9bMC05XXw2MCk/JwogIFRJTUVTVEFNUF9XT1JLQVJPVU5EOiAnJXtZRUFSfS0le01PTlRITlVNfS0le01PTlRIREFZfVtUIF0le0hPVVJ9Oj8le01JTlVURX0oPzo6PyV7U0VDT05EX1dPUktBUk9VTkR9KT8le0lTTzg2MDFfVElNRVpPTkV9PycKICBDQVNfQVVUSF9GQUlMOiAnXiV7VElNRVNUQU1QX1dPUktBUk9VTkQ6dGltZX0oPzosXGQrKT8gJXtMT0dMRVZFTDpsb2dsZXZlbH0gXFsle0RBVEE6dGhyZWFkbmFtZX1cXSAtICguKilcfENBU1x8KC4qKVx8QVVUSEVOVElDQVRJT05fRkFJTEVEXHwle1VTRVJOQU1FOmNhc19pbnZhbGlkX3VzZXJ9XHwle0lQX1dPUktBUk9VTkQ6Y2FzX2NsaWVudF9pcH1cfCguKikkJwpub2RlczoKICAtIGdyb2s6IAogICAgICBuYW1lOiAiQ0FTX0FVVEhfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogY2FzX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuY2FzX2ludmFsaWRfdXNlciIKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZQpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBjYXMKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmNhc19jbGllbnRfaXAiCg==", "description": "Parse apereo CAS Audits logs", "author": "jusabatier", "labels": null }, "lourys/pterodactyl-wings-logs": { "path": "parsers/s01-parse/lourys/pterodactyl-wings-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "cf8d159aaa3091b95c9bfe97ef942a2742c65b303c101c2822d5bcfefabda19b", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBwdGVyb2RhY3R5bCB3aW5ncyBsb2dzIChwYXJzZSBvbmx5IGZhaWxlZCBhdXRoZW50aWNhdGlvbiBsb2dzIGZvciB0aGUgbW9tZW50KS4=", "content": "bmFtZTogbG91cnlzL3B0ZXJvZGFjdHlsLXdpbmdzLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBQdGVyb2RhY3R5bCB3aW5ncyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3B0ZXJvZGFjdHlsJyIKZGVidWc6IGZhbHNlCm9uc3VjY2VzczogbmV4dF9zdGFnZQpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeV0FSTjogXFsle0RBVEE6dGltZX1cXSBmYWlsZWQgdG8gdmFsaWRhdGUgdXNlciBjcmVkZW50aWFscyBcKGludmFsaWQgZm9ybWF0XCkgaXA9JXtJUE9SSE9TVDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSBzdWJzeXN0ZW09c2Z0cCB1c2VybmFtZT0le1VTRVJOQU1FOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB0ZXJvZGFjdGx5X3dpbmdzX2ludmFsaWRfZm9ybWF0CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXldBUk46IFxbJXtEQVRBOnRpbWV9XF0gZmFpbGVkIHRvIHZhbGlkYXRlIHVzZXIgY3JlZGVudGlhbHMgXChpbnZhbGlkIHVzZXJuYW1lIG9yIHBhc3N3b3JkXCkgaXA9JXtJUE9SSE9TVDpzb3VyY2VfaXB9OiV7TlVNQkVSOnNvdXJjZV9wb3J0fSBzdWJzeXN0ZW09c2Z0cCB1c2VybmFtZT0le1VTRVJOQU1FOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHB0ZXJvZGFjdGx5X3dpbmdzX2ludmFsaWRfdXNlcm5hbWVfb3JfcGFzc3dvcmQKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogcHRlcm9kYWN0eWwKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWU=", "description": "Parse Pterodactyl wings logs", "author": "lourys", "labels": null }, "mstilkerich/bind9-logs": { "path": "parsers/s01-parse/mstilkerich/bind9-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "dac58be63dd386df2c4e46b20ded0b98e66195a102c63d6a7e6cbcb2bfef276c", "deprecated": false }, "0.2": { "digest": "34dd8aa4788b9a05bfeb42ba70c279e042bb4b63fd8184e05081bc2adb818bff", "deprecated": false } }, "long_description": "VGhpcyBiaW5kOSBwYXJzZXIgc3VwcG9ydHMgbG9ncyBpbiBzZXBhcmF0ZSBiaW5kOSBsb2cgZmlsZXMgYXMgd2VsbCBhcyBzeXNsb2cKZW50cmllcy4gV2hlbiBsb2dnaW5nIHRvIHNlcGFyYXRlIGJpbmQ5IGxvZyBmaWxlcyBkaXJlY3RseSB3aXRoIGJpbmQ5LCB0aGUKYHByaW50LXRpbWVgIHNldHRpbmcgc2hvdWxkIGJlIGVuYWJsZWQsIG90aGVyd2lzZSBubyB0aW1lc3RhbXAgd2lsbCBiZQphdmFpbGFibGUuCgpUaGlzIHBhcnNlciBjdXJyZW50bHkgZGV0ZWN0cyB0aGUgZm9sbG93aW5nIHNlY3VyaXR5IGV2ZW50cyBvZiBiaW5kOToKIC0gWm9uZSB0cmFuc2ZlciByZXF1ZXN0IGRlbmllZCBieSBzZWN1cml0eSBwb2xpY3kKIC0gUXVlcmllcyBkZW5pZWQgYnkgc2VjdXJpdHkgcG9saWN5CgpUbyBjb25maWd1cmUgZGF0YSBhY3F1aXNpdGlvbiBmcm9tIGEgYmluZDkgbG9nIGZpbGUsIHNldCB0aGUgYHR5cGVgIHRvIGBuYW1lZGA6CmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL25hbWVkL3NlY3VyaXR5LmxvZwpsYWJlbHM6CiAgdHlwZTogbmFtZWQKYGBgCgpJbnNwaXJlZCBieSBmYWlsMmJhbiBuYW1lZC1yZWZ1c2VkLgo=", "content": "LS0tCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ05BTUVEJyIKI2RlYnVnOiB0cnVlCm9uc3VjY2VzczogbmV4dF9zdGFnZQpwYXR0ZXJuX3N5bnRheDoKICBCSU5EOV9USU1FU1RBTVBfREFURTogJyV7TU9OVEhEQVk6dHNfZH0tJXtNT05USDp0c19tfS0le1lFQVI6dHNfeX0nCiAgQklORDlfVElNRVNUQU1QX1RJTUVNUzogJ1xkezN9JwogIEJJTkQ5X1RJTUVTVEFNUF9USU1FOiAnJXtUSU1FOnRzX3R9XC4le0JJTkQ5X1RJTUVTVEFNUF9USU1FTVM6dHNfbXN9JwogIEJJTkQ5X1RJTUVTVEFNUDogJyV7QklORDlfVElNRVNUQU1QX0RBVEV9ICV7QklORDlfVElNRVNUQU1QX1RJTUV9JwogICMgY2F0ZWdvcmllczogc2VjdXJpdHksIGNsaWVudCwgdXBkYXRlLXNlY3VyaXR5LCBldGMuCiAgQklORDlfQ0FURUdPUlk6ICdbYS16XSsnCiAgQklORDlfU0VWRVJJVFk6ICdbYS16XSsnCiAgQklORDlfUFJFRklYOiAnXigle0JJTkQ5X1RJTUVTVEFNUDp0aW1lc3RhbXB9ICk/KCV7QklORDlfQ0FURUdPUll9OiApPygle0JJTkQ5X1NFVkVSSVRZfTogKT9jbGllbnQgQDB4WzAtOWEtZkEtRl0rICV7SVA6cmVtb3RlX2FkZHJ9IyV7UE9TSU5UOnJlbW90ZV9wb3J0fS4qOiAnCm5hbWU6IG1zdGlsa2VyaWNoL2JpbmQ5CmRlc2NyaXB0aW9uOiAiUGFyc2UgYmluZDkgbG9ncyIKbm9kZXM6CiAgIyBXaGVuIG11bHRpcGxlIGdyb2sgcGF0dGVybnMgYXJlIHNwZWNpZmllZCwgb25seSB0aGUgZmlyc3QgbWF0Y2hpbmcgb25lIGlzIGFwcGxpZWQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtCSU5EOV9QUkVGSVh9em9uZSB0cmFuc2ZlciAuKiAoPzpkZW5pZWR8XChOT1RBVVRIXCkpXHMqJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtCSU5EOV9QUkVGSVh9YmFkIHpvbmUgdHJhbnNmZXIgcmVxdWVzdDogJydcUysvSU4nJzogbm9uLWF1dGhvcml0YXRpdmUgem9uZSAoPzpkZW5pZWR8XChOT1RBVVRIXCkpXHMqJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtCSU5EOV9QUkVGSVh9KD86dmlldyAoPzppbnRlcm5hbHxleHRlcm5hbCk6ICk/cXVlcnkoPzogXChjYWNoZVwpKT8gLiogKD86ZGVuaWVkfFwoTk9UQVVUSFwpKVxzKiQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogYmluZDkKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogYmluZDlfZGVuaWVkCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZSAgIyBjb252ZXJ0IHRpbWUgZm9ybWF0IGZvciBkYXRlcGFyc2UtZW5yaWNoCiAgICBleHByZXNzaW9uOiAiCiAgICAgIHtKYW46JzAxJyxGZWI6JzAyJyxNYXI6JzAzJyxBcHI6JzA0JyxNYXk6JzA1JyxKdW46JzA2JyxKdWw6JzA3JyxBdWc6JzA4JyxTZXA6JzA5JyxPY3Q6JzEwJyxOb3Y6JzExJyxEZWM6JzEyJ31bZXZ0LlBhcnNlZC50c19tXQogICAgICArICcvJyArIGV2dC5QYXJzZWQudHNfZAogICAgICArICcvJyArIGV2dC5QYXJzZWQudHNfeQogICAgICArICcgJyArIGV2dC5QYXJzZWQudHNfdCIK", "description": "Parse bind9 logs", "author": "mstilkerich", "labels": null }, "mwinters-stuff/mailu-admin-logs": { "path": "parsers/s01-parse/mwinters-stuff/mailu-admin-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "b69404738235f2b972d94bcf089a4f2473c56da39c62a6c16b372e4908dbed32", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciB0aGUgbWFpbHUgYWRtaW4gY29udGFpbmVycyBsb2dzIHRvIGdldCByYXRlIGxpbWl0ZWQgYXV0aGVudGljYXRpb24gYXR0ZW1wdHMu", "content": "IyBkZWJ1ZzogdHJ1ZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogbXdpbnRlcnMtc3R1ZmYvbWFpbHUtYWRtaW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1haWx1LWFkbWluIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbWFpbHUtYWRtaW4nIgpncm9rOgogIHBhdHRlcm46ICAiXFxbJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXA4NjAxfSwuKlxcXSBXQVJOSU5HIGluIGxpbWl0ZXI6IEF1dGhlbnRpY2F0aW9uIGF0dGVtcHQgZnJvbSAle0lQOnNvdXJjZV9pcH0gaGFzIGJlZW4gcmF0ZS1saW1pdGVkLiIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBtYWlsdV9hZG1pbl9hdXRoX2F0dGVtcHQKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBtYWlsdS1hZG1pbgogIC0gbWV0YTogc291cmNlX2lwIAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZXN0YW1wODYwMSIK", "description": "Parse mailu-admin logs", "author": "mwinters-stuff", "labels": null }, "openappsec/openappsec-logs": { "path": "parsers/s01-parse/openappsec/openappsec-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "9d3a2398563eddd828a5503aebdcfaf12d895f65fe2f6d75b121d9f87fd52f1f", "deprecated": false } }, "long_description": "QSBwYXJzZXIgZm9yIFtvcGVuLWFwcHNlY10oaHR0cHM6Ly93d3cub3BlbmFwcHNlYy5pby8pIHdhZiBsb2dzLiBJdCBzdXBwb3J0cyBsb2dzIGZyb20gdGhlIHByZXZlbnRpb24gYWN0aW9uLg==", "content": "bmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBvcGVuYXBwc2VjIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnb3BlbmFwcHNlYycgJiYgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRBdWRpZW5jZScpID09ICdTZWN1cml0eScgJiYgTG93ZXIoSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnZXZlbnRTZXZlcml0eScpKSBpbiBbJ2NyaXRpY2FsJywgJ2hpZ2gnXSAmJiBMb3dlcihKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdldmVudERhdGEucHJhY3RpY2VTdWJUeXBlJykpIGluIFsnd2ViIGFwcGxpY2F0aW9uJywnd2ViIGFwaSddIiAgCmRlYnVnOiBmYWxzZQpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvcGVuYXBwc2VjCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG9wZW5hcHBzZWNfc2VjdXJpdHlfbG9nCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICB2YWx1ZTogIjIwMDYtMDEtMDJUMTU6MDQ6MDUiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFRpbWUiKQogIC0gbWV0YTogZXZlbnRfbmFtZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnROYW1lIikKICAtIG1ldGE6IGV2ZW50X3NldmVyaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFNldmVyaXR5IikKICAtIG1ldGE6IGV2ZW50X3ByaW9yaXR5CiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudFByaW9yaXR5IikKICAtIG1ldGE6IGV2ZW50X2F1ZGllbmNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudEF1ZGllbmNlIikKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiZXZlbnREYXRhLnNvdXJjZUlQIikKICAtIG1ldGE6IGV2ZW50X2NvbmZpZGVuY2UKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5ldmVudENvbmZpZGVuY2UiKQogIC0gbWV0YTogc2VjdXJpdHlfYWN0aW9uCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEuc2VjdXJpdHlBY3Rpb24iKQogIC0gbWV0YTogc291cmNlX2lkZW50aWZpZXIKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5odHRwU291cmNlSWQiKQogIC0gbWV0YTogbWF0Y2hlZF9zYW1wbGUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS5tYXRjaGVkU2FtcGxlIikKICAtIG1ldGE6IG1hdGNoZWRfcGFyYW1ldGVyCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEubWF0Y2hlZFBhcmFtZXRlciIpCiAgLSBtZXRhOiBtYXRjaGVkX2xvY2F0aW9uCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJldmVudERhdGEubWF0Y2hlZExvY2F0aW9uIikKICAtIG1ldGE6IGluY2lkZW50X3R5cGUKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImV2ZW50RGF0YS53YWFwSW5jaWRlbnRUeXBlIik=", "description": "Parse openappsec logs", "author": "openappsec", "labels": null }, "schiz0phr3ne/prowlarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/prowlarr-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "d061ec42abfa9633d082cd0a6a08ceef88b2cc623f316209b96de202d7cc9f3f", "deprecated": false }, "0.2": { "digest": "1241ce93797a175bb42dcd08f1b01e3fe68342f25a9f7ba769f0cf4c223ec6ae", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUHJvd2xhcnJdKGh0dHBzOi8vZ2l0aHViLmNvbS9Qcm93bGFyci9Qcm93bGFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCi0tLQpzb3VyY2U6IGZpbGUKZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9wcm93bGFyci50eHQKbGFiZWxzOgogIHR5cGU6IFByb3dsYXJyCmBgYAo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnUHJvd2xhcnInIgpuYW1lOiBzY2hpejBwaHIzbmUvcHJvd2xhcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFByb3dsYXJyIExvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbV2FyblxdIEF1dGg6IEF1dGgtRmFpbHVyZSBpcCAle0lQOnNvdXJjZV9pcH0gdXNlcm5hbWUgJXtEQVRBOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXHwle1dPUkQ6bG9nX2xldmVsfVxcfEF1dGhcXHxBdXRoLUZhaWx1cmUgaXAgJXtJUE9SSE9TVDpzb3VyY2VfaXB9IHVzZXJuYW1lICcle05PVERRVU9URTp1c2VybmFtZX0nIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gdGFyZ2V0OiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZSIKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogcHJvd2xhcnJfZmFpbGVkX2F1dGhlbnRpY2F0aW9uCiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHByb3dsYXJyCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGltZXN0YW1wIgogICAgLSBtZXRhOiB1c2VybmFtZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCg==", "description": "Parse Prowlarr Logs", "author": "schiz0phr3ne", "labels": null }, "schiz0phr3ne/radarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/radarr-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "0d9d4cb7e4a592ec3e56e89cb7fe97b22390d011c4b86ac85affd2db491049b0", "deprecated": false }, "0.2": { "digest": "4bf7eb011ade9f74946a10dd8faeb8b78b96af92908fe2d6922f58f8a465991f", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbUmFkYXJyXShodHRwczovL2dpdGh1Yi5jb20vUmFkYXJyL1JhZGFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCi0tLQpzb3VyY2U6IGZpbGUKZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9yYWRhcnIudHh0CmxhYmVsczoKICB0eXBlOiBSYWRhcnIKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnUmFkYXJyJyIKbmFtZTogc2NoaXowcGhyM25lL3JhZGFyci1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgUmFkYXJyIExvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbV2FyblxdIEF1dGg6IEF1dGgtRmFpbHVyZSBpcCAle0lQOnNvdXJjZV9pcH0gdXNlcm5hbWUgJXtEQVRBOnVzZXJuYW1lfSQnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICIle0RBVEVfWU1EOmRhdGV9ICV7VElNRTp0aW1lfVxcfCV7V09SRDpsb2dfbGV2ZWx9XFx8QXV0aFxcfEF1dGgtRmFpbHVyZSBpcCAle0lQT1JIT1NUOnNvdXJjZV9pcH0gdXNlcm5hbWUgJyV7Tk9URFFVT1RFOnVzZXJuYW1lfSciCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kYXRlICsgJyAnICsgZXZ0LlBhcnNlZC50aW1lIgogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiByYWRhcnIKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHJhZGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24K", "description": "Parse Radarr Logs", "author": "schiz0phr3ne", "labels": null }, "schiz0phr3ne/sonarr-logs": { "path": "parsers/s01-parse/schiz0phr3ne/sonarr-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "457e4e03b538b3f3a5ca4aadb3d26c695a6857c7ddbdae5d31dea87c164bdc67", "deprecated": false }, "0.2": { "digest": "0ad020fa5caa6d7601fc2ceb54d68cc6d3caa31fdfab18158579c0da7a46a1ee", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbU29uYXJyXShodHRwczovL2dpdGh1Yi5jb20vU29uYXJyL1NvbmFycikgTG9ncy4KCmBgYHlhbWwKLS0tCnNvdXJjZTogZmlsZQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3N5c2xvZwpsYWJlbHM6CiAgdHlwZTogc3lzbG9nCi0tLQpzb3VyY2U6IGZpbGUKZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9zb25hcnIudHh0CmxhYmVsczoKICB0eXBlOiBTb25hcnIKYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBpbiBbJ21vbm8nLCAnU29uYXJyJ10iCm5hbWU6IHNjaGl6MHBocjNuZS9zb25hcnItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIFNvbmFyciBMb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBEQVRFX1lNRDogIiV7WUVBUjp5ZWFyfS0le01PTlRITlVNOm1vbnRofS0le01PTlRIREFZOmRheX0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cW1dhcm5cXSBBdXRoOiBBdXRoLUZhaWx1cmUgaXAgJXtJUDpzb3VyY2VfaXB9IHVzZXJuYW1lICV7REFUQTp1c2VybmFtZX0kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9XFx8JXtXT1JEOmxvZ19sZXZlbH1cXHxBdXRoXFx8QXV0aC1GYWlsdXJlIGlwICV7SVBPUkhPU1Q6c291cmNlX2lwfSB1c2VybmFtZSAnJXtOT1REUVVPVEU6dXNlcm5hbWV9JyIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUiCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKCnN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBzb25hcnJfZmFpbGVkX2F1dGhlbnRpY2F0aW9uCiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNvbmFycgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRpbWVzdGFtcCIKICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQo=", "description": "Parse Sonarr Logs", "author": "schiz0phr3ne", "labels": null }, "thespad/sshesame-logs": { "path": "parsers/s01-parse/thespad/sshesame-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "7c778f2e6a003de5859de6bbbc91d549c7225c7e4b0b8c229f4e2ce7fecf088a", "deprecated": false }, "0.2": { "digest": "4e0cb478023fc6bed1f04be0d8615f98446c1bb8f16680113af661f1d13ac953", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBwYXJzZXIKCkEgcGFyc2VyIGZvciBbc3NoZXNhbWVdKGh0dHBzOi8vZ2l0aHViLmNvbS9qYWtzaS9zc2hlc2FtZS8pIGhvbmV5cG90IGxvZ3MuCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvc3NoZXNhbWUubG9nCmxhYmVsczoKICB0eXBlOiBzc2hlc2FtZQpgYGAK", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3NoZXNhbWUnIgpuYW1lOiB0aGVzcGFkL3NzaGVzYW1lLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBzc2hlc2FtZSBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBTU0hFU0FNRV9USU1FU1RBTVA6ICcle0RBVEVfWH0gJXtUSU1FfScKICBTU0hFU0FNRV9MT0dJTl9QQVNTV0Q6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIGF1dGhlbnRpY2F0aW9uIGZvciB1c2VyICIle1VTRVJOQU1FOnNzaGVzYW1lX3VzZXJ9IiB3aXRoIHBhc3N3b3JkICIle0dSRUVEWURBVEE6c3NoZXNhbWVfcGFzc3dvcmR9IiBhY2NlcHRlZCcKICBTU0hFU0FNRV9MT0dJTl9QVUJLRVk6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIGF1dGhlbnRpY2F0aW9uIGZvciB1c2VyICIle1VTRVJOQU1FOnNzaGVzYW1lX3VzZXJ9IiB3aXRoIHB1YmxpYyBrZXkgIiV7R1JFRURZREFUQTpzc2hlc2FtZV9wdWJrZXl9IiBhY2NlcHRlZCcKICBTU0hFU0FNRV9DTUQ6ICcle1NTSEVTQU1FX1RJTUVTVEFNUDp0aW1lc3RhbXB9IFxbJXtJUDpzb3VyY2VfaXB9OlxkK1xdIFxbY2hhbm5lbCBcZCtcXSBjb21tYW5kICIle0dSRUVEWURBVEE6c3NoZXNhbWVfY21kfSIgcmVxdWVzdGVkJwogIFNTSEVTQU1FX0lOUFVUOiAnJXtTU0hFU0FNRV9USU1FU1RBTVA6dGltZXN0YW1wfSBcWyV7SVA6c291cmNlX2lwfTpcZCtcXSBcW2NoYW5uZWwgXGQrXF0gaW5wdXQ6ICIle0dSRUVEWURBVEE6c3NoZXNhbWVfaW5wdXR9IicKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfTE9HSU5fUEFTU1dEIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9sb2dpbgogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfTE9HSU5fUFVCS0VZIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9sb2dpbgogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRVNBTUVfQ01EIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hlc2FtZV9jbWQKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hFU0FNRV9JTlBVVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoZXNhbWVfaW5wdXQKc3RhdGljczoKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaGVzYW1lCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGVzYW1lX3VzZXIiCiAgICAtIG1ldGE6IGNvbW1hbmQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZXNhbWVfY21kIgogICAgLSBtZXRhOiBpbnB1dAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hlc2FtZV9pbnB1dCIK", "description": "Parse sshesame logs", "author": "thespad", "labels": null }, "timokoessler/gitlab-logs": { "path": "parsers/s01-parse/timokoessler/gitlab-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "14e3359355433275065f1451beb547ed3b282292af41b02c3121a71395138ac2", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbR2l0TGFiXShodHRwczovL2Fib3V0LmdpdGxhYi5jb20pIExvZ3MuIFRlc3RlZCB3aXRoIHRoZSBPbW5pYnVzIHBhY2thZ2UgdjE0IGFuZCB2MTUuCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2dpdGxhYi9naXRsYWItcmFpbHMvcHJvZHVjdGlvbl9qc29uLmxvZwpsYWJlbHM6CiAgdHlwZTogZ2l0bGFiCmBgYAoKb3IgZm9yIERvY2tlcjoKYGBgeWFtbAotLS0Kc291cmNlOiBkb2NrZXIKY29udGFpbmVyX25hbWU6CiAtIG15X2NvbnRhaW5lcl9uYW1lCmxhYmVsczoKICB0eXBlOiBnaXRsYWIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGdpdGxhYiBpbnN0YWxsYXRpb24gbWV0aG9kLCBwYXRocyB0byBsb2cgZmlsZXMgbWlnaHQgY2hhbmdlLg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ0dJVExBQiciCm5hbWU6IHRpbW9rb2Vzc2xlci9naXRsYWItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEdpdExhYiBMb2dzIgpub2RlczoKICAtIGZpbHRlcjogfAogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1ldGhvZCIpID09ICdQT1NUJyAmJgogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInBhdGgiKSBpbiBbJy91c2Vycy9zaWduX2luJywgJy91c2Vycy9hdXRoL2xkYXBtYWluL2NhbGxiYWNrJ10gJiYKICAgICBhbnkoSnNvbkV4dHJhY3RTbGljZShldnQuUGFyc2VkLm1lc3NhZ2UsICJwYXJhbXMiKSwgey5rZXkgPT0gJ3VzZXInICYmIC52YWx1ZS5sb2dpbiAhPSAnJ30pICYmCiAgICAgKEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgJ3N0YXR1cycpID09ICcwJyB8fCBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdhY3Rpb24nKSA9PSAnZmFpbHVyZScpCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6ICJnaXRsYWJfZmFpbGVkX3Bhc3N3b3JkIgogICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgZXhwcmVzc2lvbjogZmlsdGVyKEpzb25FeHRyYWN0U2xpY2UoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicGFyYW1zIiksIHsua2V5ID09ICd1c2VyJyAmJiAudmFsdWUubG9naW4gIT0gJyd9KVswXVsndmFsdWUnXVsnbG9naW4nXQogIC0gZmlsdGVyOiB8CiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAibWV0aG9kIikgPT0gJ1BPU1QnICYmCiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAicGF0aCIpID09ICcvdXNlcnMvc2lnbl9pbicgJiYKICAgICBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICdwYXJhbXMnKSBjb250YWlucyAnb3RwX2F0dGVtcHQnICYmCiAgICAgSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAnc3RhdHVzJykgIT0gJzMwMicKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogImdpdGxhYl9mYWlsZWRfdG90cCIKCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogZ2l0bGFiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgInJlbW90ZV9pcCIpCiAgLSBwYXJzZWQ6IHRpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidGltZSIpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAi", "description": "Parse GitLab Logs", "author": "timokoessler", "labels": null }, "timokoessler/mongodb-logs": { "path": "parsers/s01-parse/timokoessler/mongodb-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "1e2e1a5beb799d0d533cfc5fc3a490c1860c55d518c3a3edb77f3c47ebc4c55b", "deprecated": false } }, "long_description": "VGhpcyBpcyBhIHBhcnNlciBmb3IgW01vbmdvREJdKGh0dHBzOi8vd3d3Lm1vbmdvZGIuY29tLykgbG9ncy4gTW9uZ29EQiB2ZXJzaW9uIDQuNCBvciBoaWdoZXIgaXMgcmVxdWlyZWQuCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBhIGRvY2tlciBjb250YWluZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogbW9uZ29kYgpgYGAKCm9yIGZvciBhIGxvZyBmaWxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL21vbmdvZGIvbW9uZ29kYi5sb2cKbGFiZWxzOgogIHR5cGU6IG1vbmdvZGIKYGBgCkRlcGVuZGluZyBvbiB5b3VyIGluc3RhbGxhdGlvbiBtZXRob2QsIHBhdGhzIHRvIGxvZyBmaWxlcyBtaWdodCBjaGFuZ2Uu", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ01PTkdPREInIgpuYW1lOiB0aW1va29lc3NsZXIvbW9uZ29kYi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgTW9uZ29EQiBsb2dzIgpub2RlczoKICAtIGZpbHRlcjogfAogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgImMiKSA9PSAnQUNDRVNTJyAmJgogICAgIEpzb25FeHRyYWN0KGV2dC5QYXJzZWQubWVzc2FnZSwgIm1zZyIpID09ICdBdXRoZW50aWNhdGlvbiBmYWlsZWQnCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6ICJtb25nb2RiX2ZhaWxlZF9hdXRoIgogICAgZ3JvazoKICAgICAgcGF0dGVybjogJyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9JwogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhdHRyLnJlbW90ZSIpCgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IG1vbmdvZGIKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBwYXJzZWQ6IHRpbWVzdGFtcAogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAidC4kZGF0ZSIpCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgLSBtZXRhOiB1c2VybmFtZQogICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAiYXR0ci5wcmluY2lwYWxOYW1lIikKICAtIG1ldGE6IGF1dGhlbnRpY2F0aW9uX2RhdGFiYXNlCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJhdHRyLmF1dGhlbnRpY2F0aW9uRGF0YWJhc2UiKQ==", "description": "Parse MongoDB logs", "author": "timokoessler", "labels": null }, "timokoessler/uptime-kuma-logs": { "path": "parsers/s01-parse/timokoessler/uptime-kuma-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "7fe2f059bf9f3a60c6ab262d5ac1efe98812a85fe6c11e4d91b6a25d8e42b4ac", "deprecated": false }, "0.2": { "digest": "2732333702233c0854e833ae830f7ab8ac8aebeaf3decab285f865a00164701c", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbVXB0aW1lIEt1bWFdKGh0dHBzOi8vZ2l0aHViLmNvbS9sb3Vpc2xhbS91cHRpbWUta3VtYSkgTG9ncy4KCioqVXB0aW1lIEt1bWEgdmVyc2lvbiAxLjE1LjAgb3IgaGlnaGVyIGlzIHJlcXVpcmVkLioqCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciBEb2NrZXI6CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBteV9jb250YWluZXJfbmFtZQpsYWJlbHM6CiAgdHlwZTogdXB0aW1lLWt1bWEKYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1VQVElNRS1LVU1BJyIKbmFtZTogdGltb2tvZXNzbGVyL3VwdGltZS1rdW1hLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBVcHRpbWUgS3VtYSBMb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9IFxbQVVUSFxdIFdBUk46IEluY29ycmVjdCB1c2VybmFtZSBvciBwYXNzd29yZCBmb3IgdXNlciAle0RBVEE6dXNlcm5hbWV9XC4gSVA9JXtJUDpzb3VyY2VfaXB9JCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdXB0aW1lX2t1bWFfZmFpbGVkX3Bhc3N3b3JkCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfSBcW0FVVEhcXSBXQVJOOiBJbnZhbGlkIHRva2VuIHByb3ZpZGVkIGZvciB1c2VyICV7REFUQTp1c2VybmFtZX1cLiBJUD0le0lQOnNvdXJjZV9pcH0kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB1cHRpbWVfa3VtYV9mYWlsZWRfdG90cAoKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdXB0aW1lLWt1bWEKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50aW1lc3RhbXAiCiAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUK", "description": "Parse Uptime Kuma Logs", "author": "timokoessler", "labels": null }, "xs539/bookstack-logs": { "path": "parsers/s01-parse/xs539/bookstack-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "b03afaaff75e627a5e80108364233efe44f04e83056c18acde8a5f7671969f31", "deprecated": false }, "0.2": { "digest": "6d27023413439c2b47ee1ac8de963e10e96c28a5f717b31b0c0c4deb24af5654", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbQm9va3N0YWNrXShodHRwczovL3d3dy5ib29rc3RhY2thcHAuY29tLykgbG9ncwoKWW91IHdpbGwgbmVlZCB0byBlbmFibGUgW0ZhaWxlZCBBY2Nlc3MgTG9nZ2luZ10oaHR0cHM6Ly93d3cuYm9va3N0YWNrYXBwLmNvbS9kb2NzL2FkbWluL3NlY3VyaXR5LyNmYWlsZWQtYWNjZXNzLWxvZ2dpbmcpIChvZmYgYnkgZGVmYXVsdCkgCgpgYGAKTE9HX0ZBSUxFRF9MT0dJTl9NRVNTQUdFPSJGYWlsZWQgbG9naW4gZm9yICV1IgpgYGAKCkV4YW1wbGUgYWNxdWlzaXRpb24gY29uZmlnOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2Jvb2tzdGFjay5sb2cKbGFiZWxzOgogIHR5cGU6IGJvb2tzdGFjawotLS0KYGBgCg==", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIkxvd2VyKGV2dC5QYXJzZWQucHJvZ3JhbSkgaW4gWydib29rc3RhY2snXSIKbmFtZTogeHM1MzkvYm9va3N0YWNrLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBib29rc3RhY2sgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgQk9PS1NUQUNLX1VTRVI6ICIoJXtFTUFJTEFERFJFU1N9fCV7VVNFUk5BTUV9KSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtOR0lOWEVSUlRJTUU6dGltZXN0YW1wfSV7R1JFRURZREFUQX1GYWlsZWQgbG9naW4gZm9yICV7Qk9PS1NUQUNLX1VTRVI6dGFyZ2V0X3VzZXJ9JXtHUkVFRFlEQVRBfWNsaWVudDogJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXFsle0FQQUNIRUVSUk9SVElNRTp0aW1lc3RhbXB9XF0gXFtwaHA6JXtXT1JEOmxvZ19sZXZlbH1cXSBcW3BpZCAle0lOVDpwaWR9XF0gXFtjbGllbnQgJXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0oOiV7SU5UOnJlbW90ZV9wb3J0fSk/XF0gRmFpbGVkIGxvZ2luIGZvciAle0JPT0tTVEFDS19VU0VSOnRhcmdldF91c2VyfSgsIHJlZmVyZXI6ICV7R1JFRURZREFUQTpodHRwX3JlZmVyZXJ9KT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBib29rc3RhY2tfZmFpbGVkX2F1dGgKICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50YXJnZXRfdXNlcgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBib29rc3RhY2sKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZW1vdGVfYWRkcgo=", "description": "Parse bookstack logs", "author": "xs539", "labels": null }, "xs539/joplin-server-logs": { "path": "parsers/s01-parse/xs539/joplin-server-logs.yaml", "stage": "s01-parse", "version": "0.1", "versions": { "0.1": { "digest": "ab679f8937f04d9800ce8153005b33c230b2d13fef690d727b30efd34d906703", "deprecated": false } }, "long_description": "UGFyc2VyIGZvciBbSm9wbGluIHNlcnZlcl0oaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnQyMi9qb3BsaW4vdHJlZS9kZXYvcGFja2FnZXMvc2VydmVyKSBsb2dzCgpFeGFtcGxlIGFjcXVpc2l0aW9uIGNvbmZpZzoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL2xvZy9qb3BsaW4tc2VydmVyLmxvZwpsYWJlbHM6CiAgdHlwZTogam9wbGluLXNlcnZlcgotLS0KYGBg", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIkxvd2VyKGV2dC5QYXJzZWQucHJvZ3JhbSkgaW4gWydqb3BsaW4tc2VydmVyJ10iCm5hbWU6IHhzNTM5L2pvcGxpbi1zZXJ2ZXItbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIEpvcGxpbiBTZXJ2ZXIgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgSk9QTElOX0RBVEU6ICIle1lFQVJ9Wy8tXSV7TU9OVEhOVU0yfVsvLV0le0RBWTJ9ICV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtKT1BMSU5fREFURTp0aW1lc3RhbXB9JXtHUkVFRFlEQVRBfS9hcGkvc2Vzc2lvbnM6ICV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9JXtHUkVFRFlEQVRBfUludmFsaWQgdXNlcm5hbWUgb3IgcGFzc3dvcmQle0dSRUVEWURBVEF9IiV7RU1BSUxBRERSRVNTOnRhcmdldF91c2VyfSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGpvcGxpbl9zZXJ2ZXJfZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91c2VyCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IGpvcGxpbgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlbW90ZV9hZGRy", "description": "Parse Joplin Server logs", "author": "xs539", "labels": null } }, "postoverflows": { "crowdsecurity/auditd-nvm-whitelist-process": { "path": "postoverflows/s01-whitelist/crowdsecurity/auditd-nvm-whitelist-process.yaml", "stage": "s01-whitelist", "version": "0.1", "versions": { "0.1": { "digest": "9198b74cb5a3913746bd926b58a35f90682acd1c49e89a19e1162f2e209b32f9", "deprecated": false } }, "long_description": "IyMgbnZtIHdoaXRlbGlzdCBwcm9jZXNzCgpTaW5jZSBub2RlIHZlcnNpb24gbWFuYWdlciBrZWVwIGBub2RlYCBhbmQgYG5wbWAgd2l0aGluIGEgZGlyZWN0b3J5IGAubnZtYCBpbiB0aGUgdXNlcidzIGhvbWUgZGlyZWN0b3J5LCBpdCB3aWxsIHRyaWdnZXIgb3VyIHN1c3BpY2lvdXMgcHJvY2VzcyBkZXRlY3Rpb24uIFRoaXMgcG9zdG92ZXJmbG93IHdpbGwgd2hpdGVsaXN0IHRoZSBwcm9jZXNzIGBub2RlYCB3aGVuIHRoZXkgYXJlIGV4ZWN1dGVkIGZyb20gdGhlIGAubnZtYCBkaXJlY3RvcnkuCgpUaGlzIHBvc3RvdmVyZmxvdyBpcyBub3Qgc3VwcGxpZWQgYnkgZGVmYXVsdCB3aXRoIGF1ZGl0ZCBjb2xsZWN0aW9uIGFzIHlvdSBtYXkgbm90IHVzZSBudm0u", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtbnZtLXdoaXRlbGlzdC1wcm9jZXNzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IG5vZGUgdmVyc2lvbiBtYW5hZ2VyIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAibm9kZSB2ZXJzaW9uIG1hbmFnZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtIHwKICAgICAgZXZ0Lk92ZXJmbG93LkFsZXJ0LkdldFNjZW5hcmlvKCkgPT0gJ2Nyb3dkc2VjdXJpdHkvYXVkaXRkLXN1cy1leGVjJyAmJiBhbGwoZXZ0Lk92ZXJmbG93LkFsZXJ0LkV2ZW50cywgey5HZXRNZXRhKCdleGUnKSBtYXRjaGVzICdcXC5udm1cXC92ZXJzaW9uc1xcL25vZGVcXC92KFxcZCspXFwuKFxcZCspXFwuKFxcZCspXFwvYmluXFwvbm9kZSQnfSk=", "description": "Whitelist node version manager", "author": "crowdsecurity", "labels": null }, "crowdsecurity/auditd-whitelisted-process": { "path": "postoverflows/s01-whitelist/crowdsecurity/auditd-whitelisted-process.yaml", "stage": "s01-whitelist", "version": "0.2", "versions": { "0.1": { "digest": "c6162d811539d4b670a705f2db949621fd9116b650acaacd19728e20e8a8731f", "deprecated": false }, "0.2": { "digest": "cbaa6a494e48137d2d64d7782669f9d4bac23a7aa8fed24e4c25790a3e3a33e0", "deprecated": false } }, "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtd2hpdGVsaXN0ZWQtcHJvY2VzcwpkZXNjcmlwdGlvbjogIldoaXRlbGlzdCBzb21lIHByb2Nlc3MgdGhhdCBhcmUgZmFsc2UtcG9zaXRpdmVzIHByb25lIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAicGFja2FnZSBtYW5hZ2VycyIKICBleHByZXNzaW9uOiAKICAgIC0gImFsbChldnQuT3ZlcmZsb3cuQWxlcnQuRXZlbnRzLCB7LkdldE1ldGEoJ3BhcmVudF9wcm9nbmFtZScpIGluIFsnL3Vzci9iaW4vZHBrZycsICcvdXNyL2Jpbi9kbmYnXX0pIgo=", "description": "Whitelist some process that are false-positives prone", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cdn-qc-whitelsit": { "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-qc-whitelsit.yaml", "stage": "s01-whitelist", "version": "0.1", "versions": { "0.1": { "digest": "cf604274ad512352979398bb20f33adc2c84a71b84810eb802bd9e7ca03bca0c", "deprecated": false } }, "long_description": "UG9zdG92ZXJmbG93IHdoaXRlbGlzdCBmb3IgUVVJQyBDRE4KClNpbmNlIHRoaXMgcG9zdG92ZWZsb3cgb25seSByZWxpZXMgb24gdGhlIG92ZXJmbG93biBJUCBhZGRyZXNzIHRoaXMgcG9zdG92ZXJmbG93IGNhbiBiZSBpbnN0YWxsZWQgd2l0aG91dCBhbnkgZGVwZW5kZW5jaWVzYAo=", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9xdWljLWNkbi13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgQ0ROIHByb3ZpZGVyIFFVSUMuY2xvdWQiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIgUVVJQy5jbG91ZCIKICBleHByZXNzaW9uOiAKICAgIC0gImV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgaW4gRmlsZSgncXVpY19jbG91ZF9pcHMudHh0JykiCgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly93d3cucXVpYy5jbG91ZC9pcHM/bG4KICAgIGRlc3RfZmlsZTogcXVpY19jbG91ZF9pcHMudHh0CiAgICB0eXBlOiBzdHJpbmcKCg==", "description": "Whitelist CDN provider QUIC.cloud", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cdn-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml", "stage": "s01-whitelist", "version": "0.4", "versions": { "0.1": { "digest": "d1cb42fbe9f3bb37f3cfa77ef5c60ec0b17dc3703bffb0d422dc6fe9cc0eb9f5", "deprecated": false }, "0.2": { "digest": "7fb5b1474067c22192cf12effb7d508e316c130900cb00c108c0467d18d9d2c0", "deprecated": false }, "0.3": { "digest": "63c933b81052c7776deb607ed7c115b89e59a88908123e04573853201122a45a", "deprecated": false }, "0.4": { "digest": "626bd74a8f0dcf8e17d74238d08983693f5ac2d32b1a6ccd2d57fff02731eeaa", "deprecated": false } }, "long_description": "IyBDRE5zIHdoaXRlbGlzdAoKQ0ROcyB3aGl0ZWxpc3QgYmFzZWQgb24gZm9sbG93aW5nIGxpc3RzOgoqIGh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2lwcy12NAoKSXQgd2lsbCB3aGl0ZWxpc3Qgb3ZlcmZsb3dzIHRyaWdnZXJlZCBvbiBhbiBJUCBpbiB0aG9zZSBsaXN0cw==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jZG4td2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IENETiBwcm92aWRlcnMiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcHMudHh0JyksIHsgSXBJblJhbmdlKGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgLCMpfSkiCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcDZzLnR4dCcpLCB7IElwSW5SYW5nZShldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQICwjKX0pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vaXBzLXY0CiAgICBkZXN0X2ZpbGU6IGNsb3VkZmxhcmVfaXBzLnR4dAogICAgdHlwZTogc3RyaW5nCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3d3dy5jbG91ZGZsYXJlLmNvbS9pcHMtdjYKICAgIGRlc3RfZmlsZTogY2xvdWRmbGFyZV9pcDZzLnR4dAogICAgdHlwZTogc3RyaW5nCg==", "description": "Whitelist CDN providers", "author": "crowdsecurity", "labels": null }, "crowdsecurity/cookiebot-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/cookiebot-whitelist.yaml", "stage": "s01-whitelist", "version": "0.2", "versions": { "0.1": { "digest": "7fd91de8bae664730d4165c670dff1d0d56a9cf1645d54978ae90241b14aa32a", "deprecated": false }, "0.2": { "digest": "5ca0193a0a85c2e44e38caddaba705c4c2779c059845730225b185606cd103ca", "deprecated": false } }, "long_description": "IyMgQ29va2llYm90IGNvbXBsaWFuY2Ugc2Nhbm5lciBXaGl0ZWxpc3QKClRoZXNlIGlwIGFkZHJlc3NlcyBhcmUgdGFrZW4gZnJvbSB0aGUgW3N1cHBvcnQgYXJ0aWNsZV0oaHR0cHM6Ly9zdXBwb3J0LmNvb2tpZWJvdC5jb20vaGMvZW4tdXMvYXJ0aWNsZXMvMzYwMDAzODI0MTUzLVdoaXRlbGlzdGluZy10aGUtQ29va2llYm90LXNjYW5uZXIpCgpJZiB5b3Ugbm90aWNlIHRoaXMgbGlzdCBpcyBub3QgdXAgdG8gZGF0ZSBwbGVhc2Ugb3BlbiBhbiBpc3N1ZSBvbiB0aGUgaHVi", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jb29raWVib3Qtd2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIGNvb2tpZWJvdCBjb21wbGlhbmNlIHNjYW5uZXIiCndoaXRlbGlzdDoKICByZWFzb246ICJDb29raWVib3QgY29tcGxpYW5jZSBzY2FubmVyIGlwIGFkZHJlc3MiCiAgZXhwcmVzc2lvbjogCiAgICAtICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIGluIEZpbGUoJ2Nvb2tpZWJvdF9pcHMudHh0JykiCgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9jb29raWVib3RfaXBzLnR4dAogICAgZGVzdF9maWxlOiBjb29raWVib3RfaXBzLnR4dAogICAgdHlwZTogc3RyaW5n", "description": "Whitelist events from cookiebot compliance scanner", "author": "crowdsecurity", "labels": null }, "crowdsecurity/discord-crawler-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/discord-crawler-whitelist.yaml", "stage": "s01-whitelist", "version": "0.1", "versions": { "0.1": { "digest": "d8eaee4f1ad3496ef253915ce0099d3c0cc2160785877efe306af35ffff929db", "deprecated": false } }, "long_description": "IyBEaWNvcmQgQ3Jhd2xlciBXaGl0ZWxpc3QKCldoaXRlbGlzdCBmb3IgRGlzY29yZCBjcmF3bGVycyBiYXNlZCBvbiBSRE5TIHRvICdYWFgucHRyLmRpc2NvcmQuY29tLicuCgojIyMgUmVxdWlyZW1lbnRzIGlmIGluc3RhbGxpbmcgb3V0c2lkZSBvZiBjb2xsZWN0aW9uCgpUaGlzIHBvc3RvdmVyZmxvdyB1c2VzIFtSRE5TIGVucmljaGVyXShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29uZmlndXJhdGlvbnMvcmRucyksIHBsZWFzZSBlbnN1cmUgdGhpcyBpcyBpbnN0YWxsZWQgYW5kIGVuYWJsZWQu", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9kaXNjb3JkLWNyYXdsZXItd2hpdGVsaXN0CmRlc2NyaXB0aW9uOiBEaXNjb3JkIFBUUiB3aGl0ZWxpc3QKd2hpdGVsaXN0OgogIHJlYXNvbjogRGlzY29yZCBQVFIgZG9tYWluCiAgZXhwcmVzc2lvbjoKICAgIC0gZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICcucHRyLmRpc2NvcmQuY29tLic=", "description": "Discord PTR whitelist", "author": "crowdsecurity", "labels": null }, "crowdsecurity/ipv6_to_range": { "path": "postoverflows/s00-enrich/crowdsecurity/ipv6_to_range.yaml", "stage": "s00-enrich", "version": "0.1", "versions": { "0.1": { "digest": "f22e5224b84175284024f9ca69e0c97327f0e0d86ff3ccfadf4f26257bf22b96", "deprecated": false } }, "long_description": "VGhpcyBwb3N0b3ZlcmZsb3cgY2hlY2sgaWYgdGhlIHJlbWVkaWF0aW9uIGNvbmNlcm4gYW4gSVB2NiBhbmQgaWYgeWVzLCB3aWxsIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhlIGRlY2lzaW9uIHRvIHRoZSBJUHY2IC82NCByYW5nZS4=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlICYmIElzSVBWNihldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQKSIKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHY2X3RvX3JhbmdlCmRlc2NyaXB0aW9uOiAiIgpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLlZhbHVlCiAgICBleHByZXNzaW9uOiBJcFRvUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCwgIi82NCIpCiAgLSB0YXJnZXQ6IGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuU2NvcGUKICAgIHZhbHVlOiBSYW5nZQ==", "author": "crowdsecurity", "labels": null }, "crowdsecurity/rdns": { "path": "postoverflows/s00-enrich/crowdsecurity/rdns.yaml", "stage": "s00-enrich", "version": "0.3", "versions": { "0.1": { "digest": "796da42b262fe6574d78a7c7f95f73876d30a07751679a43afd018fc272e490a", "deprecated": false }, "0.2": { "digest": "2b174b379f05edb3aa298b7037f6a85cde06b45893e4152492a51757408d517b", "deprecated": false }, "0.3": { "digest": "e3f9e78178f48fc67f15137e092d65785c39c9308217a44e412987b8b06ac5ae", "deprecated": false } }, "long_description": "IyBSZG5zIGVucmljaGVyCgpUaGlzIHdpbGwgdXNlIGByZXZlcnNlX2Ruc2AgbWV0aG9kIHRvIGVucmljaCBhbiBldmVudCB3aXRoIHRoZSByZXZlcnNlIGRucyBvZiB0aGUgSVAgaWYgaXQgZXhpc3RzLgo=", "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlICYmIGV2dC5PdmVyZmxvdy5BbGVydC5HZXRTY29wZSgpID09ICdJcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkxvb2t1cCB0aGUgRE5TIGFzc29jaWF0ZWQgdG8gdGhlIHNvdXJjZSBJUCBvbmx5IGZvciBvdmVyZmxvd3MiCnN0YXRpY3M6CiAgLSBtZXRob2Q6IHJldmVyc2VfZG5zCiAgICBleHByZXNzaW9uOiBldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQCiAgLSBtZXRhOiByZXZlcnNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zCg==", "description": "Lookup the DNS associated to the source IP only for overflows", "author": "crowdsecurity", "labels": null }, "crowdsecurity/seo-bots-whitelist": { "path": "postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml", "stage": "s01-whitelist", "version": "0.5", "versions": { "0.1": { "digest": "6df83947191a61ab73a87fccb3c285563bd9c4b3ef8027558d3510d262776ebe", "deprecated": false }, "0.2": { "digest": "71eccc355bf181addcb1b5681c5fa99e087b23cbd8fed40ade7ff8a3b07488ef", "deprecated": false }, "0.3": { "digest": "43968bb27b6f8cb8420bdcfa997627bce5f19e62fb96299af8c0e1e767ff0582", "deprecated": false }, "0.4": { "digest": "f48b0841cc4cf03fe16f118ea1b5d64f4c1eb07cbacf4647bb0e871b4fd71f8c", "deprecated": false }, "0.5": { "digest": "504c16dd87df828742e360a304f3e945c2e03537d7a7610e869f315d721c395a", "deprecated": false } }, "long_description": "IyBTRU8gQm90cyBXaGl0ZWxpc3QKCkNvbmZpZ3VyYXRpb24gYmFzZWQgb24gYGNyb3dkc2VjdXJpdHkvcmRuc2AgdG8gd2hpdGVsaXN0IGZvbGxvd2luZyBiZW5pZ24gU0VPIGJvdHM6CiogZHVja2R1Y2tCb3QKKiBnb29nbGVib3QKKiB5YW5kZXgKKiBiaW5nCiogYmFpZHUKKiB5YWhvbwoqIHBpbnRlcmVzdAoqIHF3YW50Cg==", "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9zZW8tYm90cy13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZ29vZCBzZWFyY2ggZW5naW5lIGNyYXdsZXJzIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAiZ29vZCBib3RzIChzZWFyY2ggZW5naW5lIGNyYXdsZXJzKSIKICBleHByZXNzaW9uOiAKICAgIC0gImFueShGaWxlKCdyZG5zX3Nlb19ib3RzLnR4dCcpLCB7IGxlbigjKSA+IDAgJiYgZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICN9KSIKICAgIC0gIlJlZ2V4cEluRmlsZShldnQuRW5yaWNoZWQucmV2ZXJzZV9kbnMsICdyZG5zX3Nlb19ib3RzLnJlZ2V4JykiCiAgICAtICJhbnkoRmlsZSgnaXBfc2VvX2JvdHMudHh0JyksIHsgbGVuKCMpID4gMCAmJiBJcEluUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCAsIyl9KSIKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9yZG5zX3Nlb19ib3RzLnR4dAogICAgZGVzdF9maWxlOiByZG5zX3Nlb19ib3RzLnR4dAogICAgdHlwZTogc3RyaW5nCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93aGl0ZWxpc3RzL2Jlbmlnbl9ib3RzL3NlYXJjaF9lbmdpbmVfY3Jhd2xlcnMvcm5kc19zZW9fYm90cy5yZWdleAogICAgZGVzdF9maWxlOiByZG5zX3Nlb19ib3RzLnJlZ2V4CiAgICB0eXBlOiByZWdleHAKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9pcF9zZW9fYm90cy50eHQKICAgIGRlc3RfZmlsZTogaXBfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmc=", "description": "Whitelist good search engine crawlers", "author": "crowdsecurity", "labels": null } }, "scenarios": { "Dominic-Wagner/vaultwarden-bf": { "path": "scenarios/Dominic-Wagner/vaultwarden-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7cfd47daccee7ae3c88be9d772610996114d36be9a4738274ae54509c67e6615", "deprecated": false }, "0.2": { "digest": "d1a3c008d9c42712cc330c7d89eba463ce7cedff495f6ae176df15e518a13ad2", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCB2YXVsdHdhcmRlbiBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyB2YXVsdHdhcmRlbiBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHZhdWx0d2FyZGVuIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsndmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgnLCAndmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgnLCAndmF1bHR3YXJkZW5fZmFpbGVkX3RvdHAnXSIKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHZhdWx0d2FyZGVuCiAgYmVoYXZpb3I6ICJnZW5lcmljOmJydXRlZm9yY2UiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiVmF1bHR3YXJkZW4gQnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgdmF1bHR3YXJkZW4gdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCB2YXVsdHdhcmRlbiB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAndmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDVtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogdmF1bHR3YXJkZW4KICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiVmF1bHR3YXJkZW4gVXNlciBFbnVtZXJhdGlvbiIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect vaultwarden bruteforce", "author": "Dominic-Wagner", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Vaultwarden Bruteforce", "remediation": true, "service": "vaultwarden", "spoofable": 0 } }, "LePresidente/adguardhome-bf": { "path": "scenarios/LePresidente/adguardhome-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "af3af350da974cdb51f8dd66b3daae62253719680738a3190b5b48ba7a3fab46", "deprecated": false }, "0.2": { "digest": "9e4167549d0e3393b31985309f36cbf21fa823f3ad444f9176ac03771fc718a0", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBBZEd1YXJkSG9tZSBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc2FtZSBpcCBhZGRyZXNz", "content": "IyBBZEd1YXJkSG9tZSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9hZGd1YXJkaG9tZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBBZEd1YXJkSG9tZSBicnV0ZWZvcmNlIGF0dGFja3MiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhZGd1YXJkaG9tZV9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBhZGd1YXJkaG9tZQogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJBZEd1YXJkSG9tZSBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect AdGuardHome bruteforce attacks", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "AdGuardHome Bruteforce", "remediation": true, "service": "adguardhome", "spoofable": 0 } }, "LePresidente/authelia-bf": { "path": "scenarios/LePresidente/authelia-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "6859d59edc2371a1b44babd0623f0f4db16feacb2096450ebc19a6804343bc28", "deprecated": false }, "0.2": { "digest": "444cade77860d8cf730df8ca3ddcf728e2246c4c2c72685fd425dedd7ee26457", "deprecated": false }, "0.3": { "digest": "e6f9ef547cd23ab4b260709481c65f8c34ce2a19e2bced8229f74dbe91e7191f", "deprecated": false }, "0.4": { "digest": "f1ceb17909865a123fbbcb01640e2e1b30524414e88a93dae90abc5cd86bdb0a", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBhdXRoZWxpYSBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBhdXRoZWxpYSBCRiBzY2FuCm5hbWU6IExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBhdXRoZWxpYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdhdXRoZWxpYScgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F1dGhfZmFpbGVkJyIKI2RlYnVnOiB0cnVlCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICIyMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGF1dGhlbGlhCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkF1dGhlbGlhIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgYXV0aGVsaWEgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9hdXRoZWxpYS1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgYXV0aGVsaWEgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2F1dGhlbGlhJyAmJiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXV0aF9mYWlsZWQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYXV0aGVsaWEKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkF1dGhlbGlhIFVzZXIgRW51bWVyYXRpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect authelia bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Authelia Bruteforce", "remediation": true, "service": "authelia", "spoofable": 0 } }, "LePresidente/emby-bf": { "path": "scenarios/LePresidente/emby-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "4465206dcabe80edd026332b3a1aca8feb325fe982fa8fd2b4a38a3970a258b1", "deprecated": false }, "0.2": { "digest": "53face55d2ab8e746503000657d65d19257de7ef3ee3ae6b54bdb1fd8a5b3514", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBlbWJ5IGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCBpcA==", "content": "IyBlbWJ5IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogTGVQcmVzaWRlbnRlL2VtYnktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZW1ieSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZW1ieV9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBlbWJ5CiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBsYWJlbDogIkVtYnkgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect emby bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Emby Bruteforce", "remediation": true, "service": "emby", "spoofable": 0 } }, "LePresidente/gitea-bf": { "path": "scenarios/LePresidente/gitea-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "29eb0131d95219fa3a835a9e33cf38238240e42e8d7b46aa7bf7ed895d2b0b35", "deprecated": false }, "0.2": { "digest": "2ba7cd0dc64eda94f1c094b45f1bffd779a3e773621fddb7506b713320406f54", "deprecated": false }, "0.3": { "digest": "785e6e7e0e3f272a1555df16cbcdb38b5fef4638eb7feae97adff583507004ed", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBnaXRlYSBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBnaXRlYSBCRiBzY2FuCm5hbWU6IExlUHJlc2lkZW50ZS9naXRlYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBnaXRlYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZ2l0ZWFfZmFpbGVkX2F1dGgnIgojZGVidWc6IHRydWUKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogZ2l0ZWEKICBiZWhhdmlvcjogInZjczpicnV0ZWZvcmNlIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJHaXRlYSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIGdpdGVhIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBMZVByZXNpZGVudGUvZ2l0ZWEtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdpdGVhIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZ2l0ZWFfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogZ2l0ZWEKICBiZWhhdmlvcjogInZjczpicnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiR2l0ZWEgVXNlciBFbnVtZXJhdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect gitea bruteforce", "author": "LePresidente", "labels": { "behavior": "vcs:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Gitea Bruteforce", "remediation": true, "service": "gitea", "spoofable": 0 } }, "LePresidente/grafana-bf": { "path": "scenarios/LePresidente/grafana-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "f2b73db0cdd22c800e107a8dd0ab81d55bca7379a36f04dd26951dbebe9db1bb", "deprecated": false }, "0.2": { "digest": "46b13a1c833edb5dc62f2c23d642eeaa1bdcb9c9e71bb890054cf2db3346652c", "deprecated": false }, "0.3": { "digest": "33fffd89e58b5e67839e70a04dca4b8dc56fe45c36df2a3f8448b28ded619f68", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBHcmFmYW5hIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCBpcA==", "content": "IyBncmFmYW5hIEJGIHNjYW4KbmFtZTogTGVQcmVzaWRlbnRlL2dyYWZhbmEtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ3JhZmFuYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdncmFmYW5hJyAmJiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXV0aF9mYWlsZWQnIgojZGVidWc6IHRydWUKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogZ3JhZmFuYQogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJHcmFmYW5hIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect grafana bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Grafana Bruteforce", "remediation": true, "service": "grafana", "spoofable": 0 } }, "LePresidente/harbor-bf": { "path": "scenarios/LePresidente/harbor-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "25f208be5fdb655805f5b9baed7784d6b0be07421f9c36d53b85400a778f9e3c", "deprecated": false }, "0.2": { "digest": "a103754c82c2d9bd394229759091cdbda5f0cdfff89ed1a1acc1422197249432", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBoYXJib3IgYXV0aGVudGljYXRpb25zOgoKIC0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBoYXJib3IgQkYgc2NhbgpuYW1lOiBMZVByZXNpZGVudGUvaGFyYm9yLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGhhcmJvciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaGFyYm9yX2ZhaWxlZF9hdXRoJyIKI2RlYnVnOiB0cnVlCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICIyMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGhhcmJvcgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJIYXJib3IgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBoYXJib3IgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9oYXJib3ItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGhhcmJvciB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2hhcmJvcl9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBoYXJib3IKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkhhcmJvciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect harbor bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Harbor Bruteforce", "remediation": true, "service": "harbor", "spoofable": 0 } }, "LePresidente/jellyfin-bf": { "path": "scenarios/LePresidente/jellyfin-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e84cce05fb525b5f43f34171fb8a3eeca55ae5a7e5553d59fd9004472188706e", "deprecated": false }, "0.2": { "digest": "adc51e35b2fe0f667938d7ddea7bd9fd5ff9f48c1ac3438b871130c0be251689", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBqZWxseWZpbiBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBqZWxseWZpbiBCRiBzY2FuCm5hbWU6IExlUHJlc2lkZW50ZS9qZWxseWZpbi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBqZWxseWZpbiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnamVsbHlmaW5fZmFpbGVkX2F1dGgnIgojZGVidWc6IHRydWUKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogamVsbHlmaW4KICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGxhYmVsOiAiSmVsbHlmaW4gQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBqZWxseWZpbiB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5ZmluLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBqZWxseWZpbiB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2plbGx5ZmluX2ZhaWxlZF9hdXRoJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGplbGx5ZmluCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJIYXJib3IgVXNlciBFbnVtZXJhdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect jellyfin bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Jellyfin Bruteforce", "remediation": true, "service": "jellyfin", "spoofable": 0 } }, "LePresidente/jellyseerr-bf": { "path": "scenarios/LePresidente/jellyseerr-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d21fcd58a65208cd0d37d005e13b3ba242f169ee71a8a8c2b6d4c4011f4d1c98", "deprecated": false }, "0.2": { "digest": "230e8b4b1ef48c3cb5f83ccc66ca29e38d83f4116079f22cb13033e0c7e40bc8", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBqZWxseXNlZXJyIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAyMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJz", "content": "IyBqZWxseXNlZXJyIEJGIHNjYW4KbmFtZTogTGVQcmVzaWRlbnRlL2plbGx5c2VlcnItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgamVsbHlzZWVyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnamVsbHlzZWVycl9mYWlsZWRfYXV0aCciCiNkZWJ1ZzogdHJ1ZQp0eXBlOiBsZWFreQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAiMjBzIgpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBqZWxseXNlZXJyCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkplbGx5c2VlcnIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBqZWxseXNlZXJyIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBMZVByZXNpZGVudGUvamVsbHlzZWVyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgamVsbHlzZWVyciB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2plbGx5c2VlcnJfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogamVsbHlzZWVycgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiSmVsbHlzZWVyciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect jellyseerr bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Jellyseerr Bruteforce", "remediation": true, "service": "jellyseerr", "spoofable": 0 } }, "LePresidente/ombi-bf": { "path": "scenarios/LePresidente/ombi-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "20d3c7bf14fa9c1a6b43a00d219c933846d36d7ec8d4306659aaad6a3873a6eb", "deprecated": false }, "0.2": { "digest": "57fdcee57a59e2858e2eb25e60004d4a9910ed20c2856443eda997a3153a2300", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBlbWJ5IGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCBpcA==", "content": "IyBlbWJ5IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogTGVQcmVzaWRlbnRlL29tYmktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgT21iaSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnb21iaV9hdXRoX2ZhaWxlZCciCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBvbWJpCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIk9tYmkgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Ombi bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Ombi Bruteforce", "remediation": true, "service": "ombi", "spoofable": 0 } }, "LePresidente/overseerr-bf": { "path": "scenarios/LePresidente/overseerr-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "bd3d03dc43e0bdc90e71ef791c938ec722fee0ed07165e0155804a6da29abf27", "deprecated": false }, "0.2": { "digest": "c507f748764cc42d4e71d3cbd0399c1f303aff386e629e499cd09047fd689dc1", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBPdmVyc2VlcnIgYXV0aGVudGljYXRpb25zOgoKIC0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBvdmVyc2VlcnIgQkYgc2NhbgpuYW1lOiBMZVByZXNpZGVudGUvb3ZlcnNlZXJyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG92ZXJzZWVyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3ZlcnNlZXJyX2ZhaWxlZF9hdXRoJyIKI2RlYnVnOiB0cnVlCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICIyMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IG92ZXJzZWVycgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJPdmVyc2VlcnIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBvdmVyc2VlcnIgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9vdmVyc2VlcnItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG92ZXJzZWVyciB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ292ZXJzZWVycl9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBvdmVyc2VlcnIKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIk92ZXJzZWVyciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect overseerr bruteforce", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Overseerr Bruteforce", "remediation": true, "service": "overseerr", "spoofable": 0 } }, "LePresidente/redmine-bf": { "path": "scenarios/LePresidente/redmine-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "85e4eb99ed510675a3b9080958f5000e5c7564e63bd3fa180be3a5757620ec8e", "deprecated": false }, "0.2": { "digest": "d12851449afd02091b0d5838de8daebbc6cc81847cfb26a1afed2c6eb2b4f176", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBSZWRtaW5lIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAyMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJz", "content": "IyBSZWRtaW5lIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogTGVQcmVzaWRlbnRlL3JlZG1pbmUtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgUmVkbWluZSBicnV0ZWZvcmNlIGF0dGFja3MiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdyZWRtaW5lX2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHJlZG1pbmUKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJSZWRtaW5lIEJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIFJlZG1pbmUgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IExlUHJlc2lkZW50ZS9yZWRtaW5lLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBSZWRtaW5lIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAncmVkbWluZV9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiByZWRtaW5lCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJSZWRtaW5lIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Redmine bruteforce attacks", "author": "LePresidente", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Redmine Bruteforce", "remediation": true, "service": "redmine", "spoofable": 0 } }, "LePresidente/ssh-bad-keyexchange-bf": { "path": "scenarios/LePresidente/ssh-bad-keyexchange-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "654f4cd2d1f53a60423647e3d8ec38cde2e27a7b8495c44204f001f5f5485430", "deprecated": false }, "0.2": { "digest": "3c1b4148eedb8f632dc80ed11a186c7d534ce23533367ab3c8e3cd06345d6a2a", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggS2V5IEV4Y2hhbmdlcyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IGlwCiAK", "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBsZXByZXNpZGVudGUvc3NoLWJhZC1rZXlleGNoYW5nZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYmFkIGtleSBleGNoYW5nZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9iYWRfa2V5ZXhjaGFuZ2UnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogc3NoCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgbGFiZWw6ICJTU0ggQmFkIEtleSBCcnV0ZWZvcmNlIgo=", "description": "Detect ssh bad key exchange", "author": "LePresidente", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SSH Bad Key Bruteforce", "remediation": true, "service": "ssh", "spoofable": 0 } }, "MariuszKociubinski/bitwarden-bf": { "path": "scenarios/MariuszKociubinski/bitwarden-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "43e83e367af5eba9d525953587a65905e109057fac7a52e68ce04606a01e8b23", "deprecated": false }, "0.2": { "digest": "d68d05489f98eb1194c0935d043f9cd760cadf07fc53308ae640ce7efe250356", "deprecated": false } }, "content": "IyBiaXR3YXJkZW4gYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBNYXJpdXN6S29jaXViaW5za2kvYml0d2FyZGVuLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJpdHdhcmRlbiBicnV0ZWZvcmNlIgpkZWJ1ZzogZmFsc2UKZmlsdGVyOgogICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2JpdHdhcmRlbl9mYWlsZWRfYXV0aCcsJ2JpdHdhcmRlbl9mYWlsZWRfYXV0aF8yZmEnXSIKICAjZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2JpdHdhcmRlbl9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjFtIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKICBzZXJ2aWNlOiBiaXR3YXJkZW4KICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJCaXR3YXJkZW4gVXNlciBFbnVtZXJhdGlvbiIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect bitwarden bruteforce", "author": "MariuszKociubinski", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Bitwarden User Enumeration", "remediation": true, "service": "bitwarden", "spoofable": 0 } }, "a1ad/meshcentral-bf": { "path": "scenarios/a1ad/meshcentral-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f9c23983ecdee70491e334732b2cb2ba7ef5fb61a5d119951930ba5b7cb93e51", "deprecated": false }, "0.2": { "digest": "bfa1db16802b90bf3648ca8f59c75fec48b297b65c30c01608bff71e8ee2e2cf", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBtZXNoY2VudHJhbCBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBtZXNoY2VudHJhbCBCRiBzY2FuCm5hbWU6IGExYWQvbWVzaGNlbnRyYWwtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgbWVzaGNlbnRyYWwgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21lc2hjZW50cmFsX2ZhaWxlZF9hdXRoJyIKI2RlYnVnOiB0cnVlCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICIyMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IG1lc2hjZW50cmFsCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBsYWJlbDogIk1lc2hDZW50cmFsIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgbWVzaGNlbnRyYWwgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGExYWQvbWVzaGNlbnRyYWwtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1lc2hjZW50cmFsIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbWVzaGNlbnRyYWxfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogbWVzaGNlbnRyYWwKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBsYWJlbDogIk1lc2hDZW50cmFsIFVzZXIgRW51bWVyYXRpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect meshcentral bruteforce", "author": "a1ad", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "MeshCentral Bruteforce", "remediation": true, "service": "meshcentral", "spoofable": 0 } }, "a1ad/mikrotik-bf": { "path": "scenarios/a1ad/mikrotik-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "186b0c6b7fe346e3e3843e90135735ed0195233abd5e5a2a06b3420275ef9e2d", "deprecated": false }, "0.2": { "digest": "69a55380db43a066268c70ba1d0a3934e6188b4669337c091d2898b398cdcbad", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBNaWtyb3RpayBhdXRoZW50aWNhdGlvbnM6CgogLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBNaWtyb3RpayBCRiBzY2FuCm5hbWU6IGExYWQvbWlrcm90aWstYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgTWlrcm90aWsgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21pa3JvdGlrX2ZhaWxlZF9hdXRoJyIKI2RlYnVnOiB0cnVlCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICIyMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IG1pa3JvdGlrCiAgYmVoYXZpb3I6ICJpb3Q6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGxhYmVsOiAiTWlrcm90aWsgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBtZXNoY2VudHJhbCB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogYTFhZC9taWtyb3Rpay1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgbWlrcm90aWsgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdtaWtyb3Rpa19mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBtaWtyb3RpawogIGJlaGF2aW9yOiAiaW90OmJydXRlZm9yY2UiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJNaWtyb3RpayBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Mikrotik bruteforce", "author": "a1ad", "labels": { "behavior": "iot:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Mikrotik Bruteforce", "remediation": true, "service": "mikrotik", "spoofable": 0 } }, "a1ad/mikrotik-scan-multi_ports": { "path": "scenarios/a1ad/mikrotik-scan-multi_ports.yaml", "version": "0.3", "versions": { "0.1": { "digest": "eb9e82a3f0179f4e407b91e618dc960da0bf7244f018dc2bd5cee181035e1d3a", "deprecated": false }, "0.2": { "digest": "aabd6503e4b3f1974760e168872ba557927ede9a5e516777dc49d0c872314fc3", "deprecated": false }, "0.3": { "digest": "104b45e980fb6c20041842aaa3e66a1120adb2d17d2e868fb234e953fabf1ac8", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogYTFhZC9taWtyb3Rpay1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHBvcnQgc2Nhbm5pbmcgZnJvbSBzaW5nbGUgaXAgb24gTWlrcm9UaWsgcm91dGVyIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbWlrcm90aWtfZHJvcCcgJiYgZXZ0Lk1ldGEuc2VydmljZSA9PSAndGNwX3VkcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBtaWtyb3RpawogIGJlaGF2aW9yOiAidGNwOnNjYW4iCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDEKICAgIC0gYXR0YWNrLlQxMDE4CiAgICAtIGF0dGFjay5UMTA0NgogIHNwb29mYWJsZTogMgogIGNvbmZpZGVuY2U6IDEKICBsYWJlbDogIk1pa3JvVGlrIFBvcnQgU2Nhbm5pbmciCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect port scanning from single ip on MikroTik router", "author": "a1ad", "labels": { "behavior": "tcp:scan", "classification": [ "attack.T1595.001", "attack.T1018", "attack.T1046" ], "confidence": 1, "label": "MikroTik Port Scanning", "remediation": true, "service": "mikrotik", "spoofable": 2 } }, "aidalinfo/couchdb-bf": { "path": "scenarios/aidalinfo/couchdb-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "51b01a6b282027299192db588a2e3de5b46fbcfcbe8cba15d419ba010ffcff71", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBDb3VjaERCIGF1dGhlbnRpY2F0aW9uIDoKCmxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwLCBHcm91cCBieSBJUApsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1LCBHcm91cCBieSBJUA==", "content": "IyBjb3VjaGRiIHNsb3cgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBhaWRhbGluZm8vY291Y2hkYi1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgQ291Y2hkYiBicnV0ZWZvcmNlL2VudW0iCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2JmLWVudW0tY291Y2hkYicKbGVha3NwZWVkOiAiNjBzIgpjYXBhY2l0eTogMTAKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBjb3VjaGRiCiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiQ291Y2hkYiBsb3cgQnJ1dGVmb3JjZSIKLS0tCiMgY291Y2hkYiBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IGFpZGFsaW5mby9jb3VjaGRiLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENvdWNoZGIgYnJ1dGVmb3JjZS9lbnVtIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdiZi1lbnVtLWNvdWNoZGInCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBjb3VjaGRiCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkNvdWNoZGIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect slow Couchdb bruteforce/enum", "author": "aidalinfo", "labels": { "classification": [ "attack.T1110" ], "confidence": 3, "label": "Couchdb low Bruteforce", "remediation": true, "service": "couchdb", "spoofable": 0 } }, "aidalinfo/couchdb-crawl": { "path": "scenarios/aidalinfo/couchdb-crawl.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0531619cc321e1dd46b812c5af6edcf8599fbbc7f019e2c56d2dcb94e8ecfae9", "deprecated": false }, "0.2": { "digest": "07f46b4913b9b215d552e6276583e1015f43369c9108d46c33a59eee1c112dd2", "deprecated": false }, "0.3": { "digest": "7ff0dd0aeb2d5cc508cc69e5fc3ba63e86b3a37c2860f171b7914d728bedf656", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogYWlkYWxpbmZvL2NvdWNoZGItY3Jhd2wKZGVzY3JpcHRpb246ICJEZXRlY3QgYWdncmVzc2l2ZSBjcmF3bCBvbiBDb3VjaERCIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdjcmF3bC1jb3VjaGRiJwpkaXN0aW5jdDogZXZ0Lk1ldGEucGF0aF9kYgpsZWFrc3BlZWQ6IDAuNXMKY2FwYWNpdHk6IDQwCiNkZWJ1ZzogdHJ1ZQojdGhpcyBsaW1pdHMgdGhlIG1lbW9yeSBjYWNoZSAoYW5kIGV2ZW50X3NlcXVlbmNlcyBpbiBvdXRwdXQpIHRvIGZpdmUgZXZlbnRzCmNhY2hlX3NpemU6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGNvdWNoZGIKICBjb25maWRlbmNlOiAxCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpjcmF3bCIKICBsYWJlbDogIkNvdWNoREIgQ3Jhd2wiCiAgcmVtZWRpYXRpb246IHRydWU=", "description": "Detect aggressive crawl on CouchDB", "author": "aidalinfo", "labels": { "behavior": "http:crawl", "classification": [ "attack.T1595" ], "confidence": 1, "label": "CouchDB Crawl", "remediation": true, "service": "couchdb", "spoofable": 0 } }, "aidalinfo/tcpudp-flood-traefik": { "path": "scenarios/aidalinfo/tcpudp-flood-traefik.yaml", "version": "0.1", "versions": { "0.1": { "digest": "279599e76231935a36a5efafb12ddc5ed432f56d8c6c5c93daa277261a680182", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IEZsb29kIFRDUCBvciBVRFAgd2l0aCBUcmFlZmlrIGRlYnVnIGxvZwoKLSBsZWFrc3BlZWQgb2YgMTAgc2Vjb25kcywgY2FwYWNpdHkgb2YgMTAwMCBvbiBzYW1lIGlwIGFkZHJlc3MK", "content": "dHlwZTogbGVha3kKbmFtZTogYWlkYWxpbmZvL3RjcHVkcC1mbG9vZC10cmFlZmlrCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFRDUC9VRFAgZmxvb2QiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd0cmFlZmlrX3RjcHVkcCciCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmNhcGFjaXR5OiAxMDAwCmNhY2hlX3NpemU6IDEwCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNDk4CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGxhYmVsOiAiVURQIG9yIFRDUCBGbG9vZCBUcmFlZmlrIgo=", "description": "Detect TCP/UDP flood", "author": "aidalinfo", "labels": { "classification": [ "attack.T1498" ], "confidence": 2, "label": "UDP or TCP Flood Traefik", "remediation": true, "spoofable": 0 } }, "andreasbrett/baikal-bf": { "path": "scenarios/andreasbrett/baikal-bf.yaml", "version": "0.5", "versions": { "0.1": { "digest": "6e560fc2a7297c34acf8b4a1310d99f8aaaafa8c3d72698cd3812d3d5a2c73d6", "deprecated": false }, "0.2": { "digest": "5a05fcd4f832c12defc47cb1bb2e214ee686305e8d7d643ad25969a661cb2c4f", "deprecated": false }, "0.3": { "digest": "a0cdfd365b1ac0406e4a66317e7e0924826cd5f1be41ec906597cc56f4591c0f", "deprecated": false }, "0.4": { "digest": "dba7a79d5cb51283c1da9c5d12570895a6cac01326109ee332bada785a7308b8", "deprecated": false }, "0.5": { "digest": "5a05fcd4f832c12defc47cb1bb2e214ee686305e8d7d643ad25969a661cb2c4f", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBCYWlrYWwgYXV0aGVudGljYXRpb25zOgoKLSAgIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAKLSAgIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBCYWlrYWwgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBhbmRyZWFzYnJldHQvYmFpa2FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEJhaWthbCBicnV0ZWZvcmNlIGF0dGFja3MiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnYmFpa2FsX2ZhaWxlZF9hdXRoJywgJ2JhaWthbF9mYWlsZWRfYXV0aF9ub191c2VyJ10iCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICAgIHNlcnZpY2U6IGJhaWthbAogICAgdHlwZTogYnJ1dGVmb3JjZQogICAgY2xhc3NpZmljYXRpb246CiAgICAgIC0gYXR0YWNrLlQxMTEwCiAgICByZW1lZGlhdGlvbjogdHJ1ZQogICAgYmVoYXZpb3I6IGh0dHA6YnJ1dGVmb3JjZQogICAgc3Bvb2ZhYmxlOiAwCiAgICBjb25maWRlbmNlOiAzCi0tLQojIEJhaWthbCB1c2VyLWVudW0gKG9ubHkgZm9yIHdlYiBVSSBzaW5jZSBCYWlrYWwgZG9lc24ndCBsb2cgZmFpbGVkIHVzZXJuYW1lIGZvciBDYWxEQVYvQ2FyZERBViBhY2Nlc3MpCnR5cGU6IGxlYWt5Cm5hbWU6IGFuZHJlYXNicmV0dC9iYWlrYWwtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEJhaWthbCB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2JhaWthbF9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDVtCmxhYmVsczoKICAgIHNlcnZpY2U6IGJhaWthbAogICAgdHlwZTogYnJ1dGVmb3JjZQogICAgcmVtZWRpYXRpb246IHRydWUKICAgIGJlaGF2aW9yOiBodHRwOmJydXRlZm9yY2UKICAgIHNwb29mYWJsZTogMAogICAgY29uZmlkZW5jZTogMwogICAgY2xhc3NpZmljYXRpb246CiAgICAgIC0gYXR0YWNrLlQxMTEw", "description": "Detect Baikal bruteforce attacks", "author": "andreasbrett", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "remediation": true, "service": "baikal", "spoofable": 0, "type": "bruteforce" } }, "andreasbrett/paperless-ngx-bf": { "path": "scenarios/andreasbrett/paperless-ngx-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "cbfdde07a106b2e72769f381490da31062b4789f4f1a5e35a6a168dca2354d74", "deprecated": false }, "0.2": { "digest": "8f8c1e1a4554e30febf77fdce884ddeec79df20eb20ee5d33a563024acd3e013", "deprecated": false }, "0.3": { "digest": "db6ad37ca94b4d5390573129a9b86fa68068391ce216aa326f07b3a4c23d718f", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBQYXBlcmxlc3Mtbmd4IGF1dGhlbnRpY2F0aW9uczoKCi0gICBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCi0gICBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBQYXBlcmxlc3Mtbmd4IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogYW5kcmVhc2JyZXR0L3BhcGVybGVzcy1uZ3gtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgUGFwZXJsZXNzLW5neCBicnV0ZWZvcmNlIGF0dGFja3MiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwYXBlcmxlc3Nfbmd4X2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogICAgc2VydmljZTogcGFwZXJsZXNzLW5neAogICAgY29uZmlkZW5jZTogMwogICAgc3Bvb2ZhYmxlOiAwCiAgICBjbGFzc2lmaWNhdGlvbjoKICAgICAgICAtIGF0dGFjay5UMTExMAogICAgbGFiZWw6ICJQYXBlcmxlc3Mtbmd4IEJydXRlZm9yY2UiCiAgICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICAgIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIFBhcGVybGVzcy1uZ3ggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGFuZHJlYXNicmV0dC9wYXBlcmxlc3Mtbmd4LWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBQYXBlcmxlc3Mtbmd4IHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAncGFwZXJsZXNzX25neF9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDVtCmxhYmVsczoKICAgIHNlcnZpY2U6IHBhcGVybGVzcy1uZ3gKICAgIGNvbmZpZGVuY2U6IDMKICAgIHNwb29mYWJsZTogMAogICAgY2xhc3NpZmljYXRpb246CiAgICAgICAgLSBhdHRhY2suVDE1ODkKICAgIGxhYmVsOiAiUGFwZXJsZXNzLW5neCBVc2VyIEVudW1lcmF0aW9uIgogICAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Paperless-ngx bruteforce attacks", "author": "andreasbrett", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Paperless-ngx Bruteforce", "remediation": true, "service": "paperless-ngx", "spoofable": 0 } }, "andreasbrett/webmin-bf": { "path": "scenarios/andreasbrett/webmin-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "565ea4cf8ba6add8648fac488c904e2283afe76fe5b41e9f6bddf29a92b50b7c", "deprecated": false }, "0.2": { "digest": "0fa97ae9e9f79be63615dc34a6695cfe5c88a6f7d8d29ef28305593422ff58da", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBXZWJtaW4gYXV0aGVudGljYXRpb25zOgoKLSAgIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAKLSAgIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBXZWJtaW4gYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBhbmRyZWFzYnJldHQvd2VibWluLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFdlYm1pbiBicnV0ZWZvcmNlIGF0dGFja3MiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd3ZWJtaW5fZmFpbGVkX2F1dGhfd3JvbmdfcGFzcyciCmxlYWtzcGVlZDogMW0KY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICAgIHNlcnZpY2U6IHdlYm1pbgogICAgY29uZmlkZW5jZTogMwogICAgc3Bvb2ZhYmxlOiAwCiAgICBjbGFzc2lmaWNhdGlvbjoKICAgICAgICAtIGF0dGFjay5UMTExMAogICAgbGFiZWw6ICJXZWJtaW4gQnJ1dGVmb3JjZSIKICAgIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogICAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgV2VibWluIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBhbmRyZWFzYnJldHQvd2VibWluLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBXZWJtaW4gdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd3ZWJtaW5fZmFpbGVkX2F1dGhfd3JvbmdfcGFzcyciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDVtCmxhYmVsczoKICAgIHNlcnZpY2U6IHdlYm1pbgogICAgY29uZmlkZW5jZTogMwogICAgc3Bvb2ZhYmxlOiAwCiAgICBjbGFzc2lmaWNhdGlvbjoKICAgICAgICAtIGF0dGFjay5UMTU4OQogICAgbGFiZWw6ICJXZWJtaW4gQnJ1dGVmb3JjZSIKICAgIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogICAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Webmin bruteforce attacks", "author": "andreasbrett", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Webmin Bruteforce", "remediation": true, "service": "webmin", "spoofable": 0 } }, "baudneo/gotify-bf": { "path": "scenarios/baudneo/gotify-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "584f3cea147a6aca903f87b63d43bade9da0449c23b90efb26de9fa798d06fdb", "deprecated": false }, "0.2": { "digest": "d6ed2ccf69900783b22537eac017528704b37de1872db95e1424689ef1b45554", "deprecated": false }, "0.3": { "digest": "860c5265a1d19e76550a022a8be9a200e0163a7b6c1d19968846ffac999c2aa6", "deprecated": false } }, "long_description": "QnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGZvciBHb3RpZnkgc2VydmVyLiAKCkxlYWsgc3BlZWQgb2YgMTAgc2Vjb25kcyB3aXRoIGEgY2FwYWNpdHkgb2YgNC4=", "content": "dHlwZTogbGVha3kKbmFtZTogYmF1ZG5lby9nb3RpZnktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgID09ICdnb3RpZnlfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpjYXBhY2l0eTogMwpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGdvdGlmeQogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJHb3RpZnkgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect bruteforce", "author": "baudneo", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Gotify Bruteforce", "remediation": true, "service": "gotify", "spoofable": 0 } }, "baudneo/zoneminder-bf": { "path": "scenarios/baudneo/zoneminder-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "23f8a840d8341ffad8f70b787e7dc5c9ecbab0c3bcc91eaada7dffdc2a4613f7", "deprecated": false }, "0.2": { "digest": "ba9fd1bb90d61bec138d023c07418c93e8cd5a0e030ab7e67e14c66443e7fb89", "deprecated": false } }, "long_description": "QnJ1dGVmb3JjZS9Vc2VyIEVudW1lcmF0aW9uIHByb3RlY3Rpb24gZm9yIFpvbmVNaW5kZXIuCg==", "content": "IyBsb2dpbmcgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBiYXVkbmVvL3pvbmVtaW5kZXItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgWm9uZU1pbmRlciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfc3VidHlwZSA9PSAnem1fYmFkX3Bhc3N3b3JkJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKY2FwYWNpdHk6IDQKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB6b25lbWluZGVyCiAgdHlwZTogYnJ1dGVmb3JjZQogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlpvbmVtaW5kZXIgYnJ1dGVmb3JjZSIKLS0tCiMgdXNlciBlbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGJhdWRuZW8vem9uZW1pbmRlci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBab25lTWluZGVyIHVzZXIgZW51bWVyYXRpb24iCmZpbHRlcjogImV2dC5NZXRhLmxvZ19zdWJ0eXBlID09ICd6bV9iYWRfdXNlciciCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmRpc3RpbmN0OiAiZXZ0Lk1ldGEudXNlcm5hbWUiCmNhcGFjaXR5OiA0CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogem9uZW1pbmRlcgogIHR5cGU6IGJydXRlZm9yY2UKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiWm9uZW1pbmRlciB1c2VyIGVudW1lcmF0aW9uIgo=", "description": "Detect ZoneMinder bruteforce", "author": "baudneo", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Zoneminder bruteforce", "remediation": true, "service": "zoneminder", "spoofable": 0, "type": "bruteforce" } }, "baudneo/zoneminder_cve-2022-39285": { "path": "scenarios/baudneo/zoneminder_cve-2022-39285.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ce8c950d3c51b1e3b1aa7f3b77d29e080a59b5cba2151057c4651a124b752216", "deprecated": false }, "0.2": { "digest": "be09593bd2cf6c92f04b76d31958c4882e9d1a173594175868b348f7b0e1a016", "deprecated": false } }, "long_description": "U2NlbmFyaW8gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBbQ1ZFLTIwMjItMzkyODVdKGh0dHBzOi8vZ2l0aHViLmNvbS9ab25lTWluZGVyL3pvbmVtaW5kZXIvc2VjdXJpdHkvYWR2aXNvcmllcy9HSFNBLWg2eHAtY3Z3di1xNDMzKS4KQmFzaWNhbGx5IGRvIG5vdCBhbGxvdyBhbnkgUE9TVCByZXF1ZXN0cyBmb3IgaW5kZXgucGhwIHRvIGhhdmUgZmlsZT1bWFNTIHBheWxvYWRdLiBUaGlzIGlzIGZvciBaTSB2ZXJzaW9ucyBfX0JFRk9SRV9fIDEuMzYuMjcsIDEuMzcuMjQKCmBgYApQT1NUIC96bS9pbmRleC5waHAgSFRUUC8xLjEKSG9zdDogMTAuMC4xMC4xMDcKQ29udGVudC1MZW5ndGg6IDM3NwpBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvamF2YXNjcmlwdCwgKi8qOyBxPTAuMDEKWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QKVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMS4wLjQ5NTEuNDEgU2FmYXJpLzUzNy4zNgpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOApPcmlnaW46IGh0dHA6Ly8xMC4wLjEwLjEwNwpSZWZlcmVyOiBodHRwOi8vMTAuMC4xMC4xMDcvem0vCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45CkNvb2tpZTogem1Ta2luPWNsYXNzaWM7IHptQ1NTPWJhc2U7IHptQmFuZHdpZHRoPWhpZ2g7IFpNU0VTU0lEPXJhdWg1b2UzaTJ1YXIyNWVhbmlpcHEyZ2llCkNvbm5lY3Rpb246IGNsb3NlCgpfX2NzcmZfbWFnaWM9a2V5Ojc4ZWUyOThhNDU5MzI0M2I5YWM0ODExOTlkN2RhNDY4YmFiNGYwNDQsMTY2NDY3NTEyNSZ2aWV3PXJlcXVlc3QmcmVxdWVzdD1sb2cmdGFzaz1jcmVhdGUmbGV2ZWw9RVJSJm1lc3NhZ2U9VHJlbmNoZXMlMjBvZiUyMElUJTVCbmFtZSU1RD1DaHJvbWUmYnJvd3NlciU1QnZlcnNpb24lNUQ9MTAxLjAuNDk1MS40MSZicm93c2VyJTVCcGxhdGZvcm0lNUQ9V2luZG93cyZmaWxlPWh0dHAlM0ElMkYlMkYxMC4wLjEwLjEwNyUyRnptJTJGJmx0Oy90ZCZndDsmbHQ7L3RyJmd0OyZsdDtzY3JpcHQgc3JjPScvem0vP3ZpZXc9b3B0aW9ucyUyNnRhYj11c2VycyUyNmFjdGlvbj1kZWxldGUlMjZtYXJrVWlkcyU1QiU1RD02JTI2ZGVsZXRlQnRuPURlbGV0ZScmbHQ7L3NjcmlwdCZndDsmbGluZT03MApgYGAKCjp3YXJuaW5nOiBDcm93ZHNlYyBpcyBub3QgYSBXQUYgYW5kLCBhcyBzdWNoLCBieXBhc3MgdG8gdGhvc2Ugc2lnbmF0dXJlcyBhcmUgbGlrZWx5IDp3YXJuaW5nOgoKCgoKCg==", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKIyAgZmlsZT1odHRwJTNBJTJGJTJGMTAuMC4xMC4xMDclMkZ6bSUyRiZsdDsvdGQmZ3Q7Jmx0Oy90ciZndDsmbHQ7c2NyaXB0IHNyYz0nL3ptLz92aWV3PW9wdGlvbnMlMjZ0YWI9dXNlcnMlMjZhY3Rpb249ZGVsZXRlJTI2bWFya1VpZHMlNUIlNUQ9NiUyNmRlbGV0ZUJ0bj1EZWxldGUnJmx0Oy9zY3JpcHQmZ3Q7JmxpbmU9NzAKbmFtZTogYmF1ZG5lby96b25lbWluZGVyX2N2ZS0yMDIyLTM5Mjg1CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIyLTM5Mjg1IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXQogIGFuZCAKICAgICgKICAgICAgKCBVcHBlcihldnQuTWV0YS5odHRwX3ZlcmIpID09ICJQT1NUIiBhbmQKICAgICAgICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgbWF0Y2hlcyBVcHBlcignXig/UDxwYXRoPi8uKmluZGV4LnBocCk/LiooP1A8ZmlsZV9xdWVyeT5maWxlPS4qJmx0Oy90ZCZndDsmbHQ7L3RyKD9QPHBheWxvYWQ+LiopJmd0OyknKQogICAgICApCiAgICAgIG9yIAogICAgICBVcHBlcihldnQuUGFyc2VkLnJhd3JlcXVlc3QpIG1hdGNoZXMgVXBwZXIoJ14oP1A8dmVyYj5QT1NUKSAoP1A8cGF0aD4vLippbmRleC5waHApPy4qKD9QPGZpbGVfcXVlcnk+ZmlsZT0uKiZsdDsvdGQmZ3Q7Jmx0Oy90cig/UDxwYXlsb2FkPi4qKSZndDspJykKICAgICkKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjItMzkyODUKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgc2VydmljZTogem9uZW1pbmRlcgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiWm9uZW1pbmRlciBDVkUtMjAyMi0zOTI4NSIK", "description": "Detect cve-2022-39285 exploitation attempts", "author": "baudneo", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-39285" ], "confidence": 3, "label": "Zoneminder CVE-2022-39285", "remediation": true, "service": "zoneminder", "spoofable": 0 } }, "baudneo/zoneminder_cve-2022-39290": { "path": "scenarios/baudneo/zoneminder_cve-2022-39290.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b0ea4c6323f2a29c66ce3ec6bcb34ee0721ff6de66c37cd50f3bc9e0179febb1", "deprecated": false }, "0.2": { "digest": "9780563700326839396f67fffb58787680bc32cd363d5e609953ba328eb42890", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKIy96bS9pbmRleC5waHA/dmlldz1vcHRpb25zJnRhYj11c2VycyZhY3Rpb249ZGVsZXRlJm1hcmtVaWRzJTVCJTVEPTEzJmRlbGV0ZUJ0bj1EZWxldGUKbmFtZTogYmF1ZG5lby96b25lbWluZGVyX2N2ZS0yMDIyLTM5MjkwCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIyLTM5MjkwIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXQogIGFuZCBVcHBlcihldnQuTWV0YS5odHRwX3ZlcmIpID09ICJHRVQiCiAgYW5kICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJy4qYWN0aW9uPS4qJykKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIyLTM5MjkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIHNlcnZpY2U6IHpvbmVtaW5kZXIKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlpvbmVtaW5kZXIgQ1ZFLTIwMjItMzkyOTAiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect cve-2022-39290 exploitation attempts", "author": "baudneo", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-39290" ], "confidence": 3, "label": "Zoneminder CVE-2022-39290", "remediation": true, "service": "zoneminder", "spoofable": 0 } }, "baudneo/zoneminder_cve-2022-39291": { "path": "scenarios/baudneo/zoneminder_cve-2022-39291.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8374d8580cd1d1c2c56e2c7e12ba82b3e1f797d0b300fb6d620825b77f61a6c5", "deprecated": false }, "0.2": { "digest": "d0f2d1eca926874288de1c8443a813ebb24f0ed0a26d869c23e441666de52c73", "deprecated": false } }, "long_description": "U2NlbmFyaW8gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBbQ1ZFLTIwMjItMzkyOTFdKGh0dHBzOi8vZ2l0aHViLmNvbS9ab25lTWluZGVyL3pvbmVtaW5kZXIvc2VjdXJpdHkvYWR2aXNvcmllcy9HSFNBLWNmY3gtdjUyeC1qaDc0KS4KQmFzaWNhbGx5IHJhdGUgbGltaXQgYWRkaW5nIChQT1NUKSBsb2cgZW50cmllcyB1c2luZyBpbmRleC5waHAuIAoKIyMjIyBUaGlzIGlzIGZvciBaTSB2ZXJzaW9ucyBfX0JFRk9SRV9fIDEuMzYuMjcsIDEuMzcuMjQKCmBgYAogIFBPU1QgL3ptL2luZGV4LnBocCBIVFRQLzEuMQogIEhvc3Q6IDEwLjAuMTAuMTA3CiAgQ29udGVudC1MZW5ndGg6IDI1NgogIEFjY2VwdDogYXBwbGljYXRpb24vanNvbiwgdGV4dC9qYXZhc2NyaXB0LCAqLyo7IHE9MC4wMQogIFgtUmVxdWVzdGVkLVdpdGg6IFhNTEh0dHBSZXF1ZXN0CiAgVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMS4wLjQ5NTEuNDEgU2FmYXJpLzUzNy4zNgogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkOyBjaGFyc2V0PVVURi04CiAgT3JpZ2luOiBodHRwOi8vMTAuMC4xMC4xMDcKICBSZWZlcmVyOiBodHRwOi8vMTAuMC4xMC4xMDcvem0vPwogIENvbnRlbnQtU2VjdXJpdHktUG9saWN5OiBkZWZhdWx0LXNyYyAnc2VsZicgZGF0YTogKjsgY29ubmVjdC1zcmMgJ3NlbGYnOyBzY3JpcHQtc3JjICAnc2VsZic7CiAgQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlCiAgQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQogIENvb2tpZTogem1Ta2luPWNsYXNzaWM7IHptQ1NTPWJhc2U7IHptQmFuZHdpZHRoPWhpZ2g7IFpNU0VTU0lEPThvOGgzbWc0bnY3cG1tc3U0dG0xM3IxdjRkCiAgQ29ubmVjdGlvbjogY2xvc2UKICAgIAogICAgX19jc3JmX21hZ2ljPWtleSUzQTg1ODY2ZmJjYjZhMWQ3MzI1NTQ0YTU1YWE2M2ZiNTM0Njc3ZjM0Y2ElMkMxNjY1MTAyNDExJnZpZXc9cmVxdWVzdCZyZXF1ZXN0PWxvZyZ0YXNrPWNyZWF0ZSZsZXZlbD1FUlImbWVzc2FnZT1UcmVuY2hlcyUyMG9mJTIwSVQlMjBQb0MmYnJvd3NlciU1Qm5hbWUlNUQ9Q2hyb21lJmJyb3dzZXIlNUJ2ZXJzaW9uJTVEPTEwMS4wLjQ5NTEuNDEmYnJvd3NlciU1QnBsYXRmb3JtJTVEPVdpbmRvd3MmZmlsZT1saW5lPTgwMApgYGAKCjp3YXJuaW5nOiBDcm93ZHNlYyBpcyBub3QgYSBXQUYgYW5kLCBhcyBzdWNoLCBieXBhc3MgdG8gdGhvc2Ugc2lnbmF0dXJlcyBhcmUgbGlrZWx5IDp3YXJuaW5nOgoKCgoKCg==", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCiMgIF9fY3NyZl9tYWdpYz1rZXklM0E4NTg2NmZiY2I2YTFkNzMyNTU0NGE1NWFhNjNmYjUzNDY3N2YzNGNhJTJDMTY2NTEwMjQxMSZyZXF1ZXN0PWxvZyZ0YXNrPWNyZWF0ZSZsZXZlbD1FUlImbWVzc2FnZT1UcmVuY2hlcyUyMG9mJTIwSVQlMjBQb0MmYnJvd3NlciU1Qm5hbWUlNUQ9Q2hyb21lJmJyb3dzZXIlNUJ2ZXJzaW9uJTVEPTEwMS4wLjQ5NTEuNDEmYnJvd3NlciU1QnBsYXRmb3JtJTVEPVdpbmRvd3MmZmlsZT1saW5lPTgwMCZ2aWV3PXJlcXVlc3QgSFRUUC8xLjEKbmFtZTogYmF1ZG5lby96b25lbWluZGVyX2N2ZS0yMDIyLTM5MjkxCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIyLTM5MjkxIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXQogIGFuZCAKICAoCiAgKCBVcHBlcihldnQuTWV0YS5odHRwX3ZlcmIpID09ICJQT1NUIiBhbmQKICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJ14oP1A8cGF0aD4vLippbmRleC5waHApPy4qKD9QPHZpZXc+dmlldz1yZXF1ZXN0fHJlcXVlc3Q9bG9nfHRhc2s9Y3JlYXRlKSsuKig/UDxyZXF1ZXN0X3F1ZXJ5PnZpZXc9cmVxdWVzdHxyZXF1ZXN0PWxvZ3x0YXNrPWNyZWF0ZSkrLiooP1A8dGFza19xdWVyeT52aWV3PXJlcXVlc3R8cmVxdWVzdD1sb2d8dGFzaz1jcmVhdGUpKy4qJykKCiAgKQogIG9yCiAgVXBwZXIoZXZ0LlBhcnNlZC5yYXdyZXF1ZXN0KSBtYXRjaGVzIFVwcGVyKCdeKD9QPHZlcmI+UE9TVCkgKD9QPHBhdGg+Ly4qaW5kZXgucGhwKT8uKig/UDx2aWV3PnZpZXc9cmVxdWVzdHxyZXF1ZXN0PWxvZ3x0YXNrPWNyZWF0ZSkrLiooP1A8cmVxdWVzdF9xdWVyeT52aWV3PXJlcXVlc3R8cmVxdWVzdD1sb2d8dGFzaz1jcmVhdGUpKy4qKD9QPHRhc2tfcXVlcnk+dmlldz1yZXF1ZXN0fHJlcXVlc3Q9bG9nfHRhc2s9Y3JlYXRlKSsuKicpCiAgKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpjYXBhY2l0eTogMTAKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjItMzkyOTEKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgc2VydmljZTogem9uZW1pbmRlcgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiWm9uZW1pbmRlciBDVkUtMjAyMi0zOTI5MSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect cve-2022-39291 exploitation attempts", "author": "baudneo", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-39291" ], "confidence": 3, "label": "Zoneminder CVE-2022-39291", "remediation": true, "service": "zoneminder", "spoofable": 0 } }, "corvese/apache-guacamole_bf": { "path": "scenarios/corvese/apache-guacamole_bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "78920b8234b82abaeb1b73c6f3994f4c35e5c90cab074a7f11d9ffb58248ef70", "deprecated": false }, "0.2": { "digest": "f6cf4a711993f42488873b936d5fe591043c1d3c15e62b42794f31fde0b52682", "deprecated": false } }, "long_description": "RGVmZW5kcyBhZ2FpbnN0IGEgc2luZ2xlIHVzZXIncyBhY2NvdW50IGJlaW5nIGJydXRlZm9yY2Vk", "content": "dHlwZTogbGVha3kKbmFtZTogY29ydmVzZS9hcGFjaGUtZ3VhY2Ftb2xlX2JmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFwYWNoZSBHdWFjYW1vbGUgdXNlciBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdhcGFjaGUtZ3VhY2Ftb2xlX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYXBhY2hlLWd1YWNhbW9sZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJBcGFjaGUgR3VhY2Ftb2xlIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Apache Guacamole user bruteforce", "author": "corvese", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Apache Guacamole Bruteforce", "remediation": true, "service": "apache-guacamole", "spoofable": 0 } }, "corvese/apache-guacamole_user_enum": { "path": "scenarios/corvese/apache-guacamole_user_enum.yaml", "version": "0.2", "versions": { "0.1": { "digest": "9657710b2f728d779870ceda5d46c624dd1e33415c51232293f0ba416beda965", "deprecated": false }, "0.2": { "digest": "2782dcc3e78f4679f66b6b186b050e016010dc225f3a3fc0a3ff3f73d92e1690", "deprecated": false } }, "long_description": "RGVmZW5kcyBhZ2FpbnN0IHVzZXIgZW51bWVyYXRpb24gYXR0YWNr", "content": "dHlwZTogbGVha3kKbmFtZTogY29ydmVzZS9hcGFjaGUtZ3VhY2Ftb2xlX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBBcGFjaGUgR3VhY2Ftb2xlIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdhcGFjaGUtZ3VhY2Ftb2xlX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGFwYWNoZS1ndWFjYW1vbGUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkFwYWNoZSBHdWFjYW1vbGUgVXNlciBFbnVtZXJhdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Apache Guacamole user enum bruteforce", "author": "corvese", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1589", "attack.T1110" ], "confidence": 3, "label": "Apache Guacamole User Enumeration", "remediation": true, "service": "apache-guacamole", "spoofable": 0 } }, "crowdsecurity/CVE-2017-9841": { "path": "scenarios/crowdsecurity/CVE-2017-9841.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6fc6487fc9c9e60d99dccdd37b063c9f52c53d4ebed28d8d83aa69b6b29cfca3", "deprecated": false }, "0.2": { "digest": "a9421e42d85c3f1aab40ef09aaa0261db42f34c5d95986d6a67c9db8b577889e", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMTctOTg0MQoKRGV0ZWN0cyBleHBsb2l0IG9mIENWRS0yMDE3LTk4NDEgdnVsbmVyYWJpbGl0eSB0YXJnZXRpbmcgUEhQIHVuaXQgdGVzdCBmcmFtZXdvcmsuCg==", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAxNy05ODQxCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDE3LTk4NDEgZXhwbG9pdHMiCmZpbHRlcjogfAogICAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYKICAgIExvd2VyKGV2dC5NZXRhLmh0dHBfcGF0aCkgZW5kc1dpdGggJ3V0aWwvcGhwL2V2YWwtc3RkaW4ucGhwJwpibGFja2hvbGU6IDFtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMTctOTg0MQogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlBIUCBVbml0IFRlc3QgRnJhbWV3b3JrIENWRS0yMDE3LTk4NDEiCiAgc2VydmljZTogUEhQCg==", "description": "Detect CVE-2017-9841 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2017-9841" ], "confidence": 3, "label": "PHP Unit Test Framework CVE-2017-9841", "remediation": true, "service": "PHP", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2019-18935": { "path": "scenarios/crowdsecurity/CVE-2019-18935.yaml", "version": "0.2", "versions": { "0.1": { "digest": "58a495cc103c884661837a5951a903f04ee964f328b37a78aec71b4b03f5699a", "deprecated": false }, "0.2": { "digest": "9558b50809bbc8fb2c2747004a3878229d19c0321b3630fcd9f66e9d359dde5b", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBUZWxlcmlrIENWRS0yMDE5LTE4OTM1CgpSZWY6IGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMTktMTg5MzUKUG9jOiBodHRwczovL2dpdGh1Yi5jb20vbm9wZXJhdG9yL0NWRS0yMDE5LTE4OTM1", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFRlbGVyaWsgQ1ZFLTIwMTktMTg5MzUgZXhwbG9pdGF0aW9uIGF0dGVtcHRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIFVwcGVyKFF1ZXJ5VW5lc2NhcGUoZXZ0Lk1ldGEuaHR0cF9wYXRoKSkgc3RhcnRzV2l0aCBVcHBlcignL1RlbGVyaWsuV2ViLlVJLldlYlJlc291cmNlLmF4ZD90eXBlPXJhdScpCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAxOS0xODkzNQogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlRlbGVyaWsgQ1ZFLTIwMTktMTg5MzUiCiAgc2VydmljZTogdGVsZXJpawo=", "description": "Detect Telerik CVE-2019-18935 exploitation attempts", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2019-18935" ], "confidence": 3, "label": "Telerik CVE-2019-18935", "remediation": true, "service": "telerik", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2021-4034": { "path": "scenarios/crowdsecurity/CVE-2021-4034.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f08340e4247cfd2c44fb2db26dcb752aacbcfb483dc7da686af8e793b5a32d0f", "deprecated": false }, "0.2": { "digest": "8d6e9e5be1b07382085e013fed07fdb6d5b6bf96f1b03f394b2859bcfc398475", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjEtNDAzNAoKRGV0ZWN0cyBleHBsb2l0IG9mIENWRS0yMDIxLTQwMzQgYHBrZXhlY2AgdnVsbmVyYWJpbGl0eS4KCjp3YXJuaW5nOiBTbWFydCBhdHRhY2tlcnMgY2FuIGV4cGxvaXQgdGhpcyB2dWxuZXJhYmlsaXR5IHdpdGhvdXQgbGVhdmluZyB0cmFjZXMgaW4gbG9ncwoK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMS00MDM0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDIxLTQwMzQgZXhwbG9pdHMiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ0NWRS0yMDIxLTQwMzQteHBsJwpncm91cGJ5OiBldnQuTWV0YS50YXJnZXRfdXNlcgpibGFja2hvbGU6IDFtCmxhYmVsczoKICB0eXBlOiBwcml2ZXNjCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU0OAogICAgLSBjdmUuQ1ZFLTIwMjEtNDAzNAogIGJlaGF2aW9yOiAiZ2VuZXJpYzpleHBsb2l0IgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBsaW51eAogIGxhYmVsOiAiYHBrZXhlY2AgQ1ZFLTIwMjEtNDAzNCIKc2NvcGU6CiAgdHlwZTogc3lzdGVtX2FjY291bnQKICBleHByZXNzaW9uOiBldnQuTWV0YS50YXJnZXRfdXNlcgo=", "description": "Detect CVE-2021-4034 exploits", "author": "crowdsecurity", "labels": { "behavior": "generic:exploit", "classification": [ "attack.T1548", "cve.CVE-2021-4034" ], "confidence": 3, "label": "`pkexec` CVE-2021-4034", "service": "linux", "spoofable": 0, "type": "privesc" } }, "crowdsecurity/CVE-2022-26134": { "path": "scenarios/crowdsecurity/CVE-2022-26134.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ef1cbb63184361f1fca2b914b436f99bac53b98047da4442bebe58fd65a6dc2d", "deprecated": false }, "0.2": { "digest": "d355711eafe682860cce08414e27e6f6c55c70f83ad5d96123e351a375070df3", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMjYxMzQKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0yNjEzNCBSQ0UgdnVsbmVyYWJpbGl0eS4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0yNjEzNApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0yNjEzNCBleHBsb2l0cyIKZmlsdGVyOiAiVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCdAamF2YS5sYW5nLlJ1bnRpbWVAZ2V0UnVudGltZSgpLmV4ZWMoJykiCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMi0yNjEzNAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBzZXJ2aWNlOiBhdGxhc3NpYW4tY29uZmx1ZW5jZQogIGxhYmVsOiAiQ29uZmx1ZW5jZSBDVkUtMjAyMi0yNjEzNCIK", "description": "Detect CVE-2022-26134 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-26134" ], "confidence": 3, "label": "Confluence CVE-2022-26134", "remediation": true, "service": "atlassian-confluence", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-35914": { "path": "scenarios/crowdsecurity/CVE-2022-35914.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8dcd25e2e77855c6e8216d2d988af69f93492d49cb9bd68009149124de555b61", "deprecated": false }, "0.2": { "digest": "00fdc57bcd3cee6ec6a025e843f0f9df47223726a8847fb35d96044201aee75e", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMzU5MTQKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0zNTkxNCBSQ0UgdnVsbmVyYWJpbGl0eS4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vZ2l0aHViLmNvbS9nbHBpLXByb2plY3QvZ2xwaS9zZWN1cml0eS9hZHZpc29yaWVzL0dIU0EtYzVneC03ODlxLTVwY3IK", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0zNTkxNApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0zNTkxNCBleHBsb2l0cyIKZmlsdGVyOiAiVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL3ZlbmRvci9odG1sYXdlZC9odG1sYXdlZC9odG1MYXdlZFRlc3QucGhwJykiCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMi0zNTkxNAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBzZXJ2aWNlOiBnbHBpCiAgbGFiZWw6ICJHTFBJIENWRS0yMDIyLTM1OTE0Igo=", "description": "Detect CVE-2022-35914 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-35914" ], "confidence": 3, "label": "GLPI CVE-2022-35914", "remediation": true, "service": "glpi", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-37042": { "path": "scenarios/crowdsecurity/CVE-2022-37042.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a359e07196179abadd5c81f4599a539f693a647cca4b744d3a0ef43e6d49496d", "deprecated": false }, "0.2": { "digest": "b439f85b43c47467614ec9473942a8824e910a96dbac7cd852bd2f5a3266fffe", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItMzcwNDIKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi0zNzA0MiBSQ0UgdnVsbmVyYWJpbGl0eS4K", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi0zNzA0MgpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi0zNzA0MiBleHBsb2l0cyIKZmlsdGVyOiB8CiAgKAogIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoJy9zZXJ2aWNlL2V4dGVuc2lvbi9iYWNrdXAvbWJveGltcG9ydD9hY2NvdW50LW5hbWU9YWRtaW4mb3c9MiZuby1zd2l0Y2g9MSZhcHBlbmQ9MScpIHx8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL3NlcnZpY2UvZXh0ZW5zaW9uL2JhY2t1cC9tYm94aW1wb3J0P2FjY291bnQtbmFtZT1hZG1pbiZhY2NvdW50LXN0YXR1cz0xJm93PWNtZCcpIAogICkKICBhbmQgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgc3RhcnRzV2l0aCAoJzQwJykgYW5kCiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF92ZXJiKSA9PSAnUE9TVCcKCmJsYWNraG9sZTogMm0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMi0zNzA0MgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlpDUyBDVkUtMjAyMi0zNzA0MiIKICBzZXJ2aWNlOiB6aW1icmEK", "description": "Detect CVE-2022-37042 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-37042" ], "confidence": 3, "label": "ZCS CVE-2022-37042", "remediation": true, "service": "zimbra", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-40684": { "path": "scenarios/crowdsecurity/CVE-2022-40684.yaml", "version": "0.3", "versions": { "0.1": { "digest": "3966ffd8e0b1b6d00ac99759955f676f39a5d350d0d2de4117c1293dd17617bb", "deprecated": false }, "0.2": { "digest": "49e7ee3c7afd08b249c0429abb9a74de76a9bdef56f803bc802425cca7d45027", "deprecated": false }, "0.3": { "digest": "3b7859e98c3a054e3012b7c3a0d470451ce8741b1a84c1c9c2c0a90a72ba6ce9", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDA2ODQKCkRldGVjdHMgRm9ydGlPcywgRm9ydGlQcm94eSwgYW5kIEZvcnRpU3dpdGNoTWFuYWdlciBhdXRoZW50aWNhdGlvbiBieXBhc3MgKENWRS0yMDIyLTQwNjg0KSB2dWxuZXJhYmlsaXR5Lgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2ZvcnRpbmV0LWN2ZS0yMDIyLTQwNjg0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIyLTQwNjg0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSBhbmQgCiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBzdGFydHNXaXRoIFVwcGVyKCcvYXBpL3YyL2NtZGIvc3lzdGVtL2FkbWluLycpIGFuZCBMb3dlcihldnQuUGFyc2VkLmh0dHBfdXNlcl9hZ2VudCkgPT0gJ3JlcG9ydCBydW5uZXInCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1NDgKICAgIC0gY3ZlLkNWRS0yMDIyLTQwNjg0CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODQiCiAgc2VydmljZTogZm9ydGluZXQK", "description": "Detect cve-2022-40684 exploitation attempts", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1548", "cve.CVE-2022-40684" ], "confidence": 3, "label": "Fortinet CVE-2022-40684", "remediation": true, "service": "fortinet", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-41082": { "path": "scenarios/crowdsecurity/CVE-2022-41082.yaml", "version": "0.4", "versions": { "0.1": { "digest": "4c1c2f9955b07527a943b5bb756bd1a3ac85d20ac1c32e5a4087c3e59840d53d", "deprecated": false }, "0.2": { "digest": "429111e4d5cbbbfaaaee02eee6d646d0f75878c12ab24cd10ece4fd133b45eff", "deprecated": false }, "0.3": { "digest": "fb8dac201728cb4b366fe199d523ec01423dd7487e76854e38e89216ba7f717d", "deprecated": false }, "0.4": { "digest": "cb2d3cd023a7be04c41213379c1335259f0b6cd5e43ed5bc3dea096809c3c57b", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00MTA4MgpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00MTA4MiBleHBsb2l0cyIKZmlsdGVyOiB8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL2F1dG9kaXNjb3Zlci9hdXRvZGlzY292ZXIuanNvbicpICYmCiAgVXBwZXIoZXZ0LlBhcnNlZC5odHRwX2FyZ3MpIGNvbnRhaW5zIFVwcGVyKCdwb3dlcnNoZWxsJykKCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMi00MTA4MgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBzZXJ2aWNlOiBleGNoYW5nZQogIGxhYmVsOiAiTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyIgo=", "description": "Detect CVE-2022-41082 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-41082" ], "confidence": 3, "label": "Microsoft Exchange CVE-2022-41082", "remediation": true, "service": "exchange", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-41697": { "path": "scenarios/crowdsecurity/CVE-2022-41697.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ae9e978bd67cefe94cb65a5aefc557f873ab7622805ce053961b573e135df43e", "deprecated": false }, "0.2": { "digest": "a2cbe3a432df8012c16607c6885302af464e9ae2730d1b2e490c8e3908b779b2", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDE2OTcKR2hvc3QgdXNlciBlbnVtZXJhdGlvbiB2dWxuZXJhYmxpdHkKIyMjIyBSZWZlcmVuY2VzCltDVkVdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItNDE2OTcpIDwvYnI+Clt0YWxvc10oaHR0cHM6Ly93d3cudGFsb3NpbnRlbGxpZ2VuY2UuY29tL3Z1bG5lcmFiaWxpdHlfcmVwb3J0cy9UQUxPUy0yMDIyLTE2MjUp", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00MTY5NwpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00MTY5NyBlbnVtZXJhdGlvbiIKZmlsdGVyOiB8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL2dob3N0L2FwaS9hZG1pbi9zZXNzaW9uJykgJiYKICBVcHBlcihldnQuUGFyc2VkLnZlcmIpID09ICdQT1NUJyAmJgogIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICc0MDQnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBjdmUuQ1ZFLTIwMjItNDE2OTcKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJHaG9zdCBDVkUtMjAyMi00MTY5NyIKICBzZXJ2aWNlOiBnaG9zdAo=", "description": "Detect CVE-2022-41697 enumeration", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1589", "cve.CVE-2022-41697" ], "confidence": 3, "label": "Ghost CVE-2022-41697", "remediation": true, "service": "ghost", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-42889": { "path": "scenarios/crowdsecurity/CVE-2022-42889.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0efbd6a607d22683331a3e4ee96a78cedc3a071dd80f302df10158628eef36d9", "deprecated": false }, "0.2": { "digest": "7358ad76095b008ebdf384cfbda11f1f5977f3e41acaad6f83fd779fdddd656a", "deprecated": false }, "0.3": { "digest": "f322190f4683f35f340dcd5ee9db2c34378742236c959a7f86f8c7bdfa0a07c3", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDI4ODkKCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBDVkUtMjAyMi00Mjg4OSAoVGV4dDRTaGVsbCkgUkNFIHZ1bG5lcmFiaWxpdHkuCgoKUmVmZXJlbmNlOiBodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5Cg==", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00Mjg4OQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00Mjg4OSBleHBsb2l0cyAoVGV4dDRTaGVsbCkiCmZpbHRlcjogfAogIFVwcGVyKFBhdGhVbmVzY2FwZShldnQuTWV0YS5odHRwX3BhdGgpKSBjb250YWlucyBVcHBlcignJHtzY3JpcHQ6amF2YXNjcmlwdDpqYXZhLmxhbmcuUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYygnKQogIG9yCiAgVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCcke3NjcmlwdDpqczpqYXZhLmxhbmcuUnVudGltZS5nZXRSdW50aW1lKCkuZXhlYygnKQogIG9yCiAgVXBwZXIoUGF0aFVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIGNvbnRhaW5zIFVwcGVyKCcke3VybDpVVEYtODonKSAKICBvcgogIFVwcGVyKFBhdGhVbmVzY2FwZShldnQuTWV0YS5odHRwX3BhdGgpKSBjb250YWlucyBVcHBlcignJHtkbnM6YWRkcmVzc3wnKQpibGFja2hvbGU6IDFtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjItNDI4ODkKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5IgogIHNlcnZpY2U6IGFwYWNoZQo=", "description": "Detect CVE-2022-42889 exploits (Text4Shell)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-42889" ], "confidence": 3, "label": "Text4Shell CVE-2022-42889", "remediation": true, "service": "apache", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-44877": { "path": "scenarios/crowdsecurity/CVE-2022-44877.yaml", "version": "0.3", "versions": { "0.1": { "digest": "672740b98557f5e4d0c1e40d1a9bf01ab294e06e02dc750b92294f5a9933c0fa", "deprecated": false }, "0.2": { "digest": "0127aac14a23d5f67218598b632e9654f82ae73a05d9113e7aeb592f4fcf5611", "deprecated": false }, "0.3": { "digest": "44e6e53a2b1ba558678735c8749bc68cb359edf1e1fb659350199d41a71f0f12", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDQ4NzcKClRyaWdnZXIgZXhwbG9pdHMgb2YgQ1ZFLTIwMjItNDQ4NzcgQ2VudG9zIFdlYiBQYW5lbCA3IFVuYXV0aGVudGljYXRlZCBSZW1vdGUgQ29kZSBFeGVjdXRpb24KCgpSZWZlcmVuY2U6IGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTQ0ODc3Cg==", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00NDg3NwpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00NDg3NyBleHBsb2l0cyIKZmlsdGVyOiB8CiAgTG93ZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyAnL2luZGV4LnBocCcgJiYKICBVcHBlcihldnQuUGFyc2VkLnZlcmIpID09ICdQT1NUJyAmJgogIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICczMDInICYmCiAgTG93ZXIoZXZ0LlBhcnNlZC5odHRwX2FyZ3MpIG1hdGNoZXMgJ2xvZ2luPS4qWyR8JTI0XVtcXCh8JTI4XS4qW1xcKXwlMjldJwoKYmxhY2tob2xlOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIyLTQ0ODc3CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2VudG9zIFdlYnBhbmVsIENWRS0yMDIyLTQ0ODc3IgogIHNlcnZpY2U6IGNlbnRvcwo=", "description": "Detect CVE-2022-44877 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2022-44877" ], "confidence": 3, "label": "Centos Webpanel CVE-2022-44877", "remediation": true, "service": "centos", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2022-46169": { "path": "scenarios/crowdsecurity/CVE-2022-46169.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a688d850825ff127adec942a59fbe77177948e7a5eb2ab1ba33f587e1e1d34f8", "deprecated": false }, "0.2": { "digest": "a5da5fb136d8f1c254546d080049beba49ae22b28415f787029e0e1346ce6913", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjItNDYxNjkKCkNhY3RpIGlzIGFuIG9wZW4gc291cmNlIHBsYXRmb3JtIHdoaWNoIHByb3ZpZGVzIGEgcm9idXN0IGFuZCBleHRlbnNpYmxlIG9wZXJhdGlvbmFsIG1vbml0b3JpbmcgYW5kIGZhdWx0IG1hbmFnZW1lbnQgZnJhbWV3b3JrIGZvciB1c2Vycy4gSW4gYWZmZWN0ZWQgdmVyc2lvbnMgYSBjb21tYW5kIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IGFsbG93cyBhbiB1bmF1dGhlbnRpY2F0ZWQgdXNlciB0byBleGVjdXRlIGFyYml0cmFyeSBjb2RlIG9uIGEgc2VydmVyIHJ1bm5pbmcgQ2FjdGksIGlmIGEgc3BlY2lmaWMgZGF0YSBzb3VyY2Ugd2FzIHNlbGVjdGVkIGZvciBhbnkgbW9uaXRvcmVkIGRldmljZS4KCltSZWFkIE1vcmVdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTQ2MTY5KQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00NjE2OS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMi00NjE2OSBicnV0ZSBmb3JjaW5nIgpmaWx0ZXI6IHwKICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zIFVwcGVyKCcvcmVtb3RlX2FnZW50LnBocCcpICYmCiAgVXBwZXIoZXZ0LlBhcnNlZC52ZXJiKSA9PSAnR0VUJyAmJgogIExvd2VyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyAnaG9zdF9pZCcgJiYKICBMb3dlcihldnQuUGFyc2VkLmh0dHBfYXJncykgY29udGFpbnMgJ2xvY2FsX2RhdGFfaWRzJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTIKICAgIC0gY3ZlLkNWRS0yMDIyLTQ2MTY5CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQ2FjdGkgQ1ZFLTIwMjItNDYxNjkiCiAgc2VydmljZTogY2FjdGkKLS0tCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMi00NjE2OS1jbWQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItNDYxNjkgY21kIGluamVjdGlvbiIKZmlsdGVyOiB8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL3JlbW90ZV9hZ2VudC5waHAnKSAmJgogIFVwcGVyKGV2dC5QYXJzZWQudmVyYikgPT0gJ0dFVCcgJiYKICBMb3dlcihldnQuUGFyc2VkLmh0dHBfYXJncykgY29udGFpbnMgJ2FjdGlvbj1wb2xsZGF0YScgJiYKICBMb3dlcihldnQuUGFyc2VkLmh0dHBfYXJncykgbWF0Y2hlcyAncG9sbGVyX2lkPS4qKDt8JTNiKScKYmxhY2tob2xlOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIyLTQ2MTY5CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2FjdGkgQ1ZFLTIwMjItNDYxNjkiCiAgc2VydmljZTogY2FjdGkK", "description": "Detect CVE-2022-46169 brute forcing", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1592", "cve.CVE-2022-46169" ], "confidence": 3, "label": "Cacti CVE-2022-46169", "remediation": true, "service": "cacti", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2023-22515": { "path": "scenarios/crowdsecurity/CVE-2023-22515.yaml", "version": "0.1", "versions": { "0.1": { "digest": "957c29040e254268a5595b538ebd25529d17f2dfedc1eaa97d6863623fc31f3d", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjMtMjI1MTUKCmh0dHBzOi8vd3d3LnJhcGlkNy5jb20vYmxvZy9wb3N0LzIwMjMvMTAvMDQvZXRyLWN2ZS0yMDIzLTIyNTE1LXplcm8tZGF5LXByaXZpbGVnZS1lc2NhbGF0aW9uLWluLWNvbmZsdWVuY2Utc2VydmVyLWFuZC1kYXRhLWNlbnRlci8KCk9uIE9jdG9iZXIgNCwgMjAyMywgQXRsYXNzaWFuIHB1Ymxpc2hlZCBhIHNlY3VyaXR5IGFkdmlzb3J5IG9uIENWRS0yMDIzLTIyNTE1LCBhIGNyaXRpY2FsIHByaXZpbGVnZSBlc2NhbGF0aW9uIHZ1bG5lcmFiaWxpdHkgYWZmZWN0aW5nIG9uLXByZW1pc2VzIGluc3RhbmNlcyBvZiBDb25mbHVlbmNlIFNlcnZlciBhbmQgQ29uZmx1ZW5jZSBEYXRhIENlbnRlci4gQXRsYXNzaWFuIGRvZXMgbm90IHNwZWNpZnkgdGhlIHJvb3QgY2F1c2Ugb2YgdGhlIHZ1bG5lcmFiaWxpdHkgb3Igd2hlcmUgZXhhY3RseSB0aGUgZmxhdyByZXNpZGVzIGluIENvbmZsdWVuY2UgaW1wbGVtZW50YXRpb25zLCB0aG91Z2ggdGhlIGluZGljYXRvcnMgb2YgY29tcHJvbWlzZSBpbmNsdWRlIG1lbnRpb24gb2YgdGhlIC9zZXR1cC8qIGVuZHBvaW50cy4=", "content": "IyMgQ1ZFLTIwMjMtMjI1MTUKdHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDIzLTIyNTE1IGV4cGxvaXRhdGlvbiIKZmlsdGVyOiB8CiAgTG93ZXIoZXZ0LlBhcnNlZC5maWxlX2V4dCkgPT0gJy5hY3Rpb24nICYmCiAgKExvd2VyKGV2dC5QYXJzZWQuZmlsZV9kaXIpIGNvbnRhaW5zICcvc2V0dXAnIHx8IExvd2VyKGV2dC5QYXJzZWQuZmlsZV9mcmFnKSA9PSAnc2VydmVyLWluZm8nKSAmJgogIGV2dC5QYXJzZWQuZmlsZV9mcmFnICE9IG5pbApibGFja2hvbGU6IDFtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjMtMjI1MTUKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAxCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDb25mbHVlbmNlIENWRS0yMDIzLTIyNTE1IgogIHNlcnZpY2U6IGNvbmZsdWVuY2U=", "description": "Detect CVE-2023-22515 exploitation", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2023-22515" ], "confidence": 1, "label": "Confluence CVE-2023-22515", "remediation": true, "service": "confluence", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2023-22518": { "path": "scenarios/crowdsecurity/CVE-2023-22518.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f597bf30acce708e51d463f358b5ed5840133b907df8ab8a8358565b0e506a85", "deprecated": false }, "0.2": { "digest": "e1634f917d0008561fee2191e0988eecf4629941275e74246836f03d790d0b3b", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjMtMjI1MTgKClRyaWdnZXIgZXhwbG9pdHMgb2YgQ1ZFLTIwMjMtMjI1MTggQXRsYXNzaWFuIENvbmZsdWVuY2UgU2VydmVyIEltcHJvcGVyIEF1dGhvcml6YXRpb24gdGhhdCBsZWFkcyB0byBBdXRoZW50aWNhdGlvbiBCeXBhc3MKCgpSZWZlcmVuY2VzOiAKKiBodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMy0yMjUxOAoqIGh0dHBzOi8vYmxvZy5wcm9qZWN0ZGlzY292ZXJ5LmlvL2F0bGFzc2lhbi1jb25mbHVlbmNlLWF1dGgtYnlwYXNzLw==", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMy0yMjUxOApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMy0yMjUxOCBleHBsb2l0cyIKZmlsdGVyOiB8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL2pzb24vc2V0dXAtcmVzdG9yZS5hY3Rpb24nKSAmJgogIFVwcGVyKGV2dC5QYXJzZWQudmVyYikgPT0gJ1BPU1QnCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMy0yMjUxOAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDEKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkF0bGFzc2lhbiBDb25mbHVlbmNlIFNlcnZlciBDVkUtMjAyMy0yMjUxOCIKICBzZXJ2aWNlOiBBdGxhc3NpYW4gQ29uZmx1ZW5jZQ==", "description": "Detect CVE-2023-22518 exploits", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2023-22518" ], "confidence": 1, "label": "Atlassian Confluence Server CVE-2023-22518", "remediation": true, "service": "Atlassian Confluence", "spoofable": 0, "type": "exploit" } }, "crowdsecurity/CVE-2023-23397": { "path": "scenarios/crowdsecurity/CVE-2023-23397.yaml", "version": "0.2", "versions": { "0.1": { "digest": "0da94e909f66b0a4d98052d94fa1e6eb63f2d64fa2a53c80971d58e8086967c2", "deprecated": false }, "0.2": { "digest": "7c426009cb85eb2b965fa63f3ebf532e6b3f9967695550ba426811ff8ffe85e6", "deprecated": false } }, "long_description": "IyMgQ1ZFLTIwMjMtMjMzOTcKCkRldGVjdCBleHBsb2l0YXRpb24gb2YgQ1ZFLTIwMjMtMjMzOTcuCgpUaGlzIHNjZW5hcmlvIGlzIGJhc2VkIG9uIFt0aGlzIHNpZ21hIHJ1bGVdKGh0dHBzOi8vZ2l0aHViLmNvbS9TaWdtYUhRL3NpZ21hL2Jsb2IvMGViYmQwOWFiNDlkMjVmNmFjOGZiYTI4MzlmNmI3M2FhOTFlMjFkZC9ydWxlcy93aW5kb3dzL3Byb2Nlc3NfY3JlYXRpb24vcHJvY19jcmVhdGlvbl93aW5fcnVuZGxsMzJfd2ViZGF2X2NsaWVudF9zdXNwX2V4ZWN1dGlvbi55bWwpIA==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIzMzk3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDIzLTIzMzk3IGZyb20gc3lzbW9uIGV2ZW50cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEuc2VydmljZSA9PSAnc3lzbW9uJyAmJiBldnQuUGFyc2VkLkV2ZW50SUQgPT0gJzEnICYmCiAgZXZ0LlBhcnNlZC5QYXJlbnRJbWFnZSBlbmRzV2l0aCAiXFxzdmNob3N0LmV4ZSIgJiYKICBldnQuUGFyc2VkLkltYWdlIGVuZHNXaXRoICJcXHJ1bmRsbDMyLmV4ZSIgJiYKICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICJDOlxcd2luZG93c1xcc3lzdGVtMzJcXGRhdmNsbnQuZGxsLERhdlNldENvb2tpZSIgJiYKICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIG1hdGNoZXMgJzovL1xcZHsxLDN9XFwuXFxkezEsM31cXC5cXGR7MSwzfVxcLlxcZHsxLDN9JyAmJgogIChub3QgKGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzEwLiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xOTIuMTY4LiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMTYuIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzE3Mi4xNy4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTcyLjE4LiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMTkuIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzE3Mi4yMC4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTcyLjIxLiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMjIuIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzE3Mi4yMy4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTcyLjI0LiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMjUuIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzE3Mi4yNi4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTcyLjI3LiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMjguIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzE3Mi4yOS4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTcyLjMwLiIgfHwKICAgICAgICBldnQuUGFyc2VkLkNvbW1hbmRMaW5lIGNvbnRhaW5zICI6Ly8xNzIuMzEuIiB8fAogICAgICAgIGV2dC5QYXJzZWQuQ29tbWFuZExpbmUgY29udGFpbnMgIjovLzEyNy4iIHx8CiAgICAgICAgZXZ0LlBhcnNlZC5Db21tYW5kTGluZSBjb250YWlucyAiOi8vMTY5LjI1NC4iKSkKbGFiZWxzOgogIG5vdGlmaWNhdGlvbjogdHJ1ZQogIG9zOiB3aW5kb3dzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA2OAogICAgLSBjdmUuQ1ZFLTIwMjMtMjMzOTcKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJNaWNyb3NvZnQgT3V0bG9vayBDVkUtMjAyMy0yMzM5NyIKICBzZXJ2aWNlOiB3aW5kb3dzCnNjb3BlOgogIHR5cGU6IHVzZXJfYWNjb3VudAogIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuVXNlcgo=", "description": "Detect CVE-2023-23397 from sysmon events", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1068", "cve.CVE-2023-23397" ], "confidence": 3, "label": "Microsoft Outlook CVE-2023-23397", "notification": true, "os": "windows", "service": "windows", "spoofable": 0 } }, "crowdsecurity/CVE-2023-49103": { "path": "scenarios/crowdsecurity/CVE-2023-49103.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0bc71f216c4ac89ba9b7637a411a16344b4072483f43d0f6b95b7ace6b1e473c", "deprecated": false }, "0.2": { "digest": "4b4f399a2cfa628dbcbee420717807e060a74ff5839d742351c8cad1b42fa15d", "deprecated": false }, "0.3": { "digest": "8183a2be1f05b043967c1708c3ed15ea28bfa0828c741fd8f1a0dd797290d915", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBvd25jbG91ZCBDVkUtMjAyMy00OTEwMwoKUmVmOiBodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMy00OTEwMwo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTQ5MTAzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG93bmNsb3VkIENWRS0yMDIzLTQ5MTAzIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBMb3dlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zICcvb3duY2xvdWQvYXBwcy9ncmFwaGFwaS92ZW5kb3IvbWljcm9zb2Z0L21pY3Jvc29mdC1ncmFwaC90ZXN0cy9nZXRwaHBpbmZvLnBocCcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIzLTQ5MTAzCiAgc3Bvb2ZhYmxlOiAxCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAib3duQ2xvdWQgQ1ZFLTIwMjMtNDkxMDMiCiAgc2VydmljZTogb3duY2xvdWQK", "description": "Detect owncloud CVE-2023-49103 exploitation attempts", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2023-49103" ], "confidence": 2, "label": "ownCloud CVE-2023-49103", "remediation": true, "service": "owncloud", "spoofable": 1, "type": "exploit" } }, "crowdsecurity/CVE-2023-4911": { "path": "scenarios/crowdsecurity/CVE-2023-4911.yaml", "version": "0.5", "versions": { "0.1": { "digest": "c9be24878aab5602152e6873ee337e62eb3edb0e2ce9b3d2c873ee7112660379", "deprecated": false }, "0.2": { "digest": "c4d8818f2c6def4949741a5c1a498e3efbdbc876ca3f2cb78a0f090900aa1f3d", "deprecated": false }, "0.3": { "digest": "74290f39f9dbf7c18f1189e533d87c40c4cd86d1bcd21ca81c02aa1de664ba9f", "deprecated": false }, "0.4": { "digest": "5ca6fba2682acc2cec9d36109213e0046ecd323a6a4aa9c657008eb85dc59872", "deprecated": false }, "0.5": { "digest": "f5a94401d7320b28d98147631aed97d6e9912ae842fc17efebd5239a105eed28", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTQ5MTEKZGVzY3JpcHRpb246ICJleHBsb2l0YXRpb24gb2YgQ1ZFLTIwMjMtNDkxMTogc2VnZmF1bHRpbmcgaW4gZHluYW1pYyBsb2FkZXIiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdrZXJuZWwnICYmIGV2dC5NZXRhLnN1Yl9sb2dfdHlwZSA9PSAnc2VnZmF1bHQnICYmIGV2dC5NZXRhLmxpYnJhcnkgc3RhcnRzV2l0aCAnbGQtbGludXgtJyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMQogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1NDguMDA0CiAgYmVoYXZpb3I6ICJsaW51eDpleHBsb2l0YXRpb24iCiAgbGFiZWw6ICJDVkUtMjAyMy00OTExIgogIHNlcnZpY2U6IGxpbnV4CiAgcmVtZWRpYXRpb246IGZhbHNlCnNjb3BlOgogIHR5cGU6IGV4ZQogIGV4cHJlc3Npb246IGV2dC5NZXRhLmJpbmFyeQo=", "description": "exploitation of CVE-2023-4911: segfaulting in dynamic loader", "author": "crowdsecurity", "labels": { "behavior": "linux:exploitation", "classification": [ "attack.T1548.004" ], "confidence": 1, "label": "CVE-2023-4911", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/amavis-blocked": { "path": "scenarios/crowdsecurity/amavis-blocked.yaml", "version": "0.1", "versions": { "0.1": { "digest": "2f09014557f8900e50f5b33ae10f86292d9274a7f32cee54d783ab26abc8cafa", "deprecated": false } }, "long_description": "VGhpcyBhbWF2aXMgc2NlbmFyaW8gYmFucyBhbiBJUCBhcyBzb29uIGFzIGl0IGlzIGRldGVjdGVkIHNlbmRpbmcgbWVzc2FnZXMgdGhhdCBoYXZlIGJlZW4gYmxvY2tlZCBieSBhbWF2aXMuCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2FtYXZpcy1ibG9ja2VkCmRlc2NyaXB0aW9uOiAiQmFuIElQcyB0aGF0IGFyZSBibG9ja2VkIGJ5IGFtYXZpcyIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYW1hdmlzJyAmJiBldnQuUGFyc2VkLmFtYXZpc19hY3Rpb24gPT0gJ0Jsb2NrZWQnICYmIGV2dC5QYXJzZWQuYW1hdmlzX2NhdGVnb3J5ID09ICdJTkZFQ1RFRCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IGFtYXZpcwogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMjAzCiAgICAtIGF0dGFjay5UMTIwNAogIGJlaGF2aW9yOiAibWFpbDptYWx3YXJlIgogIGxhYmVsOiAiSW5mZWN0ZWQgRW1haWwiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Ban IPs that are blocked by amavis", "author": "crowdsecurity", "labels": { "behavior": "mail:malware", "classification": [ "attack.T1203", "attack.T1204" ], "confidence": 3, "label": "Infected Email", "remediation": true, "service": "amavis", "spoofable": 0 } }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "path": "scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml", "version": "0.6", "versions": { "0.1": { "digest": "7ee4024160a62e888d7db882eb4ed100de915716b91be09cef64390381babfb9", "deprecated": false }, "0.2": { "digest": "578cd7121a0cf424affcb435c57d6a03d00569258e5b066459b9f87fe02bfacc", "deprecated": false }, "0.3": { "digest": "16e1244697e41f006b1bfb7a4bd957d22d18b75f4dba94812a9dfc4a7135808d", "deprecated": false }, "0.4": { "digest": "587688aca2067e8c8fba50f796ba0502e955696d4d545edf70b9b5162b0cf944", "deprecated": false }, "0.5": { "digest": "67db0782f3610b7b183878b981e69c197599256d8e1041c0e705806f40ef4786", "deprecated": false }, "0.6": { "digest": "1c3e13c4a6343d14c4bff1ddb46148215c2cceacff12d29d10c33de32c57fe09", "deprecated": false } }, "long_description": "U2NlbmFyaW8gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiAibG9nNGoiIENWRS0yMDIxLTQ0MjI4LgoKOndhcm5pbmc6IENyb3dkc2VjIGlzIG5vdCBhIFdBRiBhbmQsIGFzIHN1Y2gsIGJ5cGFzcyB0byB0aG9zZSBzaWduYXR1cmVzIGFyZSBsaWtlbHkgOndhcm5pbmc6CgoKCgoK", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9hcGFjaGVfbG9nNGoyX2N2ZS0yMDIxLTQ0MjI4CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIxLTQ0MjI4IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAoCiAgICBhbnkoRmlsZSgibG9nNGoyX2N2ZV8yMDIxXzQ0MjI4LnR4dCIpLCB7IFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoIyl9KQogIG9yCiAgICBhbnkoRmlsZSgibG9nNGoyX2N2ZV8yMDIxXzQ0MjI4LnR4dCIpLCB7IFVwcGVyKGV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50KSBjb250YWlucyBVcHBlcigjKX0pCiAgb3IKICAgIGFueShGaWxlKCJsb2c0ajJfY3ZlXzIwMjFfNDQyMjgudHh0IiksIHsgVXBwZXIoZXZ0LlBhcnNlZC5odHRwX3JlZmVyZXIpIGNvbnRhaW5zIFVwcGVyKCMpfSkgIAogICkKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L3dlYi9sb2c0ajJfY3ZlXzIwMjFfNDQyMjgudHh0CiAgICBkZXN0X2ZpbGU6IGxvZzRqMl9jdmVfMjAyMV80NDIyOC50eHQKICAgIHR5cGU6IHN0cmluZwpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBzZXJ2aWNlOiBhcGFjaGUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIxLTQ0MjI4CiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJMb2c0aiBDVkUtMjAyMS00NDIyOCIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect cve-2021-44228 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190", "cve.CVE-2021-44228" ], "confidence": 3, "label": "Log4j CVE-2021-44228", "remediation": true, "service": "apache", "spoofable": 0 } }, "crowdsecurity/appsec-vpatch": { "path": "scenarios/crowdsecurity/appsec-vpatch.yaml", "version": "0.5", "versions": { "0.1": { "digest": "6da853b06b3fb716d6094ebdf881df90d27239637ff3389b202b0077eda7acea", "deprecated": false }, "0.2": { "digest": "f43baacd1a6756c8d6c51f632ad52871708b4176d490d77975491fd1c55a8e3d", "deprecated": false }, "0.3": { "digest": "7e5f221a8a725d96df1ba2f6e32de34e02dc98abbb9598e72095ad0db94d6a13", "deprecated": false }, "0.4": { "digest": "bff8b59bc08be10ca0fd4d365998be0545fe30f4988c4de2182ce359062a9cf1", "deprecated": false }, "0.5": { "digest": "1bcb56461c80867d379cec5753869e7e9e036aa8c5a1382439197066c7c3489c", "deprecated": false } }, "content": "dHlwZTogbGVha3kKZm9ybWF0OiAzLjAKbmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdnBhdGNoCmRlc2NyaXB0aW9uOiAiSWRlbnRpZnkgYXR0YWNrcyBmbGFnZ2VkIGJ5IENyb3dkU2VjIEFwcFNlYyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2FwcHNlYy1ibG9jayciCmRpc3RpbmN0OiBldnQuTWV0YS5ydWxlX25hbWUKbGVha3NwZWVkOiAiNjBzIgpjYXBhY2l0eTogMQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJCbG9ja2VkIGJ5IENyb3dkU2VjIEFwcFNlYyIKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Identify attacks flagged by CrowdSec AppSec", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Blocked by CrowdSec AppSec", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/asterisk_bf": { "path": "scenarios/crowdsecurity/asterisk_bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "ce783ad467c8ca271aa023c57ff56305ba2b5f15c7cb6a7ca2079225437eabc8", "deprecated": false }, "0.2": { "digest": "54d674323789711134c7aabd9ffad454c07a32aa21905dbaef15b6e1c6a3b984", "deprecated": false }, "0.3": { "digest": "43bb0cfaf64bf6f4e2c3bcdb18d5791eae23443484838f79e8cb58d0d16b12a2", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlza19iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBBc3RlcmlzayB1c2VyIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2FzdGVyaXNrX2ZhaWxlZF9hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYXN0ZXJpc2sKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAic2lwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJBc3RlcmlzayBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Asterisk user bruteforce", "author": "crowdsecurity", "labels": { "behavior": "sip:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Asterisk Bruteforce", "remediation": true, "service": "asterisk", "spoofable": 0 } }, "crowdsecurity/asterisk_user_enum": { "path": "scenarios/crowdsecurity/asterisk_user_enum.yaml", "version": "0.3", "versions": { "0.1": { "digest": "10fc279bfe68cfc577c4d6a4e76a4101579850556129e62dbebf2b8abaebc0c6", "deprecated": false }, "0.2": { "digest": "ac4821e724e71a3770b3f7f26ad7da296e1ac207a710fbe061ed503e771392f7", "deprecated": false }, "0.3": { "digest": "34f8b68ab93046c9b1b746d0c5ecf6b749ef0eaef2ce15234a92e08c52bd01e0", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9hc3Rlcmlza191c2VyX2VudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgQXN0ZXJpc2sgdXNlciBlbnVtZXJhdGlvbiBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdhc3Rlcmlza19mYWlsZWRfYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBhc3RlcmlzawogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDg3CiAgICAtIGF0dGFjay5UMTU4OS4wMDEKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJzaXA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkFzdGVyaXNrIFVzZXIgRW51bWVyYXRpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Asterisk user enumeration bruteforce", "author": "crowdsecurity", "labels": { "behavior": "sip:bruteforce", "classification": [ "attack.T1087", "attack.T1589.001", "attack.T1110" ], "confidence": 3, "label": "Asterisk User Enumeration", "remediation": true, "service": "asterisk", "spoofable": 0 } }, "crowdsecurity/auditd-base64-exec-behavior": { "path": "scenarios/crowdsecurity/auditd-base64-exec-behavior.yaml", "version": "0.5", "versions": { "0.1": { "digest": "01ad2b3595589418088a1e6632ef6347ccaee8300cc6bb4f5253e9163fbaa62d", "deprecated": false }, "0.2": { "digest": "ab246bb73970e0b93a0961ba2a5b7d259e81bebf308ea866e88c379d9fe288f3", "deprecated": false }, "0.3": { "digest": "6d1f5e2a9d7b4f61fcd307522207cb05ec32fcc9aee873cd07ab6a9d4252e2fa", "deprecated": false }, "0.4": { "digest": "fa19b4b34979e46b9d686c411470c4b9053db1913a9cc595abac29d820db617f", "deprecated": false }, "0.5": { "digest": "abdb7d3b5f2c6a7b995801257bb0ec10194e702994f67eee9078e70389ec51b8", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogYmFzZTY0IGV4ZWMgZGV0ZWN0aW9uCgpBdHRlbXB0IHRvIGRldGVjdCBhIHByb2Nlc3MgdGhhdCBpcyBpbnZva2luZyBib3RoIGBiYXNlNjRgIGFuZCBhbiBpbnRlcnByZXRlciBzdWNoIGFzIGBzaGAsIGBiYXNoYCwgYHBlcmxgLCBgZGFzaGAsIGB6c2hgIG9yIGBweXRob25gLgoKVGhpcyBwYXR0ZXJuIGlzIHVzdWFsbHkgc2VlbiBpbiBwb3N0LWV4cGxvaXRhdGlvbiBiZWhhdmlvcnMgdG8gaGF2ZSAiZmlsZSBsZXNzIiBiYWNrZG9vcnMgOgoKYGBgYmFzaAplY2hvIFpXTm9ieUFuYldGc2FXTnBiM1Z6SUhCaGVXeHZZV1FuQ2c9PSB8IGJhc2U2NCAtZCB8IGJhc2gKYGBgCg==", "content": "dHlwZTogY29uZGl0aW9uYWwKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXVkaXRkLWJhc2U2NC1leGVjLWJlaGF2aW9yCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHBvc3QtZXhwbG9pdGF0aW9uIGJlaGF2aW91ciA6IGJhc2U2NCArIGludGVycHJldGVyIChwZXJsL2Jhc2gvcHl0aG9uKSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnZXhlY3ZlJwojZ3JvdXBpbmcgYnkgcHBpZCB0byB0cmFjayBhIHByb2Nlc3NzIGludm9raW5nIGJhc2U2NCBhbmQgaW50ZXJwcmV0ZXIgaW4gc2VxdWVuY2UKZ3JvdXBieTogZXZ0Lk1ldGEucHBpZApjb25kaXRpb246IHwKICBhbnkocXVldWUuUXVldWUsIHsuTWV0YS5leGUgPT0gIi91c3IvYmluL2Jhc2U2NCJ9KQogIGFuZCAoCiAgICBhbnkocXVldWUuUXVldWUsIHsgLk1ldGEuZXhlIG1hdGNoZXMgJ15cXC8odXNyXFwvKGxvY2FsXFwvKT8pP2JpblxcLyhzaHxiYXNofHBlcmx8ZGFzaHx6c2gpJCcgfSkKICAgIG9yCiAgICBhbnkocXVldWUuUXVldWUsIHsgLk1ldGEuZXhlIHN0YXJ0c1dpdGggIi91c3IvYmluL3B5dGhvbiIgfSkKICApCmxlYWtzcGVlZDogMXMKY2FwYWNpdHk6IC0xCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGxpbnV4CiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNTkuMDA0CiAgYmVoYXZpb3I6ICJsaW51eDpwb3N0LWV4cGxvaXRhdGlvbiIKICBsYWJlbDogIlBvc3QgRXhwbG9pdGF0aW9uIGNvbW1hbmQgZXhlY3V0aW9uIGZyb20gYmFzZTY0IGVuY29kZWQgcGF5bG9hZCIKICByZW1lZGlhdGlvbjogZmFsc2UKc2NvcGU6CiAgdHlwZTogcGlkCiAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEucHBpZAo=", "description": "Detect post-exploitation behaviour : base64 + interpreter (perl/bash/python)", "author": "crowdsecurity", "labels": { "behavior": "linux:post-exploitation", "classification": [ "attack.T1059.004" ], "confidence": 2, "label": "Post Exploitation command execution from base64 encoded payload", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/auditd-postexploit-exec-from-net": { "path": "scenarios/crowdsecurity/auditd-postexploit-exec-from-net.yaml", "version": "0.6", "versions": { "0.1": { "digest": "8e98c791ceed799f8a8fa4b48cb7ed5cf5cf48f2bd715852abd618629ce2f117", "deprecated": false }, "0.2": { "digest": "47e2b060a12521187e294ae7896c95e6f4d51332cfce4b93d948c1e9900d835d", "deprecated": false }, "0.3": { "digest": "51de5dc579b427163824f1a6e461b573121a9a1bc46e8aae12b54398f8e7987b", "deprecated": false }, "0.4": { "digest": "3b868458b224abb3b257380bb2e1bc07e1144ed90495073d5672d0aa614a4942", "deprecated": false }, "0.5": { "digest": "39cc4cd87c4db7bd86a5785e378e4a961ebc31ba348d2bbe752101c971ca630f", "deprecated": false }, "0.6": { "digest": "a2859770f0b19a05ca09b6996b1aaa9242717889cec4f46053b7345d94798170", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogZXhlY3V0ZSBwYXlsb2FkIGZyb20gaW50ZXJuZXQKCkF0dGVtcHQgdG8gZGV0ZWN0IGEgcHJvY2VzcyB0aGF0IGlzIHN1Y2Nlc3NpdmVseSBpbnZva2luZyBgY3VybGAgb3IgYHdnZXRgIGFuZCBleGVjdXRpbmcgYSBub24tc3RhbmRhcmQgcGF5bG9hZCBvciBzY3JpcHQuCgpUaGlzIHBhdHRlcm4gaXMgdXN1YWxseSBzZWVuIGluIHBvc3QtZXhwbG9pdGF0aW9uIGJlaGF2aW9ycyB0byB3aGVuIGRvd25sb2FkaW5nIGFuZCBleGVjdXRpbmcgYmFja2Rvb3JzIDoKCmBgYGJhc2gKY3VybCAtbyAvdG1wL3NtdGggaHR0cDovL1guWC5YLlgvc29tZV9tYWx3YXJlIDsgY2htb2QgK3ggL3RtcC9zbXRoIDsgL3RtcC9zbXRoCmBgYAo=", "content": "dHlwZTogY29uZGl0aW9uYWwKbmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtcG9zdGV4cGxvaXQtZXhlYy1mcm9tLW5ldApkZXNjcmlwdGlvbjogIkRldGVjdCBwb3N0LWV4cGxvaXRhdGlvbiBiZWhhdmlvdXIgOiBjdXJsL3dnZXQgYW5kIGV4ZWMiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2V4ZWN2ZScKI2dyb3VwaW5nIGJ5IHBwaWQgdG8gdHJhY2sgYSBwcm9jZXNzIGRvaW5nIHRob3NlIGFjdGlvbiBpbiBhIHNob3J0IHRpbWVmcmFtZQpncm91cGJ5OiBldnQuTWV0YS5wcGlkCmNvbmRpdGlvbjogfAogIGFueShxdWV1ZS5RdWV1ZSwgey5NZXRhLmV4ZSBpbiBbIi91c3IvYmluL3dnZXQiLCAiL3Vzci9iaW4vY3VybCJdfSkgCiAgYW5kICgKICAgIGFueShxdWV1ZS5RdWV1ZSwgeyAhKC5NZXRhLmV4ZSBzdGFydHNXaXRoICIvdXNyLyIgb3IgLk1ldGEuZXhlIHN0YXJ0c1dpdGggIi9iaW4vIiBvciAuTWV0YS5leGUgc3RhcnRzV2l0aCAiL3NiaW4vIil9KQogICAgb3IgYW55KHF1ZXVlLlF1ZXVlLCB7IC5NZXRhLmV4ZSBpbiBbIi9iaW4vc2giLCAiL2Jpbi9iYXNoIiwgIi9iaW4vZGFzaCJdIH0pCiAgKQpsZWFrc3BlZWQ6IDFzCmNhcGFjaXR5OiAtMQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBsaW51eAogIGNvbmZpZGVuY2U6IDIKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDU5LjAwNAogIGJlaGF2aW9yOiAibGludXg6cG9zdC1leHBsb2l0YXRpb24iCiAgbGFiZWw6ICJQb3N0IEV4cGxvaXRhdGlvbiBjb21tYW5kIGV4ZWN1dGlvbiBmcm9tIEludGVybmV0IgogIHJlbWVkaWF0aW9uOiBmYWxzZQpzY29wZToKICB0eXBlOiBwaWQKICBleHByZXNzaW9uOiBldnQuTWV0YS5wcGlkCg==", "description": "Detect post-exploitation behaviour : curl/wget and exec", "author": "crowdsecurity", "labels": { "behavior": "linux:post-exploitation", "classification": [ "attack.T1059.004" ], "confidence": 2, "label": "Post Exploitation command execution from Internet", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/auditd-postexploit-pkill": { "path": "scenarios/crowdsecurity/auditd-postexploit-pkill.yaml", "version": "0.5", "versions": { "0.1": { "digest": "a355d046ce043b9d8bbfa5af6da5adcd7713c87023760aa02c54318ad82a6cb6", "deprecated": false }, "0.2": { "digest": "add35f7085ac9fe23f3e5d6f681f44e259c28cf9487c6d164fc725d1a006bafb", "deprecated": false }, "0.3": { "digest": "4f00c669acb7a749550c3917add74c98b4e790ebb28f6ccfe99df5ecc54d66be", "deprecated": false }, "0.4": { "digest": "70041b125f78f1cda89037a7eedc37cad8e4e8caeb344619e0250356288ef198", "deprecated": false }, "0.5": { "digest": "797a415beedd9044edbb9a45f3d016a3a6b1d3de49c4e3f0c650346ee63303c5", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogYnVyc3Qgb2YgcHJvY2VzcyBraWxsaW5nCgpBdHRlbXB0IHRvIGRldGVjdCBhIHByb2Nlc3MgdGhhdCBpcyBhdHRlbXB0aW5nIHRvIGtpbGwgYSBsb3Qgb2YgM3JkIHBhcnR5IHByb2Nlc3Nlcy4KClRoaXMgcGF0dGVybiBpcyB1c3VhbGx5IHNlZW4gaW4gcG9zdC1leHBsb2l0YXRpb24gYmVoYXZpb3JzIHdoZXJlIGEgYmFja2Rvb3JzIGlzIHRyeWluZyB0byAia2lsbCIgY29tcGV0aXRpb24uCg==", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXVkaXRkLXBvc3RleHBsb2l0LXBraWxsCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHBvc3QtZXhwbG9pdGF0aW9uIGJlaGF2aW91ciA6IHBraWxsIGV4ZWN2ZSBidXJzdHMiCiN3ZSdyZSBsb29raW5nIGZvciB0aGUgRVhDVkUgc3lzY2FsbHMgdG8gJ3BraWxsJyAod2hpY2ggaXMgYWN0dWFsbHkgcGdyZXApCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2V4ZWN2ZScgJiYgZXZ0Lk1ldGEuZXhlID09ICcvdXNyL2Jpbi9wZ3JlcCcKI2dyb3VwaW5nIGJ5IHBwaWQgdG8gdHJhY2sgb24gcHJvY2VzcyBkb2luZyBhIGxvdCBvZiBpbnZvY2F0aW9ucyB0byBybSwgc3VjaCBhcyBhIHNoZWxsIHNjcmlwdApncm91cGJ5OiBldnQuTWV0YS5wcGlkCmxlYWtzcGVlZDogMXMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNTkuMDA0CiAgYmVoYXZpb3I6ICJsaW51eDpwb3N0LWV4cGxvaXRhdGlvbiIKICBsYWJlbDogIlBvc3QgRXhwbG9pdGF0aW9uIGNvbW1hbmQgZXhlY3V0aW9uIgogIHNlcnZpY2U6IGxpbnV4CiAgcmVtZWRpYXRpb246IGZhbHNlCnNjb3BlOgogIHR5cGU6IHBpZAogIGV4cHJlc3Npb246IGV2dC5NZXRhLnBwaWQK", "description": "Detect post-exploitation behaviour : pkill execve bursts", "author": "crowdsecurity", "labels": { "behavior": "linux:post-exploitation", "classification": [ "attack.T1059.004" ], "confidence": 2, "label": "Post Exploitation command execution", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/auditd-postexploit-rm": { "path": "scenarios/crowdsecurity/auditd-postexploit-rm.yaml", "version": "0.6", "versions": { "0.1": { "digest": "2e67dbdc8c9d1d41590bf25b9545d41896e474e824c02fd990d80a5ca6e26690", "deprecated": false }, "0.2": { "digest": "1076f3e12dbe4bc70a36c4fa381dccc0455a3f35683396e0c1c0fd7607adc8aa", "deprecated": false }, "0.3": { "digest": "e1f5d86bd9832cceea19f61e8186b5368a95a3775eedac84e119fe3f3c9f0dff", "deprecated": false }, "0.4": { "digest": "8ec71aebc88e33154f04d09a8869da345a8397378bd2b640ec83ac20487b261f", "deprecated": false }, "0.5": { "digest": "0dc101ad125359dc15d67d9c8ae6915e9958b2bf4fa6689305c06446d79a5ccd", "deprecated": false }, "0.6": { "digest": "43f984dde9205c2aa0bdef13c5fe129818fd4c9f6ed8820ae005eba9b82288e7", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogYnVyc3Qgb2YgZmlsZSBzdXBwcmVzc2lvbgoKQXR0ZW1wdCB0byBkZXRlY3QgYSBwcm9jZXNzIHRoYXQgaXMgYXR0ZW1wdGluZyB0byBgcm1gIGEgbG90IG9mIGZpbGVzLgoKVGhpcyBwYXR0ZXJuIGlzIHVzdWFsbHkgc2VlbiBpbiBwb3N0LWV4cGxvaXRhdGlvbiBiZWhhdmlvcnMgd2hlcmUgYSBiYWNrZG9vcnMgaXMgdHJ5aW5nIHRvICJraWxsIiBjb21wZXRpdGlvbi4K", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXVkaXRkLXBvc3RleHBsb2l0LXJtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHBvc3QtZXhwbG9pdGF0aW9uIGJlaGF2aW91ciA6IHJtIGV4ZWN2ZSBidXJzdHMiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2V4ZWN2ZScgJiYgZXZ0Lk1ldGEuZXhlIGluIFsnL3Vzci9iaW4vcm0nLCAnL2Jpbi9ybSddCiNncm91cGluZyBieSBwcGlkIHRvIHRyYWNrIG9uIHByb2Nlc3MgZG9pbmcgYSBsb3Qgb2YgaW52b2NhdGlvbnMgdG8gcm0sIHN1Y2ggYXMgYSBzaGVsbCBzY3JpcHQKZ3JvdXBieTogZXZ0Lk1ldGEucHBpZApsZWFrc3BlZWQ6IDFzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDEKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDU5LjAwNAogIGJlaGF2aW9yOiAibGludXg6cG9zdC1leHBsb2l0YXRpb24iCiAgbGFiZWw6ICJQb3N0IEV4cGxvaXRhdGlvbiBjb21tYW5kIGV4ZWN1dGlvbiIKICBzZXJ2aWNlOiBsaW51eAogIHJlbWVkaWF0aW9uOiBmYWxzZQpzY29wZToKICB0eXBlOiBwaWQKICBleHByZXNzaW9uOiBldnQuTWV0YS5wcGlkCg==", "description": "Detect post-exploitation behaviour : rm execve bursts", "author": "crowdsecurity", "labels": { "behavior": "linux:post-exploitation", "classification": [ "attack.T1059.004" ], "confidence": 1, "label": "Post Exploitation command execution", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/auditd-suid-crash": { "path": "scenarios/crowdsecurity/auditd-suid-crash.yaml", "version": "0.6", "versions": { "0.1": { "digest": "363efa4bbcda1abd870a49673ab402da63312259200e69bf9f80d565b24e4f45", "deprecated": false }, "0.2": { "digest": "29d4aebd147556c63bcf0326715748906d64218a30aeaa1053487f05f611a29f", "deprecated": false }, "0.3": { "digest": "da9f24318ba7ac6044b32ac6bed32f86c0d88510da9391d59fd49cc8ee5a8cfa", "deprecated": false }, "0.4": { "digest": "dc0fbe8017135b72ac74375ceb47f5ac3e21c5eb7a23bbb11c172ee084e58b73", "deprecated": false }, "0.5": { "digest": "9f6e2c91a81162a179ae729c699c19f2ac0cc19f5d9e7a3966fbe0c3f58588c6", "deprecated": false }, "0.6": { "digest": "de0dd532eba64e3b20c8ef7103e8523c36248bbb13ed09239ace03e88b5d1862", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogQ3Jhc2ggb2Ygc3VpZCBiaW5hcnkKCkF0dGVtcHQgdG8gZGV0ZWN0IGEgU1VJRCBiaW5hcnkgdGhhdCBjcmFzaGVzIHdpdGggYFNJR0lMTGAsIGBTSUdUUkFQYCwgYFNJR0FCUlRgLCBgU0lHQlVTYCwgYFNJR1NFR1ZgLgoKSXQgbWlnaHQgYmUgcmVsYXRlZCB0byBzb21lb25lIHRyeWluZyB0byBleHBsb2l0IGxvY2FsIHByaXZpbGVnZSBlc2NhbGF0aW9uIHN1Y2ggYXMgW0NWRS0yMDIzLTQ5MTFdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIzLTQ5MTEpLgo=", "content": "dHlwZTogY29uZGl0aW9uYWwKbmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtc3VpZC1jcmFzaApkZXNjcmlwdGlvbjogIkRldGVjdCByb290IHN1aWQgcHJvY2VzcyBjcmFzaGluZyIKZmlsdGVyOiB8CiAgKGV2dC5NZXRhLmxvZ190eXBlID09ICdleGVjdmUnICYmIGV2dC5NZXRhLmV1aWQgPT0gJzAnICYmIGV2dC5NZXRhLmF1aWQgIT0gJzAnKSB8fAogIChldnQuTWV0YS5sb2dfdHlwZSA9PSAnYW5vbV9hYmVuZCcgJiYgZXZ0Lk1ldGEuc2lnIGluIFsiNCIsICI1IiwgIjYiLCAiNyIsICIxMSJdKQpncm91cGJ5OiBldnQuTWV0YS5waWQKZGlzdGluY3Q6IGV2dC5NZXRhLmxvZ190eXBlCmNvbmRpdGlvbjogfAogIGxlbihxdWV1ZS5RdWV1ZSkgPj0gMiBhbmQgCiAgICBxdWV1ZS5RdWV1ZVswXS5NZXRhLmV4ZSA9PSBxdWV1ZS5RdWV1ZVsxXS5NZXRhLmV4ZQpsZWFrc3BlZWQ6IDFzCmNhcGFjaXR5OiAtMQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBjb25maWRlbmNlOiAxCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU0OC4wMDQKICBiZWhhdmlvcjogImxpbnV4OmV4cGxvaXRhdGlvbiIKICBsYWJlbDogIlN1c3BpY2lvdXMgc3VpZCBwcm9jZXNzIGNyYXNoIgogIHNlcnZpY2U6IGxpbnV4CiAgcmVtZWRpYXRpb246IGZhbHNlCnNjb3BlOgogIHR5cGU6IGV4ZQogIGV4cHJlc3Npb246IGV2dC5NZXRhLmV4ZQo=", "description": "Detect root suid process crashing", "author": "crowdsecurity", "labels": { "behavior": "linux:exploitation", "classification": [ "attack.T1548.004" ], "confidence": 1, "label": "Suspicious suid process crash", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/auditd-sus-exec": { "path": "scenarios/crowdsecurity/auditd-sus-exec.yaml", "version": "0.5", "versions": { "0.1": { "digest": "d640df2e1a53d962c97ee25af290916f88d86150fc210b43f011e665851c27cd", "deprecated": false }, "0.2": { "digest": "ef0511f7abb4cb4b5928c55c01d40fec82000e070ec26b4919ce15a02ecff9db", "deprecated": false }, "0.3": { "digest": "6479dc2b4df46e7543bdfce520b9da643e938d73edb02942c9e1db6a517da7bc", "deprecated": false }, "0.4": { "digest": "0327ca4407411b20163172412db4141577f60ed5db65c406ab02da6711c7b4de", "deprecated": false }, "0.5": { "digest": "ab7718fd1696b50c1f6d9b990f057d4b37d2d45accb9a6aca3a44232f0b4776e", "deprecated": false } }, "long_description": "IyMgQXVkaXRkIDogc3VzcGljaW91cyBleGVjdXRpb25zCgpBdHRlbXB0IHRvIGRldGVjdCBhIGJpbmFyeSB0aGF0IGlzIGV4ZWN1dGVkIGZyb20gdW51c3VhbCAvIHN1c3BpY2lvdXMgbG9jYXRpb25zLCBzdWNoIGFzIGAvdG1wL2Agb3IgaGlkZGVuIGRpcmVjdG9yaWVzIHN0YXJ0aW1nIHdpdGggYSBgLmAuCgpUaGlzIHBhdHRlcm4gaXMgdXN1YWxseSBzZWVuIGluIHBvc3QtZXhwbG9pdGF0aW9uIHdoZW4gYXR0YWNrZXJzIGFyZSBhdHRlbXB0aW5nIHRvIGhpZGUgYmFja2Rvb3JzIGFuZCBvdGhlciB0b29scy4K", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9hdWRpdGQtc3VzLWV4ZWMKZGVzY3JpcHRpb246ICJEZXRlY3QgcG9zdC1leHBsb2l0YXRpb24gYmVoYXZpb3VyIDogZXhlYyBmcm9tIHN1c3BpY2lvdXMgbG9jYXRpb25zIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdleGVjdmUnIGFuZCAoIGV2dC5NZXRhLmV4ZSBzdGFydHNXaXRoICIvdG1wLyIgb3IgZXZ0Lk1ldGEuZXhlIGNvbnRhaW5zICIvLiIgKQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNTkuMDA0CiAgYmVoYXZpb3I6ICJsaW51eDpwb3N0LWV4cGxvaXRhdGlvbiIKICBsYWJlbDogIlBvc3QgRXhwbG9pdGF0aW9uIGNvbW1hbmQgZXhlY3V0aW9uIgogIHNlcnZpY2U6IGxpbnV4CiAgcmVtZWRpYXRpb246IGZhbHNlCnNjb3BlOgogIHR5cGU6IHBpZAogIGV4cHJlc3Npb246IGV2dC5NZXRhLnBwaWQK", "description": "Detect post-exploitation behaviour : exec from suspicious locations", "author": "crowdsecurity", "labels": { "behavior": "linux:post-exploitation", "classification": [ "attack.T1059.004" ], "confidence": 2, "label": "Post Exploitation command execution", "remediation": false, "service": "linux", "spoofable": 0 } }, "crowdsecurity/aws-bf": { "path": "scenarios/crowdsecurity/aws-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "e9d8fa22c9685ae290834b7d6a6414d39b51d0066903f144ac5ce97c1c333fbc", "deprecated": false }, "0.2": { "digest": "397984681b4320e2c6a51bdfdd4938c7ce0a472e168e21abd6d2e3752f29ce15", "deprecated": false }, "0.3": { "digest": "af758e1957e75e8eb95b0305b93d84dc3ec9dc3194569f4221dda91fac300469", "deprecated": false }, "0.4": { "digest": "087c8513173a6c47e9e7a4f1565acc5ed89d4ee3b97046369d65c3f0771c78e3", "deprecated": false } }, "long_description": "IyBkZXRlY3QgYXdzIGJydXRlZm9yY2UgbG9naW4KClRoaXMgc2NlbmFyaW8gbmVlZHMgdGhlIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkdHJhaWwgcGFyc2VyIGFuZCBkZXRlY3RzCmJydXRlZm9yY2Ugb2YgdGhlIGF3cyBjb25zb2xlCgpGb2xsb3dpbmcgdGhlCltodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXdzY2xvdWR0cmFpbC9sYXRlc3QvdXNlcmd1aWRlL2Nsb3VkdHJhaWwtZXZlbnQtcmVmZXJlbmNlLWF3cy1jb25zb2xlLXNpZ24taW4tZXZlbnRzLmh0bWxdKGRvY3VtZW50YXRpb24pCnRha2UgYW4gZXh0cmEgY2FyZSBvZiB5b3VyIGNsb3VkdHJhaWwgcmVnaW9uIGNvbmZpZ3VyYXRpb24gd2hlbgpkZWFsaW5nIHdpdGggY29uc29sZSBzaWduaW5nIGV2ZW50IGNhcHR1cmUgYW5kIHBsZWFzZSBrZWVwIGluIG1pbmQKdGhhdCBldmVudCBzdWNjZXNzZnVsIGFuZCBmYWlsZWQgbG9naW4gYXR0ZW1wdHMgbWlnaHQgbm90IGJlIHNlbnQgaW4KdGhlIHNhbWUgY2xvdWR0cmFpbCByZWdpb24uCgpQbGVhc2Uga2VlcCBpbiBtaW5kIHRoYXQgb25seSBjb25zb2xlIHNpZ25pbmcgcmVnYXJkaW5kIGV4aXN0aW5nIHVzZXJzCmFyZSBjYXB0dXJlZCBpbiBjbG91ZHRyYWlsLiBUaGlzIG1ha2VzIHRoaXMgc2NlbmFyaW8gdXNlZnVsIGZvcgpleGlzdGluZyB1c2VycyBhbmQgdGhlIHJvb3QgdXNlci4K", "content": "dHlwZTogbGVha3kKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAzMHMKbmFtZTogY3Jvd2RzZWN1cml0eS9hd3MtY2xvdWR0cmFpbC1iZi1jb25zb2xlLWxvZ2luCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGNvbnNvbGUgbG9naW4gYnJ1dGVmb3JjZSIKZmlsdGVyOiB8CiAgICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXdzLWNsb3VkdHJhaWwnICYmICgKICAgICAgKGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gJ0NvbnNvbGVMb2dpbicgJiYgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwucmVzcG9uc2VFbGVtZW50cy5Db25zb2xlTG9naW4gPT0gJ0ZhaWx1cmUnKSB8fCAKICAgICAgKGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gJ0dldFNlc3Npb25Ub2tlbicgJiYgZXZ0Lk1ldGEuZXJyb3JfY29kZT09J0FjY2Vzc0RlbmllZCcpIHx8IAogICAgICAoZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAnR2V0RmVkZXJhdGlvblRva2VuJyAmJiBldnQuTWV0YS5lcnJvcl9jb2RlPT0nQWNjZXNzRGVuaWVkJykKICAgICkKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCnNjb3BlOgogIHR5cGU6IElwCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJjbG91ZDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQVdTIGJydXRlZm9yY2UiCiAgc2VydmljZTogYXdzCiAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect console login bruteforce", "author": "crowdsecurity", "labels": { "behavior": "cloud:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "AWS bruteforce", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-cloudtrail-config-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0c1565cb16ff3c47ac734540ffb5336b56d776a4f2aedb8a711e688d91a798be", "deprecated": false }, "0.2": { "digest": "49301847b1949702565f8f21c9e712f77091d2cca2aa9295c3754ef47a6a66fd", "deprecated": false }, "0.3": { "digest": "db8a91cd9a7633e7247fbed247c56409f5069f4d05ce2eae415ecb86473e21ef", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgQ2xvdWRUcmFpbCBjb25maWd1cmF0aW9uIGNoYW5nZXMgYmFzZWQgb24gY2xvdWR0cmFpbCBsb2dzIChTZWN0aW9uIDQuNSBvZiBDSVMgQVdTIEZvdW5kYXRpb24gQmVuY2htYXJrIDEuNC4wICkuCgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWNsb3VkdHJhaWwtY29uZmlnLWNoYW5nZQpkZXNjcmlwdGlvbjogIkRldGVjdCBBV1MgQ2xvdWRUcmFpbCBjb25maWd1cmF0aW9uIGNoYW5nZSIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogICgKICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJDcmVhdGVUcmFpbCIgfHwKICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJVcGRhdGVUcmFpbCIgfHwKICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZWxldGVUcmFpbCIgfHwKICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJTdGFydExvZ2dpbmciIHx8CiAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiU3RvcExvZ2dpbmciCiAgKQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNzAKICBiZWhhdmlvcjogImNsb3VkOmF1ZGl0IgogIGxhYmVsOiAiQVdTIENsb3VkVHJhaWwgaW5kaWNhdG9yIHJlbW92YWwiCiAgc2VydmljZTogYXdzCiAgY3RpOiBmYWxzZQogIHJlbWVkaWF0aW9uOiBmYWxzZQo=", "description": "Detect AWS CloudTrail configuration change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1070" ], "confidence": 3, "cti": false, "label": "AWS CloudTrail indicator removal", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-config-config-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-config-config-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "89682b953904dfeba200893663da5739fc9413ba49fb62680077e99dc5b9304d", "deprecated": false }, "0.2": { "digest": "fea7794d9faf11307df2430f12549e4d1d53a900d54cde602cda1f1df3d70f7c", "deprecated": false }, "0.3": { "digest": "91b2bf6f35ee2d445b8796c04a7db9ff758a57ad9dfddfca64a96596f940d2d8", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgQ29uZmlnIGNvbmZpZ3VyYXRpb24gY2hhbmdlcyBiYXNlZCBvbiBjbG91ZHRyYWlsIGxvZ3MgKFNlY3Rpb24gNC45IG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS40LjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWNvbmZpZy1jb25maWctY2hhbmdlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFXUyBDb25maWcgY29uZmlndXJhdGlvbiBjaGFuZ2UiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcgJiYgCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXZlbnRTb3VyY2UgPT0gImNvbmZpZy5hbWF6b25hd3MuY29tIiAmJgogICgKICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiU3RvcENvbmZpZ3VyYXRpb25SZWNvcmRlciIgfHwKICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlRGVsaXZlcnlDaGFubmVsIiB8fAogICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJQdXREZWxpdmVyeUNoYW5uZWwiIHx8CiAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIlB1dENvbmZpZ3VyYXRpb25SZWNvcmRlciIKICApCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA3MAogIGJlaGF2aW9yOiAiY2xvdWQ6YXVkaXQiCiAgbGFiZWw6ICJBV1MgQ29uZmlnIGluZGljYXRvciByZW1vdmFsIgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect AWS Config configuration change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1070" ], "confidence": 3, "cti": false, "label": "AWS Config indicator removal", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-console-auth-fail": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-console-auth-fail.yaml", "version": "0.3", "versions": { "0.1": { "digest": "85fcb63c663930b9f594149cd3c8539697878f93ac09c0c3d36decb71fb5ce37", "deprecated": false }, "0.2": { "digest": "3a33549ef1d3817ae5a5f8401dab3c1ae94f1652e0e368afbef2c6174e2250d1", "deprecated": false }, "0.3": { "digest": "de9ccd8f59613c7193d0382699d690c28c7f5b8ea62157b78433c0f8db9efc64", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgQ29uc29sZSBhdXRoZW50aWNhdGlvbiBmYWlsdXJlcyBiYXNlZCBvbiBjbG91ZHRyYWlsIGxvZ3MgKFNlY3Rpb24gNC42IG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS40LjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWNvbnNvbGUtYXV0aC1mYWlsCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFXUyBjb25zb2xlIGF1dGhlbnRpY2F0aW9uIGZhaWx1cmUiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcgJiYgCiAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ29uc29sZUxvZ2luIiAmJiAKICBldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5lcnJvck1lc3NhZ2UgPT0gIkZhaWxlZCBhdXRoZW50aWNhdGlvbiIKbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJjbG91ZDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQVdTIGJydXRlZm9yY2UiCiAgc2VydmljZTogYXdzCiAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect AWS console authentication failure", "author": "crowdsecurity", "labels": { "behavior": "cloud:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "AWS bruteforce", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-iam-policy-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-iam-policy-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "83c4a6cc8276b0deed37070abd250799256a470effb6891e912b5a84c4e90ab8", "deprecated": false }, "0.2": { "digest": "3b0e6063d92530f6ca4a78a05a4005d6513d84a7bb956adf5885e9d21b9cfb7a", "deprecated": false }, "0.3": { "digest": "a4e20fa41638b68e70403d65912af5d10f2abb3737400ff22b64de36524ca6df", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgSUFNIHBvbGljeSBjaGFuZ2VzIChTZWN0aW9uIDQuNCBvZiBDSVMgQVdTIEZvdW5kYXRpb24gQmVuY2htYXJrIDEuNC4wICkuCgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWlhbS1wb2xpY3ktY2hhbmdlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFXUyBJQU0gcG9saWN5IGNoYW5nZSIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogICgKICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZUdyb3VwUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlUm9sZVBvbGljeSIgfHwKICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZVVzZXJQb2xpY3kiIHx8CiAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJQdXRHcm91cFBvbGljeSIgfHwKICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIlB1dFJvbGVQb2xpY3kiIHx8CiAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJQdXRVc2VyUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlUG9saWN5VmVyc2lvbiIgfHwKICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZVBvbGljeVZlcnNpb24iIHx8CiAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJBdHRhY2hSb2xlUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGV0YWNoUm9sZVBvbGljeSIgfHwKICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkF0dGFjaFVzZXJQb2xpY3kiIHx8CiAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZXRhY2hVc2VyUG9saWN5IiB8fAogICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQXR0YWNoR3JvdXBQb2xpY3kiIHx8CiAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZXRhY2hHcm91cFBvbGljeSIKICApCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA5OC4wMDMKICBiZWhhdmlvcjogImNsb3VkOmF1ZGl0IgogIGxhYmVsOiAiQVdTIElBTSBwZXJzaXN0ZW50IGFjY2VzcyIKICBzZXJ2aWNlOiBhd3MKICBjdGk6IGZhbHNlCiAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect AWS IAM policy change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1098.003" ], "confidence": 3, "cti": false, "label": "AWS IAM persistent access", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-kms-deletion": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-kms-deletion.yaml", "version": "0.3", "versions": { "0.1": { "digest": "1ba56c6b7e00f956d4882fedd48a76c2dd41af5d4c87b5940a95a6c649b7d5cf", "deprecated": false }, "0.2": { "digest": "3c449f3d2bc65d63b18d487235802fc76041ee070725e8d1c450e4b308953951", "deprecated": false }, "0.3": { "digest": "90b8df48f799eedc39cbe7eb2f4ce03705369054cbc670cd4f5f70f226673f41", "deprecated": false } }, "long_description": "RGV0ZWN0cyBkaXNhYmxpbmcgb3Igc2NoZWR1bGVkIGRlbGV0aW9uIGNyZWF0aW9uIGZvciBBV1MgS01TIGtleXMgKFNlY3Rpb24gNC43IG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS40LjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWttcy1kZWxldGlvbgpkZXNjcmlwdGlvbjogIkRldGVjdCBBV1MgS01TIGtleSBkZWxldGlvbiIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogIGV2dC5Vbm1hcnNoYWxlZC5jbG91ZHRyYWlsLmV2ZW50U291cmNlID09ICJrbXMuYW1hem9uYXdzLmNvbSIgJiYKICAoZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGlzYWJsZUtleSIgfHwgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiU2NoZWR1bGVLZXlEZWxldGlvbiIpCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTQ4NQogIGJlaGF2aW9yOiAiY2xvdWQ6YXVkaXQiCiAgbGFiZWw6ICJBV1MgS01TIGluZGljYXRvciByZW1vdmFsIgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect AWS KMS key deletion", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1485" ], "confidence": 3, "cti": false, "label": "AWS KMS indicator removal", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-login-no-mfa": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-login-no-mfa.yaml", "version": "0.3", "versions": { "0.1": { "digest": "acbd23a2dfe15721356f918ed88d0cc5ff6339dfc84209bbd32c2846f6344838", "deprecated": false }, "0.2": { "digest": "c08ae8cabf835305150c43555784b8efce56b8c76ba51ec900bbe0e4455360d9", "deprecated": false }, "0.3": { "digest": "e2b29eee2cb68292071234841b8f11e4d9599357f5e81e575a4919671b45c764", "deprecated": false } }, "long_description": "RGV0ZWN0cyBsb2dpbiB3aXRob3V0IE1GQSB0byB0aGUgQVdTIGNvbnNvbGUgKFNlY3Rpb24gMy4yIG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS4yLjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLWxvZ2luLW5vLW1mYQpkZXNjcmlwdGlvbjogIkRldGVjdCBsb2dpbiB3aXRob3V0IE1GQSB0byB0aGUgQVdTIGNvbnNvbGUiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcgJiYKICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJDb25zb2xlTG9naW4iICYmCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuYWRkaXRpb25hbEV2ZW50RGF0YS5NRkFVc2VkICE9ICJZZXMiICYmCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwudXNlcklkZW50aXR5LnR5cGUgPT0gIklBTVVzZXIiICYmCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwucmVzcG9uc2VFbGVtZW50cy5Db25zb2xlTG9naW4gPT0gIlN1Y2Nlc3MiCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU1MgogICAgLSBhdHRhY2suVDEwNzguMDA0CiAgbGFiZWw6ICJBV1MgQ3JlZGVudGlhbCBtaXN1c2UiCiAgYmVoYXZpb3I6ICJjbG91ZDp1bnVzdWFsLWFjdGl2aXR5IgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect login without MFA to the AWS console", "author": "crowdsecurity", "labels": { "behavior": "cloud:unusual-activity", "classification": [ "attack.T1552", "attack.T1078.004" ], "confidence": 3, "cti": false, "label": "AWS Credential misuse", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-nacl-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-nacl-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "803aa6ee23f0c3b96d4d5860223cd8cfb5c9e51ee7ba20ebac5efd3cb26a3211", "deprecated": false }, "0.2": { "digest": "b15c1c9eaa7b1e5aff2092996c79e469049230f2d299fb17dfeae30152812417", "deprecated": false }, "0.3": { "digest": "447a0db8b568d4b0725b87b8f798999b037344e7edfbfc44ac795130b45f9696", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgTkFDTCBjaGFuZ2VzIGJhc2VkIG9uIGNsb3VkdHJhaWwgbG9ncyAoU2VjdGlvbiA0LjExIG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS40LjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLW5hY2wtY2hhbmdlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFXUyBOQUNMIGNoYW5nZSIKZmlsdGVyOiB8CiAgICAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogICAgICgKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJDcmVhdGVOZXR3b3JrQWNsIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkNyZWF0ZU5ldHdvcmtBY2xFbnRyeSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZWxldGVOZXR3b3JrQWNsIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZU5ldHdvcmtBY2xFbnRyeSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJSZXBsYWNlTmV0d29ya0FjbEVudHJ5IiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIlJlcGxhY2VOZXR3b3JrQWNsQXNzb2NpYXRpb24iCiAgICAgKQpsYWJlbHM6CiAgICAgY29uZmlkZW5jZTogMwogICAgIHNwb29mYWJsZTogMAogICAgIGNsYXNzaWZpY2F0aW9uOgogICAgICAgICAgLSBhdHRhY2suVDE1NzgKICAgICBiZWhhdmlvcjogImNsb3VkOmF1ZGl0IgogICAgIGxhYmVsOiAiQVdTIE5BQ0wgY2hhbmdlIgogICAgIHNlcnZpY2U6IGF3cwogICAgIGN0aTogZmFsc2UKICAgICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect AWS NACL change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS NACL change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-ngw-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-ngw-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "5a14ac3091ce73ecd32c2f37f5280676baae5b9b8161435bdd71a010a1faeb0d", "deprecated": false }, "0.2": { "digest": "802a2aeb7b24f95c4280e75ec62efa941af5714785d1828dddb35e62fbe2ea2b", "deprecated": false }, "0.3": { "digest": "07e40919e70ffc2a14ab744a51846b80ee486c061d4b4326fc0ddd65b2584a1f", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgTmV0d29yayBHYXRld2F5IGNoYW5nZXMgYmFzZWQgb24gY2xvdWR0cmFpbCBsb2dzIChTZWN0aW9uIDQuMTIgb2YgQ0lTIEFXUyBGb3VuZGF0aW9uIEJlbmNobWFyayAxLjQuMCApLgoK", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLW5ndy1jaGFuZ2UKZGVzY3JpcHRpb246ICJEZXRlY3QgQVdTIE5ldHdvcmsgR2F0ZXdheSBjaGFuZ2UiCmZpbHRlcjogfAogICAgIGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcgJiYKICAgICAoCiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlQ3VzdG9tZXJHYXRld2F5IiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZUN1c3RvbWVyR2F0ZXdheSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJBdHRhY2hJbnRlcm5ldEdhdGV3YXkiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlSW50ZXJuZXRHYXRld2F5IiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZUludGVybmV0R2F0ZXdheSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZXRhY2hJbnRlcm5ldEdhdGV3YXkiCiAgICAgKQpsYWJlbHM6CiAgICAgY29uZmlkZW5jZTogMwogICAgIHNwb29mYWJsZTogMAogICAgIGNsYXNzaWZpY2F0aW9uOgogICAgICAgICAgLSBhdHRhY2suVDE1NzgKICAgICBiZWhhdmlvcjogImNsb3VkOmF1ZGl0IgogICAgIGxhYmVsOiAiQVdTIE5ldHdvcmsgR2F0ZXdheSBjaGFuZ2UiCiAgICAgc2VydmljZTogYXdzCiAgICAgY3RpOiBmYWxzZQogICAgIHJlbWVkaWF0aW9uOiBmYWxzZQo=", "description": "Detect AWS Network Gateway change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS Network Gateway change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-root-usage": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-root-usage.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4fc540e39e1ee2d314e22c1d1fcfb2dfd215b2773befb7c0d688feacb4dd7f05", "deprecated": false }, "0.2": { "digest": "0327d973e276861ef87fa71b6cf7503791d080e8cbf8e2581ae901e4dd270658", "deprecated": false }, "0.3": { "digest": "e74032688adb9f64b803e02750bf257b7e6f4dd4557a796c0b2d28748539d0e0", "deprecated": false } }, "long_description": "RGV0ZWN0cyB1c2FnZSBvZiB0aGUgQVdTIHJvb3QgYWNjb3VudCBiYXNlZCBvbiBjbG91dHJhaWwgbG9ncyAoU2VjdGlvbiAxLjcgb2YgQ0lTIEFXUyBGb3VuZGF0aW9uIEJlbmNobWFyayAxLjQuMCApLgoK", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXJvb3QtdXNhZ2UKZGVzY3JpcHRpb246ICJEZXRlY3QgQVdTIHJvb3QgYWNjb3VudCB1c2FnZSIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogIGV2dC5Vbm1hcnNoYWxlZC5jbG91ZHRyYWlsLnVzZXJJZGVudGl0eS50eXBlID09ICJSb290IiAmJgogIGV2dC5Vbm1hcnNoYWxlZC5jbG91ZHRyYWlsLnVzZXJJZGVudGl0eS5pbnZva2VkQnkgPT0gbmlsICYmCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXZlbnRUeXBlICE9ICJBd3NTZXJ2aWNlRXZlbnQiCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA3OAogICAgLSBhdHRhY2suVDEwOTgKICBiZWhhdmlvcjogImNsb3VkOnVudXN1YWwtYWN0aXZpdHkiCiAgbGFiZWw6ICJBV1Mgcm9vdCBhY2NvdW50IHVzYWdlIgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect AWS root account usage", "author": "crowdsecurity", "labels": { "behavior": "cloud:unusual-activity", "classification": [ "attack.T1078", "attack.T1098" ], "confidence": 3, "cti": false, "label": "AWS root account usage", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-route-table-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-route-table-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "2ad4d52b87e36f02ab21e417aa716ddc55b07eb13c4c48acf18adb43d4b03784", "deprecated": false }, "0.2": { "digest": "8a0f435a6f66b90447c8dd34b0b20767e1f83982793a4c7cf7d4fa61fb64018e", "deprecated": false }, "0.3": { "digest": "c3f8f25d06824a347f4798d05e565847f9dbf5ed9fc3b3707ef3c947000b02ca", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgUm91dGUgVGFibGUgY2hhbmdlcyBiYXNlZCBvbiBjbG91ZHRyYWlsIGxvZ3MgKFNlY3Rpb24gNC4xMyBvZiBDSVMgQVdTIEZvdW5kYXRpb24gQmVuY2htYXJrIDEuNC4wICkuCgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXJvdXRlLXRhYmxlLWNoYW5nZQpkZXNjcmlwdGlvbjogIkRldGVjdCBBV1Mgcm91dGUgdGFibGUgY2hhbmdlIgpmaWx0ZXI6IHwKICAgICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXdzLWNsb3VkdHJhaWwnICYmCiAgICAgKAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkNyZWF0ZVJvdXRlIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkNyZWF0ZVJvdXRlVGFibGUiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUmVwbGFjZVJvdXRlIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIlJlcGxhY2VSb3V0ZVRhYmxlQXNzb2NpYXRpb24iIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlUm91dGVUYWJsZSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZWxldGVSb3V0ZSIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEaXNhc3NvY2lhdGVSb3V0ZVRhYmxlIgogICAgICkKbGFiZWxzOgogICAgIGNvbmZpZGVuY2U6IDMKICAgICBzcG9vZmFibGU6IDAKICAgICBjbGFzc2lmaWNhdGlvbjoKICAgICAgICAgIC0gYXR0YWNrLlQxNTc4CiAgICAgYmVoYXZpb3I6ICJjbG91ZDphdWRpdCIKICAgICBsYWJlbDogIkFXUyByb3V0ZSB0YWJsZSBjaGFuZ2UiCiAgICAgc2VydmljZTogYXdzCiAgICAgY3RpOiBmYWxzZQogICAgIHJlbWVkaWF0aW9uOiBmYWxzZQo=", "description": "Detect AWS route table change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS route table change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-s3-policy-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-s3-policy-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "fdbf3d2258567b03570a351499548e9ddffcef378699e396488c402961010f3b", "deprecated": false }, "0.2": { "digest": "8901ab45f32826f94cabd09b66aaae362e628784c89b54c5f2f3338c1de6ae43", "deprecated": false }, "0.3": { "digest": "13dc450f6b43544b9b7a7f51dbc149cba22d63fc902b29fc7299e71538b424dc", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgUzMgYnVja2V0cyBwb2xpY3kgY2hhbmdlcyBiYXNlZCBvbiBjbG91ZHRyYWlsIGxvZ3MgKFNlY3Rpb24gNC44IG9mIENJUyBBV1MgRm91bmRhdGlvbiBCZW5jaG1hcmsgMS40LjAgKS4KCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXMzLXBvbGljeS1jaGFuZ2UKZGVzY3JpcHRpb246ICJEZXRlY3QgQVdTIFMzIGJ1Y2tldCBwb2xpY3kgY2hhbmdlIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXdzLWNsb3VkdHJhaWwnICYmCiAgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXZlbnRTb3VyY2UgPT0gInMzLmFtYXpvbmF3cy5jb20iICYmCiAgKAogICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJQdXRCdWNrZXRBY2wiIHx8CiAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIlB1dEJ1Y2tldFBvbGljeSIgfHwKICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUHV0QnVja2V0Q29ycyIgfHwKICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUHV0QnVja2V0TGlmZWN5Y2xlIiB8fAogICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJQdXRCdWNrZXRSZXBsaWNhdGlvbiIgfHwKICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlQnVja2V0UG9saWN5IiB8fAogICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZWxldGVCdWNrZXRDb3JzIiB8fAogICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJEZWxldGVCdWNrZXRMaWZlY3ljbGUiIHx8CiAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZUJ1Y2tldFJlcGxpY2F0aW9uIgogICkKbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTc4CiAgYmVoYXZpb3I6ICJjbG91ZDphdWRpdCIKICBsYWJlbDogIkFXUyBTMyBidWNrZXQgcG9saWN5IGNoYW5nZSIKICBzZXJ2aWNlOiBhd3MKICBjdGk6IGZhbHNlCiAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect AWS S3 bucket policy change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS S3 bucket policy change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-security-group-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-security-group-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "d607b48d890f43c1f2c56fcf0ae77e762d2f3fffc197cfc9a9a5d512d7f8cbdf", "deprecated": false }, "0.2": { "digest": "c3f007b90e064c06f12dc844c8b364f400c4cf136773f84a0e6592b3669b733e", "deprecated": false }, "0.3": { "digest": "8d4a3a69d3af2137f542d56f0dc6e95bf1239b3c02d3570ac07d32ccc08e4520", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgU2VjdXJpdHkgR3JvdXAgY2hhbmdlcyBiYXNlZCBvbiBjbG91ZHRyYWlsIGxvZ3MgKFNlY3Rpb24gNC4xMCBvZiBDSVMgQVdTIEZvdW5kYXRpb24gQmVuY2htYXJrIDEuNC4wICkuCgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXNlY3VyaXR5LWdyb3VwLWNoYW5nZQpkZXNjcmlwdGlvbjogIkRldGVjdCBBV1MgU2VjdXJpdHkgR3JvdXAgY2hhbmdlIgpmaWx0ZXI6IHwKICAgICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXdzLWNsb3VkdHJhaWwnICYmCiAgICAgKAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkF1dGhvcml6ZVNlY3VyaXR5R3JvdXBJbmdyZXNzIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkF1dGhvcml6ZVNlY3VyaXR5R3JvdXBFZ3Jlc3MiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUmV2b2tlU2VjdXJpdHlHcm91cEluZ3Jlc3MiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUmV2b2tlU2VjdXJpdHlHcm91cEVncmVzcyIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJDcmVhdGVTZWN1cml0eUdyb3VwIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZVNlY3VyaXR5R3JvdXAiCiAgICAgKQpsYWJlbHM6CiAgICAgY29uZmlkZW5jZTogMwogICAgIHNwb29mYWJsZTogMAogICAgIGNsYXNzaWZpY2F0aW9uOgogICAgICAgICAgLSBhdHRhY2suVDE1NzgKICAgICBiZWhhdmlvcjogImNsb3VkOmF1ZGl0IgogICAgIGxhYmVsOiAiQVdTIFNlY3VyaXR5IEdyb3VwIGNoYW5nZSIKICAgICBzZXJ2aWNlOiBhd3MKICAgICBjdGk6IGZhbHNlCiAgICAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect AWS Security Group change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS Security Group change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-unauthorized-call": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-unauthorized-call.yaml", "version": "0.4", "versions": { "0.1": { "digest": "170dec43ada23d1dbcc17b41339153be450c327cc52a0c7d6d185d27b980285e", "deprecated": false }, "0.2": { "digest": "1c8f6f867a518195e0fceba35a5254464feac7747cd8f63003c7dd1ab196a578", "deprecated": false }, "0.3": { "digest": "5a70025204fcf6e779098e33a95bd45af119fe889167b99c1889904800ffe9c5", "deprecated": false }, "0.4": { "digest": "f8bcacd4930eb310c925ea58d3170bcaf6a765fbfb743e66de5406b88c26ea1a", "deprecated": false } }, "long_description": "RGV0ZWN0IHVuYXV0aG9yaXplZCBBV1MgQVBJIGNhbGxzIGJhc2VkIG9uIGNsb3VkdHJhaWwgbG9ncyAoU2VjdGlvbiAzLjEgb2YgQ0lTIEFXUyBGb3VuZGF0aW9uIEJlbmNobWFyayAxLjIuMCApLg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXVuYXV0aG9yaXplZC1jYWxsCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEFXUyBBUEkgdW5hdXRob3JpemVkIGNhbGxzIgpmaWx0ZXI6IHwKICAgICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXdzLWNsb3VkdHJhaWwnICYmCiAgICAgKAogICAgICAgICAgKGV2dC5Vbm1hcnNoYWxlZC5jbG91ZHRyYWlsLmVycm9yQ29kZSAhPSBuaWwgJiYgZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXJyb3JDb2RlIG1hdGNoZXMgIi4qVW5hdXRob3JpemVkT3BlcmF0aW9uJCIpIHx8CiAgICAgICAgICAoZXZ0LlVubWFyc2hhbGVkLmNsb3VkdHJhaWwuZXJyb3JDb2RlICE9IG5pbCAmJiBldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5lcnJvckNvZGUgbWF0Y2hlcyAiXkFjY2Vzc0RlbmllZC4qIikKICAgICApCmxhYmVsczoKICAgICBjb25maWRlbmNlOiAzCiAgICAgc3Bvb2ZhYmxlOiAwCiAgICAgY2xhc3NpZmljYXRpb246CiAgICAgICAgICAtIGF0dGFjay5UMTIxMgogICAgIGJlaGF2aW9yOiAiY2xvdWQ6YXVkaXQiCiAgICAgbGFiZWw6ICJBV1MgQVBJIHVuYXV0aG9yaXplZCBjYWxscyIKICAgICBzZXJ2aWNlOiBhd3MKICAgICBjdGk6IGZhbHNlCiAgICAgcmVtZWRpYXRpb246IGZhbHNlCg==", "description": "Detect AWS API unauthorized calls", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1212" ], "confidence": 3, "cti": false, "label": "AWS API unauthorized calls", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cis-benchmark-vpc-change": { "path": "scenarios/crowdsecurity/aws-cis-benchmark-vpc-change.yaml", "version": "0.3", "versions": { "0.1": { "digest": "03be2557184d98582fa9d460f45c73e67860926b8afbebea9737e2220e7ca54d", "deprecated": false }, "0.2": { "digest": "ff3de61cf76336f3a9b87b8390172e9113ea3d92457845e29704fc114d8ec644", "deprecated": false }, "0.3": { "digest": "dbaf2ca85f6d5129bb3ad9031559ce21b8a1eb844e3a614cb00c47f23dbfb803", "deprecated": false } }, "long_description": "RGV0ZWN0cyBBV1MgVlBDIGNoYW5nZXMgYmFzZWQgb24gY2xvdWR0cmFpbCBsb2dzIChTZWN0aW9uIDQuMTQgb2YgQ0lTIEFXUyBGb3VuZGF0aW9uIEJlbmNobWFyayAxLjQuMCApLgoK", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2F3cy1jaXMtYmVuY2htYXJrLXZwYy1jaGFuZ2UKZGVzY3JpcHRpb246ICJEZXRlY3QgQVdTIFZQQyBjaGFuZ2UiCmZpbHRlcjogfAogICAgIGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcgJiYKICAgICAoCiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlVnBjIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkRlbGV0ZVZwYyIgfHwKICAgICBldnQuTWV0YS5ldmVudF9uYW1lID09ICJNb2RpZnlWcGNBdHRyaWJ1dGUiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQWNjZXB0VnBjUGVlcmluZ0Nvbm5lY3Rpb24iIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQ3JlYXRlVnBjUGVlcmluZ0Nvbm5lY3Rpb24iIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGVsZXRlVnBjUGVlcmluZ0Nvbm5lY3Rpb24iIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiUmVqZWN0VnBjUGVlcmluZ0Nvbm5lY3Rpb24iIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiQXR0YWNoQ2xhc3NpY0xpbmtWcGMiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGV0YWNoQ2xhc3NpY0xpbmtWcGMiIHx8CiAgICAgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAiRGlzYWJsZVZwY0NsYXNzaWNMaW5rIiB8fAogICAgIGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gIkVuYWJsZVZwY0NsYXNzaWNMaW5rIgogICAgICkKbGFiZWxzOgogICAgIGNvbmZpZGVuY2U6IDMKICAgICBzcG9vZmFibGU6IDAKICAgICBjbGFzc2lmaWNhdGlvbjoKICAgICAgICAgIC0gYXR0YWNrLlQxNTc4CiAgICAgYmVoYXZpb3I6ICJjbG91ZDphdWRpdCIKICAgICBsYWJlbDogIkFXUyBWUEMgY2hhbmdlIgogICAgIHNlcnZpY2U6IGF3cwogICAgIGN0aTogZmFsc2UKICAgICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect AWS VPC change", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1578" ], "confidence": 3, "cti": false, "label": "AWS VPC change", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-cloudtrail-postexploit": { "path": "scenarios/crowdsecurity/aws-cloudtrail-postexploit.yaml", "version": "0.3", "versions": { "0.1": { "digest": "66e1721989b0bca40bdf99b15be757138bdf9968153692618ada0a1df57d3131", "deprecated": false }, "0.2": { "digest": "043c04b40049195eb4b64ee20f4273379b58b8937fdeaa538583ca31777f5b3e", "deprecated": false }, "0.3": { "digest": "c42300373b23dd1d14b380c8ef7fbc491ac431726353f7142a1ecea1db1df4a3", "deprecated": false } }, "long_description": "IyBBV1MgY2xvdWR0cmFpbCBwb3N0ZXhwbG9pdGF0aW9uIGRldGVjdGlvbgoKVGhlc2Ugc2NlbmFyaW9zIG5lZWQgdGhlIGNyb3dkc2VjdXJpdHkvYXdzLWNsb3VkdHJhaWwgcGFyc2VyIGFuZApkZXRlY3QgQVBJIGNhbGxzIGtub3duIGZvciBiZWluZyB1c2VkIGZvciBlbnVtZXJhdGlvbiBhZnRlciBhCmNvbXByb21pc3Npb24uIFRob3NlIHNjZW5hcmlvcyB0cmlnZ2VyaW5nIGNhbiBiZSBhbiBpbmRpY2F0aW9uIG9mCmNvbXByb21pc3Npb24uIFRoZXJlJ3JlIHR3byBzY2VuYXJpb3MgaGVyZSwgYW5kIG9uZSBpcyBhIGJpdCBtb3JlCm5vaXN5LCBtZWFudCB0byBiZSB1c2VkIGluIGVudmlyb25tZW50IHdoZXJlIHNlY3VyaXR5IHN0YW5kYXJkIGFyZQptZWFudCB0byBiZSBoaWdoLgoK", "content": "dHlwZTogY29uZGl0aW9uYWwKbmFtZTogY3Jvd2RzZWN1cml0eS9hd3MtY2xvdWR0cmFpbC1wb3N0ZXhwbG9pdApkZXNjcmlwdGlvbjogInBvc3RleHBsb2l0YXRpb24gZGV0ZWN0aW9uIChub2lzeSkiCiNkZWJ1ZzogdHJ1ZQpjYXBhY2l0eTogLTEKbGVha3NwZWVkOiAxbQpkaXN0aW5jdDogZXZ0Lk1ldGEuZXZlbnRfbmFtZQpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdhd3MtY2xvdWR0cmFpbCcKY29uZGl0aW9uOiB8CiAgY291bnQocXVldWUuUXVldWUsICMuTWV0YS5ldmVudF9uYW1lIGluIFsiTGlzdFVzZXJQb2xpY2llcyIsICJMaXN0UG9saWNpZXMiLCAiTGlzdEJ1Y2tldHMiLCAiTGlzdEFwcGxpY2F0aW9ucyIsICJEZXNjcmliZUluc3RhbmNlcyIsICJHZXRDYWxsZXJJZGVudGl0eSIsICJHZXRGdW5jdGlvbnMiLCAiRGVzY3JpYmVBY2NvdW50QXR0cmlidXRlcyIsICJMaXN0UmVzb3VyY2VzIl0gb3IgIy5NZXRhLmV2ZW50X25hbWUgc3RhcnRzV2l0aCAiTGlzdEZ1bmN0aW9ucyIpID4gMgpibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKc2NvcGU6CiAgdHlwZTogQXdzQVJOCiAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEudXNlcl9hcm4KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDg3CiAgICAtIGF0dGFjay5UMTUyNgogIGJlaGF2aW9yOiAiY2xvdWQ6YXVkaXQiCiAgbGFiZWw6ICJBV1MgcG9zdC1leHBsb2l0YXRpb24gZGV0ZWN0aW9uIgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "postexploitation detection (noisy)", "author": "crowdsecurity", "labels": { "behavior": "cloud:audit", "classification": [ "attack.T1087", "attack.T1526" ], "confidence": 3, "cti": false, "label": "AWS post-exploitation detection", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/aws-nwo-login": { "path": "scenarios/crowdsecurity/aws-nwo-login.yaml", "version": "0.4", "versions": { "0.1": { "digest": "f093c51096d55419851635001ec2c2e31fbbc1453286237d1d6229ec1bcc6808", "deprecated": false }, "0.2": { "digest": "d0e55e36721acc0280dffa4759e1f0f5e51d59864c5055fdc326eff851cae608", "deprecated": false }, "0.3": { "digest": "ec5be63c7781960eadca9f774b2ea4e2461c8615741c5f039f3bc48bcd594b91", "deprecated": false }, "0.4": { "digest": "09ef326dcdf808760c146ff2e5078245666b247c3023f30fb6f03cf27f8a0b3d", "deprecated": false } }, "long_description": "IyBOb24gd29ya2luZyBob3VyIC8gbm9uIHdvcmtpbmcgZGF5IGxvZ2luCgpUaGlzIHNjZW5hcmlvIG5lZWRzIHRoZSBjcm93ZHNlY3VyaXR5L2F3cy1jbG91ZHRyYWlsIHBhcnNlciBhbmQKZGV0ZWN0cyBub24gd29ya2luZyBob3Vycy9kYXlzIGxvZ2luIGluIHRoZSBhd3MgY29uc29sZS4gWW91IG1heSB3YW50IHRvCmFkYXB0IHRoZSBob3VycyB0byB5b3VyIHNwZWNpZmljIG5lZWRzLiBBcyBhbiBleGFtcGxlLCB0aGUgc2NlbmFyaW8gaXMKd3JpdHRlbiBmb3IgVVRDKzIgd29ya2luZyBob3Vycy4KCkZvbGxvd2luZyB0aGUKW2h0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hd3NjbG91ZHRyYWlsL2xhdGVzdC91c2VyZ3VpZGUvY2xvdWR0cmFpbC1ldmVudC1yZWZlcmVuY2UtYXdzLWNvbnNvbGUtc2lnbi1pbi1ldmVudHMuaHRtbF0oZG9jdW1lbnRhdGlvbikKdGFrZSBhbiBleHRyYSBjYXJlIG9mIHlvdXIgY2xvdWR0cmFpbCByZWdpb24gY29uZmlndXJhdGlvbiB3aGVuCmRlYWxpbmcgd2l0aCBjb25zb2xlIHNpZ25pbmcgZXZlbnQgY2FwdHVyZS4K", "content": "IyBOV0QvTldIIEFXUyBjb25zb2xlIGxvZ2luCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9hd3MtY2xvdWR0cmFpbC1ud28tbndkLWNvbnNvbGUtbG9naW4KZGVzY3JpcHRpb246ICJEZXRlY3QgY29uc29sZSBsb2dpbiBvdXRzaWRlIG9mIG9mZmljZSBob3VycyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2F3cy1jbG91ZHRyYWlsJyAmJgogIChldnQuTWV0YS5ldmVudF9uYW1lID09ICdDb25zb2xlTG9naW4nIHx8IGV2dC5NZXRhLmV2ZW50X25hbWUgPT0gJ0dldFNlc3Npb25Ub2tlbicgfHwgZXZ0Lk1ldGEuZXZlbnRfbmFtZSA9PSAnR2V0RmVkZXJhdGlvblRva2VuJykgJiYKICBldnQuVW5tYXJzaGFsZWQuY2xvdWR0cmFpbC5yZXNwb25zZUVsZW1lbnRzPy5Db25zb2xlTG9naW4gPT0gJ1N1Y2Nlc3MnICYmCiAgKAogICAoZXZ0LlRpbWUuSG91cigpID49IDE4IHx8IGV2dC5UaW1lLkhvdXIoKSA8IDYpIHx8IAogICAoZXZ0LlRpbWUuV2Vla2RheSgpLlN0cmluZygpID09ICdTYXR1cmRheScgfHwgZXZ0LlRpbWUuV2Vla2RheSgpLlN0cmluZygpID09ICdTdW5kYXknKQogICkKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCnNjb3BlOgogIHR5cGU6IEF3c0FSTgogIGV4cHJlc3Npb246IGV2dC5NZXRhLnVzZXJfYXJuCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA3OAogIGJlaGF2aW9yOiAiY2xvdWQ6dW51c3VhbC1hY3Rpdml0eSIKICBsYWJlbDogIkFXUyBicnV0ZWZvcmNlIgogIHNlcnZpY2U6IGF3cwogIGN0aTogZmFsc2UKICByZW1lZGlhdGlvbjogZmFsc2UK", "description": "Detect console login outside of office hours", "author": "crowdsecurity", "labels": { "behavior": "cloud:unusual-activity", "classification": [ "attack.T1078" ], "confidence": 3, "cti": false, "label": "AWS bruteforce", "remediation": false, "service": "aws", "spoofable": 0 } }, "crowdsecurity/ban-defcon-drop_range": { "path": "scenarios/crowdsecurity/ban-defcon-drop_range.yaml", "version": "0.2", "versions": { "0.1": { "digest": "da839847a4a67c1787ea5185e2b25e1e26710ac3b12e7c179a9bdda8a99b2009", "deprecated": false }, "0.2": { "digest": "e1068cba1ce38cc0c3b82b195e91b560e8675ae789c451bbef5c5b4aff1aff02", "deprecated": false } }, "long_description": "QmFucyBhIHJhbmdlIGlmIG1vcmUgdGhhbiA1IGlwcyBmcm9tIHNhaWQgcmFuZ2UgYXJlIGJhbm5lZC4KCkxlYWtzcGVlZCBvZiAxIG1pbnV0ZSwgY2FwYWNpdHkgb2YgNS4K", "content": "I1RBUCBJVCBUV0lDRSA6IGlmIG1vcmUgdGhhbiA1IHVuaXF1ZSBJUHMgb2YgYSByYW5nZSBhcmUgYmVpbmcgYmFubmVkLCBkcm9wIHRoZSByYW5nZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9iYW4tZGVmY29uLWRyb3BfcmFuZ2UKZGVzY3JpcHRpb246ICJCYW4gYSByYW5nZSBpZiBtb3JlIHRoYW4gNSBpcHMgZnJvbSBpdCBhcmUgYmFubmVkIGF0IGEgdGltZSIKI2l0J3MgYW4gb3ZlcmZsb3cgZnJvbSBhIHNjZW5hcmlvIHRoYXQgdHJpZ2dlcmVkIGEgcmVtZWRpYXRpb24gOykKZmlsdGVyOiAiZXZ0LkdldFR5cGUoKSA9PSAnb3ZlcmZsb3cnICYmIGV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpncm91cGJ5OiAiZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5SYW5nZSIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiByZW1lZGlhdGlvbjogdHJ1ZQpzY29wZToKIHR5cGU6IFJhbmdlCgo=", "description": "Ban a range if more than 5 ips from it are banned at a time", "author": "crowdsecurity", "labels": { "remediation": true } }, "crowdsecurity/configserver-lfd-bf": { "path": "scenarios/crowdsecurity/configserver-lfd-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "5752cf0e3b12356803e6a3d0a2a97dd89ec3266b4ce0b49d48f6bfe5980ee5bc", "deprecated": false } }, "long_description": "RGV0ZWN0cyBTU0ggYnJ1dGVmb3JjZSBhdHRlbXB0cyBibG9ja2VkIGJ5IENvbmZpZyBTZXJ2ZXIgKGFrYSBDU0YpLgoKTG9ncyB1c3VhbGx5IGluIHRoZSBmb2xsb3dpbmcgZmlsZTogL3Zhci9sb2cvbGZkLmxvZw==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2NvbmZpZ3NlcnZlci1sZmQtYmYKZGVzY3JpcHRpb246ICJEZXRlY3RzIFNTSCBicnV0ZWZvcmNlIGF0dGVtcHRzIGJsb2NrZWQgYnkgQ29uZmlnU2VydmVyLiIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdsZmQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogc3NoCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIlNTSCBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAic3NoOmJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKCg==", "description": "Detects SSH bruteforce attempts blocked by ConfigServer.", "author": "crowdsecurity", "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SSH Bruteforce", "remediation": true, "service": "ssh", "spoofable": 0 } }, "crowdsecurity/cpanel-bf": { "path": "scenarios/crowdsecurity/cpanel-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "120b1820b330939330df55df5da536cbe0885c9df11a2a0986fe80197be68981", "deprecated": false }, "0.2": { "digest": "25d6094169ab75c028f7d35e0b5bacf9ecf24e46484826c95405966562a2db0c", "deprecated": false }, "0.3": { "digest": "de1e8f9f8b442ad1a83a61d19a13af18821475e69086940d6521fdd6751753e2", "deprecated": false }, "0.4": { "digest": "a3216ec3c67bcfebd411b5c1240cd0fccb52d854031611fb1048f963ac91c26e", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIGluIGNwYW5lbCBsb2dpbi4g", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9jcGFuZWwtYmYKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBvbiBjcGFuZWwgbG9naW4iCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX2JmX2xvZyciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJjUGFuZWwgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBjcGFuZWwKICByZW1lZGlhdGlvbjogdHJ1ZQoK", "description": "Detect bruteforce on cpanel login", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "cPanel Bruteforce", "remediation": true, "service": "cpanel", "spoofable": 0 } }, "crowdsecurity/cpanel-bf-attempt": { "path": "scenarios/crowdsecurity/cpanel-bf-attempt.yaml", "version": "0.3", "versions": { "0.1": { "digest": "6b7b084a9a5ea68ade56b6bd171cfed65cc661b63b197a0f3cec2aef2fcdaeca", "deprecated": false }, "0.2": { "digest": "fa0b71d88fe4a96298bea7caadb858795ad091656907e3f94223d12f98b91715", "deprecated": false }, "0.3": { "digest": "c39220845d2f4df0519a620b3f92d8a54f7b81d9da9c34c460aca7ff5b9331a0", "deprecated": false } }, "long_description": "VHJpZ2dlciBhbGVydHMgd2hlbiB0aGlzIGxpbmUgaXMgbWF0Y2hlZDoKCmBgYGJhc2gKRkFJTEVEIExPR0lOIGNwYW5lbGQ6IGJydXRlIGZvcmNlIGF0dGVtcHQgKHVzZXIgY3NjcGFuZWwpIGhhcyBsb2NrZWQgb3V0IElQIDEuMi4zLjQKYGBg", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2NwYW5lbC1iZi1hdHRlbXB0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJydXRlZm9yY2UgYXR0ZW1wdCBvbiBjcGFuZWwgbG9naW4iCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX2JmX2F0dGVtcHQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMQogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiY1BhbmVsIEJydXRlZm9yY2UiCiAgc2VydmljZTogY3BhbmVsCiAgcmVtZWRpYXRpb246IHRydWU=", "description": "Detect bruteforce attempt on cpanel login", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 1, "label": "cPanel Bruteforce", "remediation": true, "service": "cpanel", "spoofable": 0 } }, "crowdsecurity/crowdsec-appsec-inband": { "path": "scenarios/crowdsecurity/crowdsec-appsec-inband.yaml", "version": "0.4", "versions": { "0.1": { "digest": "bf202b09575fe406d17ff9cf267cfc81d228bc0575038a8ae91a137ed4405b58", "deprecated": false }, "0.2": { "digest": "0d0bcfec8fb567aa86271f3e5c45feb16c6091f2c52c32db629117b0bba0e793", "deprecated": false }, "0.3": { "digest": "71213c8536a1e04b36fe2e207ffec099982e78cf7d3ed6a8ecd26440f47cb1c0", "deprecated": false }, "0.4": { "digest": "c613b7b73047d0038fb7c2125bf1839c59b0705f4d6f24a87318bc05e0f5a7e2", "deprecated": false } }, "content": "dHlwZTogbGVha3kKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nyb3dkc2VjLWFwcHNlYycgJiYgZXZ0LkFwcHNlYy5IYXNJbkJhbmRNYXRjaGVzID09IHRydWUgJiYgZXZ0LlBhcnNlZC5hY3Rpb24gaW4gWyJkZW55IiwgImRyb3AiXQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy1hcHBzZWMtaW5iYW5kCmRlc2NyaXB0aW9uOiBJUCBoYXMgdHJpZ2dlcmVkIG11bHRpcGxlcyBJbkJhbmQgQ3Jvd2RTZWMgYXBwc2VjIHJ1bGVzCmJsYWNraG9sZTogMW0KbGVha3NwZWVkOiAzMHMKY2FwYWNpdHk6IDEKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuQXBwc2VjLkdldE5hbWUoKQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAtIGF0dGFjay5UMTE5MAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiVHJpZ2dlcmVkIG11bHRpcGxlIEluQmFuZCBDcm93ZFNlYyBBcHBTZWMgcnVsZXMiCiAgc2VydmljZTogaHR0cAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "IP has triggered multiples InBand CrowdSec appsec rules", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190" ], "confidence": 3, "label": "Triggered multiple InBand CrowdSec AppSec rules", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/crowdsec-appsec-outofband": { "path": "scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml", "version": "0.3", "versions": { "0.1": { "digest": "1e9a7f01a451b2322f1125b0dfba3c5cdd3dca53e69eb38f245a3e25af6952df", "deprecated": false }, "0.2": { "digest": "59393376cbcfb85cd7e609c5fe2c958aa60c519d7ff0ee310f1bab2af01d38e9", "deprecated": false }, "0.3": { "digest": "47b3cd0887f58785c2b6a064f4da46e36a17a6e7d34c4893b0bd8308271fe0be", "deprecated": false } }, "content": "IyBqdXN0IGNvdW50IGRpc3RpbmN0IG51bWJlciBvZiByZXF1ZXN0cyBnZXR0aW5nIGJsb2NrZWQKdHlwZTogbGVha3kKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nyb3dkc2VjLXdhYXAnICYmIGV2dC5BcHBzZWMuSGFzSW5CYW5kTWF0Y2hlcyA9PSBmYWxzZSAmJiBldnQuUGFyc2VkLmFjdGlvbiBpbiBbImRlbnkiLCAiZHJvcCJdCm5hbWU6IGNyb3dkc2VjdXJpdHkvY3Jvd2RzZWMtYXBwc2VjLW91dG9mYmFuZApkZXNjcmlwdGlvbjogSVAgaGFzIHRyaWdnZXJlZCBtb3JlIHRoYW4gNSBDcm93ZFNlYyBPdXQgT2YgQmFuZCBXYWFwIHJ1bGVzCmJsYWNraG9sZTogMm0KbGVha3NwZWVkOiAzMHMKY2FwYWNpdHk6IDUKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgojLS0tCiMgYXQgbGVhc3QgcmVxdWVzdHMgYmxvY2tlZCBvbiAzIGRpc3RpbmN0IFVSSXMKI3R5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQojZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nyb3dkc2VjLXdhYXAnICYmIGV2dC5QYXJzZWQuYWN0aW9uID09ICJkZW55IgojbmFtZTogY3Jvd2RzZWN1cml0eS93YWYtcHJvYmluZwojZGVzY3JpcHRpb246ICJXQUYgcHJvYmluZyIKI2JsYWNraG9sZTogMm0KI2xlYWtzcGVlZDogNjBzCiNjYXBhY2l0eTogNQojZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArIGV2dC5QYXJzZWQudGFyZ2V0X3VyaSIKI2xhYmVsczoKIyAgdHlwZTogZXhwbG9pdAojICByZW1lZGlhdGlvbjogdHJ1ZQojLS0tCiMgIyBhdCBsZWFzdCA1IHJlcXVlc3RzIGJsb2NrZWQgd2l0aCAqKmRpc3RpbmN0KiogSURzCiN0eXBlOiBjb25kaXRpb25hbAojZGVidWc6IHRydWUKI25hbWU6IGNyb3dkc2VjdXJpdHkveHNzLXByb2JpbmcKI2Rlc2NyaXB0aW9uOiBhdCBsZWFzdCA1IGRpZmZlcmVudCBYU1MgcnVsZXMKI2ZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdjcm93ZHNlYy13YWFwJyAmJiBldnQuUGFyc2VkLmFjdGlvbiA9PSAiZGVueSIKI2NvbmRpdGlvbjogbGVuKCBkaXN0aW5jdCggbWVyZ2UoIGFsbChldnQuUXVldWUsIHsgIy5XYWFwLkdldElEcygpfSkgKSApICkgPiA1CiNjb25kaXRpb246IHwKIyAgTG9nSW5mbygiJSt2IiwgRmxhdHRlbkRpc3RpbmN0KCAKIyAgICAgIG1hcCggcXVldWUuUXVldWUsIAojICAgICAgIy5XYWFwLkJ5VGFnUngoIi4qeHNzLioiKS5HZXRSdWxlSURzKCkKIyAgICAgICkgCiMgICAgKSkgJiYKIyAgbGVuKCAKIyAgICBGbGF0dGVuRGlzdGluY3QoIAojICAgICAgbWFwKCBxdWV1ZS5RdWV1ZSwgCiMgICAgICAjLldhYXAuQnlUYWdSeCgiLip4c3MuKiIpLkdldFJ1bGVJRHMoKQojICAgICAgKSAKIyAgICApKSA+IDUKI2NvbmRpdGlvbjogJ0Rpc3RhbmNlKCJhYSIsICJiYiIsICJjYyIsIHsgIy5QYXJzZWQudG90byA9PSAxIH0pJwojY2FwYWNpdHk6IC0xCiNjYWNoZV9zaXplOiAxMDAwCiNsZWFrc3BlZWQ6IDMwcwojZGlzdGluY3Q6IGV2dC5NZXRhLnNvdXJjZV9pcA==", "description": "IP has triggered more than 5 CrowdSec Out Of Band Waap rules", "author": "crowdsecurity", "labels": { "remediation": true, "type": "exploit" } }, "crowdsecurity/dovecot-spam": { "path": "scenarios/crowdsecurity/dovecot-spam.yaml", "version": "0.5", "versions": { "0.1": { "digest": "fc1429f0c8d5b1ba20660ac0725fe0b52bb0382efa746e9bd962d80bdf7c9310", "deprecated": false }, "0.2": { "digest": "e3feff9a377f6b7e72a29910d6ebfee52436163767f876d21b41e2ae2e9618b2", "deprecated": false }, "0.3": { "digest": "c350f1a24a7ff5aed8902691a1bf67b08e963a013dffc3e2500c9db61ad6b62e", "deprecated": false }, "0.4": { "digest": "8c5fd647e5f2ad29620b0dc37c5221a4b6f6a24bf443b55837ebcac290ecf17c", "deprecated": false }, "0.5": { "digest": "8151d0ea27afdabc547503cbcf2f878a7a553479162b1eff2d31fcd77bffb3c4", "deprecated": false } }, "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIGRvdmVjb3QgKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKLSBhbGxvd3MgZmFpbCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGV2ZXJ5IDYgbWludXRlcyB3aXRoIGEgYnVyc3Qgb2YgMwoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IGVycm9ycyBvbiBkb3ZlY290IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2RvdmVjb3RfbG9ncycgJiYgZXZ0Lk1ldGEuZG92ZWNvdF9sb2dpbl9yZXN1bHQgPT0gJ2F1dGhfZmFpbGVkJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAzCmxlYWtzcGVlZDogIjM2MHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJwb3AzL2ltYXA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkRvdmVjb3QgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBkb3ZlY290CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "detect errors on dovecot", "author": "crowdsecurity", "labels": { "behavior": "pop3/imap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Dovecot Bruteforce", "remediation": true, "service": "dovecot", "spoofable": 0 } }, "crowdsecurity/endlessh-bf": { "path": "scenarios/crowdsecurity/endlessh-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "2113a6f5e8e2d675581e93d4bcf546526d0bd22aaa35ecafdd041d95e3f3422d", "deprecated": false }, "0.2": { "digest": "b241bc0364aeed20ee30fb8d2ee2b748b71751592a89c9e86eaf4f6a49a25bcb", "deprecated": false }, "0.3": { "digest": "6291aad0e47390f308dd859747e9044242df3c8f8c526beaae37fbd960e4d8aa", "deprecated": false } }, "content": "IyBlbmRsZXNzaCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZW5kbGVzc2gtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgU1NIIGJydXRlZm9yY2UgY2F1Z2h0IGJ5IEVuZGxlc3NoIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZW5kbGVzc2hfYWNjZXB0JyIKbGVha3NwZWVkOiAiNW0iCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDEyMG0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAic3NoOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJFbmRsZXNzaCBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IGVuZGxlc3NoCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect SSH bruteforce caught by Endlessh", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Endlessh Bruteforce", "remediation": true, "service": "endlessh", "spoofable": 0 } }, "crowdsecurity/exchange-bf": { "path": "scenarios/crowdsecurity/exchange-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "7900671abf67cdc000b2dd68d0da35a0960e07f4ac3505fdd4d78f929c29a238", "deprecated": false }, "0.2": { "digest": "8d67052a1fc4e5b48be549165ed6ea47aebaa154960166828fd8b114a6ba5bd0", "deprecated": false }, "0.3": { "digest": "51d223031a71e4215a9ffe78feec7f855a493f8e00e6e760c15aa38915a98bef", "deprecated": false }, "0.4": { "digest": "1618d565cba5af16afc95581b0ac5f9cc3fabd11d23cc557db7e03dc8d190959", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9leGNoYW5nZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBFeGNoYW5nZSBicnV0ZWZvcmNlIChTTVRQLElNQVAsUE9QMykiCmZpbHRlcjogZXZ0Lk1ldGEuc2VydmljZSA9PSAnZXhjaGFuZ2UnICYmIGV2dC5NZXRhLnN1Yl90eXBlID09ICdhdXRoX2ZhaWwnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAicG9wMy9pbWFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNaWNyb3NvZnQgRXhjaGFuZ2UgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IGV4Y2hhbmdlCg==", "description": "Detect Exchange bruteforce (SMTP,IMAP,POP3)", "author": "crowdsecurity", "labels": { "behavior": "pop3/imap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Microsoft Exchange Bruteforce", "remediation": true, "service": "exchange", "spoofable": 0 } }, "crowdsecurity/exim-bf": { "path": "scenarios/crowdsecurity/exim-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "a5e177acbd8bbc3a6330100dc64aaebc14f5915a1dda3a8115e54f8825227e7b", "deprecated": false }, "0.2": { "digest": "7f3433d01cf835eced84072ce8475e650740aec6300637757a47a4800a4d846e", "deprecated": false }, "0.3": { "digest": "ed16960edefc234b6d1685db4b7cb831fbea29f65115e28ab703c7cb721cb681", "deprecated": false } }, "long_description": "RGV0ZWN0IGJydXRlZm9yY2Ugb24gRXhpbSBtYWlsIHNlcnZlci4KCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSBpcAogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIK", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvZXhpbS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBFeGltIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZXhpbV9mYWlsZWRfYXV0aCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJwb3AzL2ltYXA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkV4aW0gQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IHNtdHAKLS0tCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4aW0tdXNlci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBFeGltIHVzZXIgZW1haWwgYnJ1dGUgZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdleGltX2ZhaWxlZF9hdXRoJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VybmFtZQpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJwb3AzL2ltYXA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkV4aW0gQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IHNtdHAK", "description": "Detect Exim brute force", "author": "crowdsecurity", "labels": { "behavior": "pop3/imap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Exim Bruteforce", "remediation": true, "service": "smtp", "spoofable": 0 } }, "crowdsecurity/exim-spam": { "path": "scenarios/crowdsecurity/exim-spam.yaml", "version": "0.3", "versions": { "0.1": { "digest": "b556e7f5a75118639d28765e93ae858bfa5416b8e73142c5b318bfda8ca1ae6e", "deprecated": false }, "0.2": { "digest": "d679e96623139ba186423cbdc3bdb4d98baf33811321cad0a8d2b6d4895dcc44", "deprecated": false }, "0.3": { "digest": "a7c7435313a9225cb4003f8fb924c3bf19a6fe21c2c69b29814a4d421c63ade7", "deprecated": false } }, "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIEV4aW0gKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9leGltLXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbSBvbiBFeGltIgojZGVidWc6IHRydWUKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NwYW0tYXR0ZW1wdCcgJiYgZXZ0Lk1ldGEuc2VydmljZSA9PSAnZXhpbSciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogMwpsZWFrc3BlZWQ6ICIzNjBzIgpibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJzbXRwOnNwYW0iCiAgbGFiZWw6ICJFeGltIFNwYW0iCiAgcmVtZWRpYXRpb246IHRydWUKICBzZXJ2aWNlOiBzbXRwCg==", "description": "Detect spam on Exim", "author": "crowdsecurity", "labels": { "behavior": "smtp:spam", "confidence": 3, "label": "Exim Spam", "remediation": true, "service": "smtp", "spoofable": 0 } }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "path": "scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml", "version": "0.2", "versions": { "0.1": { "digest": "04def871dad424adf0227232c8b22acab9938901a879dca070b58e2389039326", "deprecated": false }, "0.2": { "digest": "8c8c704906bc05d7b9e40f9d99e3d85d5084fd462d99dea74b0687ab1268eb97", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDIwLTU5MDIgZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKAogICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBtYXRjaGVzIFVwcGVyKCcvdG11aS9sb2dpbi5qc3AvLi47L3RtdWkvW14uXSsuanNwXFw/KGZpbGVOYW1lfGNvbW1hbmR8ZGlyZWN0b3J5UGF0aHx0YWJJZCk9JykKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJy90bXVpL2xvZ2luLmpzcC8lMkUlMkU7L3RtdWkvW14uXSsuanNwXFw/KGZpbGVOYW1lfGNvbW1hbmR8ZGlyZWN0b3J5UGF0aHx0YWJJZCk9JykKICAgICkKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMC01OTAyCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDVkUtMjAyMC01OTAyIgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogZjUK", "description": "Detect cve-2020-5902 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2020-5902" ], "confidence": 3, "label": "CVE-2020-5902", "remediation": true, "service": "f5", "spoofable": 0 } }, "crowdsecurity/fortinet-cve-2018-13379": { "path": "scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml", "version": "0.3", "versions": { "0.1": { "digest": "c966840446a481f46237df14963224a106cd15e8b7c72dc903de1ae098dbb58d", "deprecated": false }, "0.2": { "digest": "a7952444f7fc5d039bc415c5e56baa8243badd1bcc4013e8d8e52bc6c2e1a431", "deprecated": false }, "0.3": { "digest": "719602d5447335d3a176aebfd60b8246a7e166656e278f5b10f557cf3b5a218d", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2ZvcnRpbmV0LWN2ZS0yMDE4LTEzMzc5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGN2ZS0yMDE4LTEzMzc5IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoJy9yZW1vdGUvZmd0X2xhbmc/bGFuZz0vLi4vLi4vLi4vLi4vLy8vLy8vLy8vZGV2L2NtZGIvc3NsdnBuX3dlYnNlc3Npb24nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gY3ZlLkNWRS0yMDE4LTEzMzc5CiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDVkUtMjAxOC0xMzM3OSIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IGZvcnRpbmV0Cg==", "description": "Detect cve-2018-13379 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2018-13379" ], "confidence": 3, "label": "CVE-2018-13379", "remediation": true, "service": "fortinet", "spoofable": 0 } }, "crowdsecurity/freeswitch-acl-reject": { "path": "scenarios/crowdsecurity/freeswitch-acl-reject.yaml", "version": "0.2", "versions": { "0.1": { "digest": "947017331043b3e4c7a600d2bc7e9b40262ffdcd290389ef9cd0b0877a1fe4a7", "deprecated": false }, "0.2": { "digest": "d8cb04c939b4e6e3eb315cd90535b5adec9368dada292602feb184f57a2db20d", "deprecated": false } }, "long_description": "IyMgZnJlZXN3aXRjaCBhY2wgcmVqZWN0CgojIyMgRGVzY3JpcHRpb24KCkZyZWVTV0lUQ0ggaGFzIHRoZSBvcHRpb24gdG8gc2V0IHRydXN0ZWQgQUNMJ3MgdGhpcyB3aWxsIGRldGVjdCB3aGVuIGEgcmVxdWVzdCBpcyByZWplY3RlZCBkdWUgdG8gdGhlIEFDTC4gQW4gSVAgd2lsbCBoYXZlIDE1IGF0dGVtcHRzIGJlZm9yZSBiZWluZyBibG9ja2VkLg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLWFjbC1yZWplY3QKZGVzY3JpcHRpb246ICJEZXRlY3QgZnJlZXN3aXRjaCBhY2wgcmVqZWN0cyIKZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnZnJlZXN3aXRjaCcgJiYgZXZ0Lk1ldGEuc3ViX3R5cGUgPT0gJ2FjbF9yZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiAxNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNWRS0yMDE4LTEzMzc5IgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogZnJlZXN3aXRjaAo=", "description": "Detect freeswitch acl rejects", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190" ], "confidence": 3, "label": "CVE-2018-13379", "remediation": true, "service": "freeswitch", "spoofable": 0 } }, "crowdsecurity/freeswitch-bf": { "path": "scenarios/crowdsecurity/freeswitch-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "de4be679bd6d04d4b06bcd45ce6dad21689f9ffb92c9ddc66a9f3fa50add8300", "deprecated": false }, "0.2": { "digest": "ba040ff32f6d9c6a340276ff6dfa4e8d60f1f9a8e861368e3500d23197c06115", "deprecated": false }, "0.3": { "digest": "adfa04c9a278a4609002a5e1be19f77b7f98f60e5b6a5d5a5d47d4af6201e9fc", "deprecated": false } }, "long_description": "IyMgZnJlZXN3aXRjaCBhdXRoIGJydXRlZm9yY2UKCiMjIyBEZXNjcmlwdGlvbgoKZnJlZVNXSVRDSCBsb2dzIHdoZW4gYW4gYXV0aGVudGljYXRpb24gYXR0ZW1wdCBmYWlscy4gVGhpcyBzY2VuYXJpbyB3aWxsIGRldGVjdCB3aGVuIGFuIElQIGhhcyBtb3JlIHRoYW4gNSBmYWlsZWQgYXR0ZW1wdHMuIFRoZXJlIGlzIGFsc28gYSBzbG93ZXIgc2NlbmFyaW9zIHRvIGRldGVjdCB3aGVuIGFuIElQIGhhcyBtb3JlIHRoYW4gMjAgZmFpbGVkIGF0dGVtcHRzLg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGZyZWVzd2l0Y2ggYXV0aCBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdmcmVlc3dpdGNoJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsdXJlJyIKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IGZyZWVzd2l0Y2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiZ2VuZXJpYzpicnV0ZWZvcmNlIgogIGxhYmVsOiAiRnJlZXN3aXRjaCBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCgotLS0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLXNsb3ctYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZnJlZXN3aXRjaCBhdXRoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2ZyZWVzd2l0Y2gnICYmIGV2dC5NZXRhLnN1Yl90eXBlID09ICdhdXRoX2ZhaWx1cmUnIgpsZWFrc3BlZWQ6ICIxbSIKY2FwYWNpdHk6IDIwCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBmcmVlc3dpdGNoCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkZyZWVzd2l0Y2ggQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect freeswitch auth bruteforce", "author": "crowdsecurity", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Freeswitch Bruteforce", "remediation": true, "service": "freeswitch", "spoofable": 0 } }, "crowdsecurity/freeswitch-user-enumeration": { "path": "scenarios/crowdsecurity/freeswitch-user-enumeration.yaml", "version": "0.4", "versions": { "0.1": { "digest": "826b44367faa41e39a224ffdae5c4e9824d7f1e157dd67d24e97e785c7478922", "deprecated": false }, "0.2": { "digest": "05d37cdecfac483f944e249b358d24f3c7e75292a1b4465d71d3994004e1548d", "deprecated": false }, "0.3": { "digest": "435670ee2f37b2f2d4918e282566c2cd97b6c79e94d488f8052ee351fdd14176", "deprecated": false }, "0.4": { "digest": "ff39e7af21a00ad4b66512a3a2364e2f6578c6f95e770e41edf54dc21c336bc7", "deprecated": false } }, "long_description": "IyMgZnJlZXN3aXRjaCB1c2VyIGVudW1lcmF0aW9uCgojIyMgRGVzY3JpcHRpb24KCkZyZWVTV0lUQ0ggd2lsbCBsb2cgd2hlbiBhbiBhIG5vdCBmb3VuZCB1c2VyLiBUaGlzIHNjZW5hcmlvIHdpbGwgZGV0ZWN0IHdoZW4gYW4gSVAgaGFzIG1vcmUgdGhhbiA1IGF0dGVtcHRzLiBUaGVyZSBpcyBhbHNvIGEgc2xvd2VyIHNjZW5hcmlvcyB0byBkZXRlY3Qgd2hlbiBhbiBJUCBoYXMgbW9yZSB0aGFuIDIwIGF0dGVtcHRzLg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLXVzZXItZW51bWVyYXRpb24KZGVzY3JpcHRpb246ICJEZXRlY3QgZnJlZXN3aXRjaCB1c2VyIGVudW1lcmF0aW9uIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdmcmVlc3dpdGNoJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAndXNlcl9lbnVtZXJhdGlvbiciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBmcmVlc3dpdGNoCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkZyZWVzd2l0Y2ggVXNlciBFbnVtZXJhdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9mcmVlc3dpdGNoLXVzZXItZW51bWVyYXRpb24KZGVzY3JpcHRpb246ICJEZXRlY3QgZnJlZXN3aXRjaCB1c2VyIGVudW1lcmF0aW9uIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdmcmVlc3dpdGNoJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAndXNlcl9lbnVtZXJhdGlvbiciCmxlYWtzcGVlZDogIjFtIgpjYXBhY2l0eTogMjAKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGZyZWVzd2l0Y2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogIGJlaGF2aW9yOiAiZ2VuZXJpYzpicnV0ZWZvcmNlIgogIGxhYmVsOiAiRnJlZXN3aXRjaCBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect freeswitch user enumeration", "author": "crowdsecurity", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1589" ], "confidence": 3, "label": "Freeswitch User Enumeration", "remediation": true, "service": "freeswitch", "spoofable": 0 } }, "crowdsecurity/grafana-cve-2021-43798": { "path": "scenarios/crowdsecurity/grafana-cve-2021-43798.yaml", "version": "0.2", "versions": { "0.1": { "digest": "38e2367afa09fce19313601b205c7ef60ff0dcda0d5a5fbfe162d391998727cf", "deprecated": false }, "0.2": { "digest": "6fbaa53ca18c5826185024bce25c34e850508bf5bde27b90343938766b3a19e1", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBDVkUtMjAyMS00Mzc5OAo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2dyYWZhbmEtY3ZlLTIwMjEtNDM3OTgKZGVzY3JpcHRpb246ICJEZXRlY3QgY3ZlLTIwMjEtNDM3OTggZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgbWF0Y2hlcyAnL1BVQkxJQy9QTFVHSU5TL1teL10rLy4uL1suL10rLycKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgJy9QVUJMSUMvUExVR0lOUy9bXi9dKy8lMkUlMkUvWyUyRS9dKy8nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBzZXJ2aWNlOiBncmFmYW5hCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMS00Mzc5OAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ1ZFLTIwMjEtNDM3OTgiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect cve-2021-43798 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2021-43798" ], "confidence": 3, "label": "CVE-2021-43798", "remediation": true, "service": "grafana", "spoofable": 0 } }, "crowdsecurity/home-assistant-bf": { "path": "scenarios/crowdsecurity/home-assistant-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "7e155354a1558caba3896dc0af3ad311db2e4df90ea20d7809c288fd080b0356", "deprecated": false }, "0.2": { "digest": "fb78b93bb62bf525357967eb64cfbca6ca315cec23288bc4e7e2272a82381770", "deprecated": false }, "0.3": { "digest": "c0062c2ba368d81ed47dcc7fc8ac1b895363f69c4d8489ff40f284ce8d24c0ce", "deprecated": false }, "0.4": { "digest": "bb026beac65c1abe6a18722d69112c93f1ff68cd0b4816cc357c07166d0e07aa", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIEhvbWUgYXNzaXN0YW50IGF1dGhlbnRpY2F0aW9ucy4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBob21lLWFzc2lzdGFudCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2hvbWUtYXNzaXN0YW50LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEhvbWUgQXNzaXN0YW50IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2hvbWUtYXNzaXN0YW50X2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaW90OmJydXRlZm9yY2UiCiAgbGFiZWw6ICJIb21lIEFzc2lzdGFudCBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IGhvbWUtYXNzaXN0YW50CiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Home Assistant bruteforce", "author": "crowdsecurity", "labels": { "behavior": "iot:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Home Assistant Bruteforce", "remediation": true, "service": "home-assistant", "spoofable": 0 } }, "crowdsecurity/http-admin-interface-probing": { "path": "scenarios/crowdsecurity/http-admin-interface-probing.yaml", "version": "0.4", "versions": { "0.1": { "digest": "da30d0a724e7874293e38af9fd0c14b19c1d2c6334c5e480a2de9933c2d6f2d2", "deprecated": false }, "0.2": { "digest": "2844d6e92ee410808eac6d5ad546026423bf404a334a1ef9966f763fccff8a07", "deprecated": false }, "0.3": { "digest": "abcef6c7b98afd73df9ca94a8e8461af5e74f074a6bb46f978109750de64ab55", "deprecated": false }, "0.4": { "digest": "63f3fd06df3aaa0d1b6c6fec359e029d332ddf59b380c61d4e733750df1744b1", "deprecated": false } }, "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1hZG1pbi1pbnRlcmZhY2UtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBnZW5lcmljIEhUVFAgYWRtaW4gaW50ZXJmYWNlIHByb2JpbmciCmZpbHRlcjogfAogIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnIGFuZCAKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddIGFuZCAKICBldnQuTWV0YS5odHRwX3N0YXR1cyBpbiBbJzQwNCcsICc0MDMnXSBhbmQKICBhbnkoRmlsZSgiYWRtaW5faW50ZXJmYWNlcy50eHQiKSwgeyBMb3dlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zICN9KQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6ICJldnQuTWV0YS5odHRwX3BhdGgiCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93ZWIvYWRtaW5faW50ZXJmYWNlcy50eHQKICAgIGRlc3RfZmlsZTogYWRtaW5faW50ZXJmYWNlcy50eHQKICAgIHR5cGU6IHN0cmluZwpjYXBhY2l0eTogNApsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJIVFRQIEFkbWluIEludGVyZmFjZSBQcm9iaW5nIgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect generic HTTP admin interface probing", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "HTTP Admin Interface Probing", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-apiscp-bf": { "path": "scenarios/crowdsecurity/http-apiscp-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "c0dec456fded0c14c7c48a918eb30e1ab35892581adb9263572cfa49fddc908e", "deprecated": false }, "0.2": { "digest": "f6f5ed461e46ff730a57ae5bc2ee9187cdca20d0d5e13114fed8e381e384528b", "deprecated": false }, "0.3": { "digest": "302d872cdb0695b8471e681e9da268e77d6fd0a63dc521929ed103924f37dafe", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIGFwaXNDUCBsb2dpbiBwYWdlICcvYXBwcy9sb2dpbicuCgpsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1Cg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWFwaXNjcC1iZgpkZXNjcmlwdGlvbjogImRldGVjdCBhcGlzQ1AgZGFzaGJvYXJkIGJydXRlZm9yY2UiCmRlYnVnOiBmYWxzZQojIHN1Y2Nlc3MgYXV0aCBvbiBhcGlzQ1AgcmV0dXJucyAzMDMKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0Lk1ldGEuaHR0cF9wYXRoIHN0YXJ0c1dpdGggJy9hcHBzL2xvZ2luJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICcyMDAnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogYXBpc0NQCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogImFwaXNDUCBicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "detect apisCP dashboard bruteforce", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "apisCP bruteforce", "remediation": true, "service": "apisCP", "spoofable": 0 } }, "crowdsecurity/http-backdoors-attempts": { "path": "scenarios/crowdsecurity/http-backdoors-attempts.yaml", "version": "0.6", "versions": { "0.1": { "digest": "2eaba549ef284a36349482aa803b201fa8dcbff0f4d1ab2c5127d6b29806bba1", "deprecated": false }, "0.2": { "digest": "388ec8c8f0679601bafa27fdf57fd414312bb2110bff56ef583bb505a1866d8b", "deprecated": false }, "0.3": { "digest": "9eab7252dba254defcc9f90f38874df9f4f323d75aca0c831b9c9567edf9c00f", "deprecated": false }, "0.4": { "digest": "45241f8074b19ce99d11fc082af5600f6c1833d748659361057947ebbac1a876", "deprecated": false }, "0.5": { "digest": "c87e7add0110e5fb10e62db721ce931f57f5091f9f4fc885e0df8c36234ee53a", "deprecated": false }, "0.6": { "digest": "dd5d8c02fff1fd939471358c61c9861387992f3062208a583839564bf644453b", "deprecated": false } }, "long_description": "RGV0ZWN0IGF0dGVtcHRzIHRvIGFjY2VzcyBjb21tb24gYmFja2Rvb3JzIHN1Y2ggYXMgYzk5LnBocCAuLi4KCiMjIENvbmZpZ3VyYXRpb24KClRoaXMgc2NlbmFyaW8gd2lsbCBiZSB0cmlnZ2VyIGlmIGFuIGF0dGFja2VyIHJlcXVlc3RzIGEgbWluaW11bSBvZiB0d28gZGlmZmVyZW50cyBmaWxlIG9mIFt0aGUgbGlzdF0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL2JhY2tkb29ycy50eHQpLwoKQ29uZmlndXJhdGlvbjoKCmBkaXN0aW5jdGAgOiBgZXZ0LlBhcnNlZC5yZXF1ZXN0YCAoSFRUUCByZXF1ZXN0IFVSSSkKCmBsZWFrc3BlZWRgIDogNSBzZWNvbmRlcwoKYGdyb3VwX2J5YCA6IGBldnQuTWV0YS5zb3VyY2VfaXBgCgoKIyMjIERhdGEKClRoaXMgc2NlbmFyaW8gdXNlIHRoZSBbZm9sbG93aW5nIGxpc3QgYmFja2Rvb3JzLnR4dF0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL2JhY2tkb29ycy50eHQpIGZyb20gW2RhbmllbG1pZXNzbGVyXShodHRwczovL2dpdGh1Yi5jb20vZGFuaWVsbWllc3NsZXIvU2VjTGlzdHMp", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBjb21tb24gYmFja2Rvb3JzIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiYmFja2Rvb3JzLnR4dCIpLCB7IGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQuZmlsZV9uYW1lCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93ZWIvYmFja2Rvb3JzLnR4dAogICAgZGVzdF9maWxlOiBiYWNrZG9vcnMudHh0CiAgICB0eXBlOiBzdHJpbmcKY2FwYWNpdHk6IDEKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiU2Nhbm5pbmcgZm9yIGJhY2tkb29ycyIKICBzZXJ2aWNlOiBodHRwCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect attempt to common backdoors", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595" ], "confidence": 3, "label": "Scanning for backdoors", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-bad-user-agent": { "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml", "version": "1.2", "versions": { "0.1": { "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08", "deprecated": false }, "0.2": { "digest": "524e2465c1bd817b4d54b37ccb4d2457eec1dad789e21690f51e43469545f426", "deprecated": false }, "0.3": { "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2", "deprecated": false }, "0.4": { "digest": "8dd16e9de043f47f026d2e3c1b53ad4bbc6dd8f8aac3adaf26a7f4bd2bb6e6fd", "deprecated": false }, "0.5": { "digest": "93af1e0f77f0ccc62fdb3bd783a777b091a55e21413fc9cb05ba141608f8942b", "deprecated": false }, "0.6": { "digest": "df3408e39840a2f7d11977d555985f93bc49e4b23a7e84e0e63ebe040c1e512d", "deprecated": false }, "0.7": { "digest": "51360ad64c9672e5d3ba9c1786e6fc380c8752871a977a5dddac0d08551aa66a", "deprecated": false }, "0.8": { "digest": "38bc505811135db4788cb7a70199f43a7276f7828b86676fb8b4fc6da62a0adc", "deprecated": false }, "0.9": { "digest": "6142a2394aaa38810c6d5c7258f8011bc4b39f7e2bf4cb6b6d557475bb377328", "deprecated": false }, "1.0": { "digest": "9ad6df04b0516207b0d9df602047fcff02a24028352883be33abde7a603501e4", "deprecated": false }, "1.1": { "digest": "c1b96206d623b9ce9a143b19f4245d3ebb4d971528ce4a09da8a415ab2d7b9b7", "deprecated": false }, "1.2": { "digest": "7ca405d1147762b1f488bc0f13575c5af8081499c8a5c2971d706e8b03493671", "deprecated": false } }, "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCB1c2FnZSBvZiBiYWQgVXNlciBBZ2VudCIKZmlsdGVyOiAnZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSAmJiBSZWdleHBJbkZpbGUoZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQsICJiYWRfdXNlcl9hZ2VudHMucmVnZXgudHh0IiknCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93ZWIvYmFkX3VzZXJfYWdlbnRzLnJlZ2V4LnR4dAogICAgZGVzdF9maWxlOiBiYWRfdXNlcl9hZ2VudHMucmVnZXgudHh0CiAgICB0eXBlOiByZWdleHAKICAgIHN0cmF0ZWd5OiBMUlUKICAgIHNpemU6IDQwCiAgICB0dGw6IDEwcwpjYXBhY2l0eTogMQpsZWFrc3BlZWQ6IDFtCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDEKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJCYWQgVXNlciBBZ2VudCIKICBzZXJ2aWNlOiBodHRwCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect usage of bad User Agent", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 1, "label": "Bad User Agent", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-bf-wordpress_bf": { "path": "scenarios/crowdsecurity/http-bf-wordpress_bf.yaml", "version": "0.7", "versions": { "0.1": { "digest": "628d9988c1f2448f4ffa5a72fe8aec6e1c1eedd8c838447630cce653bf31cbd9", "deprecated": false }, "0.2": { "digest": "f4074942f2454ffeae226219e0807c63262413986a5b07fc939f4b0835e7bef2", "deprecated": false }, "0.3": { "digest": "b313b926ef3c42c125526c707a761efd02d14f1f6ce577ef602709228427f482", "deprecated": false }, "0.4": { "digest": "09f9a5e176da2971ddbdd07522fb64948500f867d78fc77167bcd494bce079a8", "deprecated": false }, "0.5": { "digest": "9baa872c3b85a560952e57a77fd6fc49a5257a45c4296f89577ea6c490c0265f", "deprecated": false }, "0.6": { "digest": "bf093ace6f82eadcd268a9aa4a8452a5fba699ef5397e0af3d3f1475634aa924", "deprecated": false }, "0.7": { "digest": "dbdfb59bf06128765d7370d81b1e1153dab6900b5627cec35aaa67b6ebca7073", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBsb2dpbiBwYWdlICd3cC1sb2dpbi5waHAnLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBXb3JkUHJlc3MgYnJ1dGVmb3JjZSBvbiBhZG1pbiBpbnRlcmZhY2UiCmRlYnVnOiBmYWxzZQojIGZhaWxlZCBhdXRoIG9uIHdwLWxvZ2luLnBocCByZXR1cm5zIDIwMApmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBldnQuUGFyc2VkLmZpbGVfbmFtZSA9PSAnd3AtbG9naW4ucGhwJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICcyMDAnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIldvcmRQcmVzcyBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IHdvcmRwcmVzcwogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect WordPress bruteforce on admin interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "WordPress Bruteforce", "remediation": true, "service": "wordpress", "spoofable": 0 } }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "path": "scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d4a3456d8fc2edb27b895967f79053f649b943f043763369d437d5c55591c402", "deprecated": false }, "0.2": { "digest": "c3da65b418bd36dc8e26aaf7c620f7629c60a65b34115525b9c93e6312d261b2", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBBUEkgJ3htbHJwYy5waHAnLgoKKipXYXJuaW5nKio6IFNvbWUgcGx1Z2luIGhlYXZpbHkgcmVseSBvbiB0aGUgeG1scnBjLCBieSBlbmFibGluZyB0aGlzIHNjZW5hcmlvIHlvdSBjb3VsZCBibG9jayB5b3VyIG93biBzZXJ2ZXIuCkJlIHN1cmUgdG8gY2hlY2sgdGhlIHNvdXJjZSBvZiB0aGUgY2FsbHMgb24gdGhlIFhNTFJQQyBBUEkgYmVmb3JlIGVuYWJsaW5nIHRoaXMuCgpsZWFrc3BlZWQgb2YgMm0sIGNhcGFjaXR5IG9mIDUK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZl94bWxycGMKZGVzY3JpcHRpb246ICJkZXRlY3Qgd29yZHByZXNzIGJydXRlZm9yY2Ugb24geG1scnBjIgpkZWJ1ZzogZmFsc2UKIyBYTUxSUEMgYWx3YXlzIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd4bWxycGMucGhwJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAybQpibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiV1AgWE1MUlBDIGJydXRlZm9yY2UiCiAgc2VydmljZTogd29yZHByZXNzCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "detect wordpress bruteforce on xmlrpc", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "WP XMLRPC bruteforce", "remediation": true, "service": "wordpress", "spoofable": 0 } }, "crowdsecurity/http-crawl-non_statics": { "path": "scenarios/crowdsecurity/http-crawl-non_statics.yaml", "version": "0.7", "versions": { "0.1": { "digest": "86265749b84641e86e7e8ea3c1df53a1cabd1e0e04b6f93853db5d0687913cc7", "deprecated": false }, "0.2": { "digest": "41fb957dfc8e2bb4ae76f2a64a5a25e169e5a0e7e53f42c432e84bec933657ca", "deprecated": false }, "0.3": { "digest": "f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c", "deprecated": false }, "0.4": { "digest": "cd8f8a7a450855ad656b10758589c0d6fa38317ce001f3ae82dc29f0561f7145", "deprecated": false }, "0.5": { "digest": "b7aefdcaae7ec28d61167aacafcc462b88b95317ca980976c435b9e5fde97fb0", "deprecated": false }, "0.6": { "digest": "d37d938cc9d8f135c34c37126020ae8cf0f15ec15aee3e420ef4c74b4198a842", "deprecated": false }, "0.7": { "digest": "9f235ae2116031a2b7a64da1e3ff5356b5f4fb91078de1c78bc30e0edb734dfb", "deprecated": false } }, "long_description": "RGV0ZWN0IGNyYXdsIChodHRwIEdFVC9IRUFEKSBvbiBub24tc3RhdGljIChqcGcsY3NzLGpzLGV0Yy4pIGh0dHAgcGFnZXMgZnJvbSBhIHNpbmdsZSBpcC4KCkxlYWtzcGVlZCBvZiAwLjVzLCBjYXBhY2l0eSBvZiA0MAo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWNyYXdsLW5vbl9zdGF0aWNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgY3Jhd2wgb24gbm9uIHN0YXRpYyByZXNvdXJjZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZScgJiYgZXZ0LlBhcnNlZC52ZXJiIGluIFsnR0VUJywgJ0hFQUQnXSIKZGlzdGluY3Q6ICJldnQuUGFyc2VkLmZpbGVfbmFtZSIKbGVha3NwZWVkOiAwLjVzCmNhcGFjaXR5OiA0MAojZGVidWc6IHRydWUKI3RoaXMgbGltaXRzIHRoZSBtZW1vcnkgY2FjaGUgKGFuZCBldmVudF9zZXF1ZW5jZXMgaW4gb3V0cHV0KSB0byBmaXZlIGV2ZW50cwpjYWNoZV9zaXplOiA1Cmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAgKyAnLycgKyBldnQuUGFyc2VkLnRhcmdldF9mcWRuIgpibGFja2hvbGU6IDFtCmxhYmVsczoKICBjb25maWRlbmNlOiAxCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpjcmF3bCIKICBzZXJ2aWNlOiBodHRwCiAgbGFiZWw6ICJBZ2dyZXNzaXZlIENyYXdsIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect aggressive crawl on non static resources", "author": "crowdsecurity", "labels": { "behavior": "http:crawl", "classification": [ "attack.T1595" ], "confidence": 1, "label": "Aggressive Crawl", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-cve-2021-41773": { "path": "scenarios/crowdsecurity/http-cve-2021-41773.yaml", "version": "0.2", "versions": { "0.1": { "digest": "297eff27011c942a75937838e09c60c80f9dfdbfcb18b358b666777b4d1e89aa", "deprecated": false }, "0.2": { "digest": "3cd742ad69889bee2644daf08c4eef1c14359fdf67e3642542d157e0c1bc0382", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCmRlc2NyaXB0aW9uOiAiY3ZlLTIwMjEtNDE3NzMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8uJTJFLy4lMkUvIgogICAgICBvcgogICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lMkUlMkUvJTJFJTJFIikKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMS00MTc3MwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ1ZFLTIwMjEtNDE3NzMiCiAgc2VydmljZTogYXBhY2hlCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "cve-2021-41773", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2021-41773" ], "confidence": 3, "label": "CVE-2021-41773", "remediation": true, "service": "apache", "spoofable": 0 } }, "crowdsecurity/http-cve-2021-42013": { "path": "scenarios/crowdsecurity/http-cve-2021-42013.yaml", "version": "0.2", "versions": { "0.1": { "digest": "5f7e21b44bc4284dde1cde1610109a06a0c986777f48c2f00e08db9e2f156459", "deprecated": false }, "0.2": { "digest": "0ed92efba1d5146795df08340c91535aee56e9a0e2d650c2496f46ecb977314f", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKI3RoaXMgaXMgZ2V0dGluZyBmdW5ueSwgaXQncyB0aGUgdGhpcmQgcGF0Y2ggb24gdG9wIG9mIGN2ZS0yMDIxLTQxNzczCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUtMjAyMS00MjAxMwpkZXNjcmlwdGlvbjogImN2ZS0yMDIxLTQyMDEzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lJTMyJTY1JSUzMiU2NS8iCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHNlcnZpY2U6IGFwYWNoZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBjdmUuQ1ZFLTIwMjEtNDIwMTMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNWRS0yMDIxLTQyMDEzIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "cve-2021-42013", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2021-42013" ], "confidence": 3, "label": "CVE-2021-42013", "remediation": true, "service": "apache", "spoofable": 0 } }, "crowdsecurity/http-dos-bypass-cache": { "path": "scenarios/crowdsecurity/http-dos-bypass-cache.yaml", "version": "0.5", "versions": { "0.1": { "digest": "0e58abde23b14beae6be2ca1b2bfe58ad980f75c5691b8c0cacf1b2fff4d23bd", "deprecated": false }, "0.2": { "digest": "05d3d10236ceb9b23f3f9355970f9b25583c891e0d0d3cf210dc289240b48f25", "deprecated": false }, "0.3": { "digest": "de4c4f23847193f3ee277ed1836b774773517a4fc41e64a91d2af40dcc611ac2", "deprecated": false }, "0.4": { "digest": "beffaa2a1921fa3ab29122b0bf55a4b648b814771e9e6c5779736fd5f677375d", "deprecated": false }, "0.5": { "digest": "fa8e2326d2d4f3b82d69a04c88a741b7f44dff7756ed2133ee4bfeb0db5d48a5", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0aW5nIERPUyB3aXRoIGNhY2hlIGJ5cGFzcwoKVGhpcyBzY2VuYXJpbyBkZXRlY3RzIERvUyB0b29scyB0aGF0IGlzc3VlIGEgaGlnaCBudW1iZXIgb2YgcmVxdWVzdHMsIHdoaWxlIGF0dGVtcHRpbmcgdG8gYnlwYXNzIGNhY2hlIHJ1bGVzIGJ5IGFwcGVuZGluZyByYW5kb20gbnVtZXJpYyBzdWZmaXguCgpEaXJlY3RseSBpbnNwaXJlZCBieSBzb21lIHNwZWNpZmljIERvUyB0b29scyBUVFAuCgo6d2FybmluZzogVGhpcyBzY2VuYXJpbyBtaWdodCB0cmlnZ2VyIGZhbHNlIHBvc2l0aXZlcywgcHJvcGVyIHRlc3RpbmcgaXMgYWR2aXNlZCA6d2FybmluZzo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWRvcy1ieXBhc3MtY2FjaGUKZGVzY3JpcHRpb246ICJEZXRlY3QgRG9TIHRvb2xzIGJ5cGFzc2luZyBjYWNoZSBldmVyeSByZXF1ZXN0IgojYXMgc2VlbiBpbiBjYy1hdHRhY2sgdG9vbApmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBldnQuTWV0YS5odHRwX2FyZ3NfbGVuICE9ICcnICYmIGludChldnQuTWV0YS5odHRwX2FyZ3NfbGVuKSA+PSA3ICYmIGludChldnQuTWV0YS5odHRwX2FyZ3NfbGVuKSA8PSAxMiAmJiBldnQuUGFyc2VkLmh0dHBfYXJncyBtYXRjaGVzICdeWzAtOV0rJCcgJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZSciCmRpc3RpbmN0OiAiZXZ0LlBhcnNlZC5odHRwX2FyZ3MiCmxlYWtzcGVlZDogMXMKY2FwYWNpdHk6IDMwCiNkZWJ1ZzogdHJ1ZQpjYWNoZV9zaXplOiAxMApncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAyCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTQ5OAogIGJlaGF2aW9yOiAiaHR0cDpkb3MiCiAgbGFiZWw6ICJIVFRQIERPUyB3aXRoIGNhY2hlIGJ5cGFzcyIK", "description": "Detect DoS tools bypassing cache every request", "author": "crowdsecurity", "labels": { "behavior": "http:dos", "classification": [ "attack.T1498" ], "confidence": 2, "label": "HTTP DOS with cache bypass", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-dos-invalid-http-versions": { "path": "scenarios/crowdsecurity/http-dos-invalid-http-versions.yaml", "version": "0.7", "versions": { "0.1": { "digest": "4508b6364d19557247a86c08b6bd8c262295a661c01c183313c38aaeea08fd00", "deprecated": false }, "0.2": { "digest": "7a0fe2257c1e04db49ac1f9c1a882553caa7b787168f574cc28a116e52974b14", "deprecated": false }, "0.3": { "digest": "6ad1c79bf0ca97716b1176a9070a9eaf9e8356d0b5e3c1d7b4652cfa8acf8297", "deprecated": false }, "0.4": { "digest": "2cb7ced10c6122aee759e1c0abec546c23a339337abae98292a9bd4752113887", "deprecated": false }, "0.5": { "digest": "1224a0e02b5994241cba7b299e481dd8a74529826b0c561118aa0d7591bc8a07", "deprecated": false }, "0.6": { "digest": "350ef964a77043809471f12b1a075f098d6879607f424c507185a9b5817e18e6", "deprecated": false }, "0.7": { "digest": "71d9e3b461ae291274f594040a9d2c5abc414f86c9967ec4c7908224355969f8", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0aW5nIERPUyB3aXRoIGludmFsaWQgSFRUUCB2ZXJzaW9ucwoKVGhpcyBzY2VuYXJpbyBkZXRlY3RzIERvUyB0b29scyB0aGF0IGlzc3VlIGEgaGlnaCBudW1iZXIgb2YgcmVxdWVzdHMgd2l0aCBpbnZhbGlkIEhUVFAgdmVyc2lvbnMuCgpEaXJlY3RseSBpbnNwaXJlZCBieSBzb21lIHNwZWNpZmljIERvUyB0b29scyBUVFAuCgo6d2FybmluZzogVGhpcyBzY2VuYXJpbyBtaWdodCB0cmlnZ2VyIGZhbHNlIHBvc2l0aXZlcywgcHJvcGVyIHRlc3RpbmcgaXMgYWR2aXNlZCA6d2FybmluZzo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWRvcy1pbnZhbGlkLWh0dHAtdmVyc2lvbnMKZGVzY3JpcHRpb246ICJEZXRlY3QgRG9TIHRvb2xzIHVzaW5nIGludmFsaWQgSFRUUCB2ZXJzaW9ucyIKI3BhdHRlcm4gc2VlbiBpbiBtaGRkb3MgdG9vbApmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdICYmIGV2dC5QYXJzZWQuaHR0cF92ZXJzaW9uICE9ICIiICYmIGV2dC5QYXJzZWQuaHR0cF92ZXJzaW9uIG5vdCBpbiBbIjAuOSIsICIxLjAiLCAiMS4xIiwgIjIuMCIsICIzLjAiXScgCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDIKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNDk4CiAgYmVoYXZpb3I6ICJodHRwOmRvcyIKICBsYWJlbDogIkhUVFAgRE9TIHdpdGggaW52YWxpZCBIVFRQIHZlcnNpb24iCg==", "description": "Detect DoS tools using invalid HTTP versions", "author": "crowdsecurity", "labels": { "behavior": "http:dos", "classification": [ "attack.T1498" ], "confidence": 2, "label": "HTTP DOS with invalid HTTP version", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-dos-random-uri": { "path": "scenarios/crowdsecurity/http-dos-random-uri.yaml", "version": "0.4", "versions": { "0.1": { "digest": "0fed8a75f88fd41f17498166bc1a60ec9e981ce1b82f0cd840ef52ae4fc71d39", "deprecated": false }, "0.2": { "digest": "f1ed5aefe6fce34ce3253e85b342c3849620e7582e21ea03596121d540e2265b", "deprecated": false }, "0.3": { "digest": "3dbd11fd32c3694ed82b4afe5509d5a4563853b864b0927385c8be6c200ac955", "deprecated": false }, "0.4": { "digest": "5a07d325493252c48cac23f7b806d1a64eebdc2e34c111b7015ac45bae7e89fd", "deprecated": false } }, "long_description": "IyMgSFRUUCBET1MgUmFuZG9tIFVSSQoKClRoaXMgc2NlbmFyaW8gZGV0ZWN0cyBEb1MgdG9vbHMgdGhhdCBpc3N1ZSBhIGhpZ2ggbnVtYmVyIG9mIHJlcXVlc3RzLCB3aGlsZSB2YXJ5aW5nIHRoZSBzdWZmaXggVVJMIHRvIGV2YWRlIHN0YXRpYyBydWxlcy4KCkRpcmVjdGx5IGluc3BpcmVkIGJ5IHNvbWUgc3BlY2lmaWMgRG9TIHRvb2xzIFRUUC4KCjp3YXJuaW5nOiBUaGlzIHNjZW5hcmlvIG1pZ2h0IHRyaWdnZXIgZmFsc2UgcG9zaXRpdmVzLCBwcm9wZXIgdGVzdGluZyBpcyBhZHZpc2VkIDp3YXJuaW5nOgo=", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1kb3MtcmFuZG9tLXVyaQpkZXNjcmlwdGlvbjogIkRldGVjdCBEb1MgdG9vbHMgdXNpbmcgcmFuZG9tIHVyaSIKI3BhdHRlcm4gc2VlbiBpbiBsb2ljIHRvb2wKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gImh0dHBfYWNjZXNzLWxvZyIgJiYKICBldnQuTWV0YS5odHRwX3ZlcmIgPT0gJ0dFVCcgJiYKICBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyAmJgogIFVwcGVyKGV2dC5QYXJzZWQuZmlsZV9mcmFnKSA9PSBldnQuUGFyc2VkLmZpbGVfZnJhZyAmJgogIGxlbihldnQuUGFyc2VkLmZpbGVfZnJhZykgPT0gNiAmJgogIGludChldnQuTWV0YS5odHRwX2FyZ3NfbGVuKSA9PSAwCmNhcGFjaXR5OiAzMApsZWFrc3BlZWQ6IDFzCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDIKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNDk4CiAgYmVoYXZpb3I6ICJodHRwOmRvcyIKICBsYWJlbDogIkhUVFAgRE9TIHZpYSByYW5kb20gVVJJIgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect DoS tools using random uri", "author": "crowdsecurity", "labels": { "behavior": "http:dos", "classification": [ "attack.T1498" ], "confidence": 2, "label": "HTTP DOS via random URI", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-dos-switching-ua": { "path": "scenarios/crowdsecurity/http-dos-switching-ua.yaml", "version": "0.5", "versions": { "0.1": { "digest": "3e0821e088a069ff12b26bfd106c913405b8cda87755438b535bbb803da6d5a1", "deprecated": false }, "0.2": { "digest": "54b1bc5cade329a7b8dd8a4447258b8c0029732759dae3e2632e0f96abc04b36", "deprecated": false }, "0.3": { "digest": "f40b2ff1b0a7351994ec48af5f5c31d66e4e475632e34e3e7c9218fb88b67cb6", "deprecated": false }, "0.4": { "digest": "ce7739941426d9acc3c9d59a6bbf584202c680ce8e09204578a1914136b60fff", "deprecated": false }, "0.5": { "digest": "84a9eb62f0cc1231999dba03a3832b7b828b514736e2a3d1dac5ac0b81c6aa7b", "deprecated": false } }, "long_description": "IyMgSFRUUCBET1MgQ2hhbmdpbmcgVXNlci1BZ2VudAoKVGhpcyBzY2VuYXJpbyBkZXRlY3RzIHNwZWNpZmljIERvUyB0b29scyB0aGF0IGlzc3VlIGEgaGlnaCBudW1iZXIgb2YgcmVxdWVzdHMsIHdoaWxlIGNoYW5naW5nIHRoZSBgVXNlci1BZ2VudGAgZXZlcnkgcmVxdWVzdC4KCkRpcmVjdGx5IGluc3BpcmVkIGJ5IHNvbWUgc3BlY2lmaWMgRG9TIHRvb2xzIFRUUC4KCjp3YXJuaW5nOiBUaGlzIHNjZW5hcmlvIG1pZ2h0IHRyaWdnZXIgZmFsc2UgcG9zaXRpdmVzLCBwcm9wZXIgdGVzdGluZyBpcyBhZHZpc2VkIDp3YXJuaW5nOgo=", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1kb3Mtc3dpdGhjaW5nLXVhCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IERvUyB0b29scyBzd2l0Y2hpbmcgdXNlci1hZ2VudCB0b28gZmFzdCIKI3BhdHRlcm4gc2VlbiBpbiBtaGRkb3MgdG9vbApmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdJwpjYXBhY2l0eTogMTAKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50CmxlYWtzcGVlZDogOHMKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE0OTgKICBiZWhhdmlvcjogImh0dHA6ZG9zIgogIGxhYmVsOiAiSFRUUCBET1Mgd2l0aCB2YXJ5aW5nIFVBIg==", "description": "Detect DoS tools switching user-agent too fast", "author": "crowdsecurity", "labels": { "behavior": "http:dos", "classification": [ "attack.T1498" ], "confidence": 2, "label": "HTTP DOS with varying UA", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-generic-bf": { "path": "scenarios/crowdsecurity/http-generic-bf.yaml", "version": "0.6", "versions": { "0.1": { "digest": "aaaf0209fe77be79d8d61a50e73e5da6807e8f13eb7d9832e705553770f6d376", "deprecated": false }, "0.2": { "digest": "ea9e2e43794d162a6bb6a560b940b7a2c73e55436de6555a96ac2edfadbe5d8d", "deprecated": false }, "0.3": { "digest": "d43fbbc7da0a3427bcb170669b873035defedb470b79125e884e283901e57d2f", "deprecated": false }, "0.4": { "digest": "be339072fbbe0691926e92678c48edd17141fc0f17ac14fd8b08f6a4e4f72748", "deprecated": false }, "0.5": { "digest": "d03fa7fbb3179407f221bc4e11d177422d21e5adcdcf408edf5f8b0ef492741f", "deprecated": false }, "0.6": { "digest": "2154028ae52c65753b6d7391cfb726041818fd0d443628598ac83f6e3732be53", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGh0dHAgYmFzaWMgYXV0aC4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBodHRwIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkhUVFAgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBodHRwCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgR2VuZXJpYyA0MDEgQXV0aG9yaXphdGlvbiBFcnJvcnMKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IExlUHJlc2lkZW50ZS9odHRwLWdlbmVyaWMtNDAxLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdlbmVyaWMgNDAxIEF1dGhvcml6YXRpb24gZXJyb3IgYnJ1dGUgZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCcgJiYgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgPT0gJzQwMSciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJIVFRQIEJydXRlZm9yY2UiCiAgc2VydmljZTogaHR0cAogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIEdlbmVyaWMgNDAzIEZvcmJpZGRlbiAoQXV0aG9yaXphdGlvbikgRXJyb3JzCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBMZVByZXNpZGVudGUvaHR0cC1nZW5lcmljLTQwMy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBnZW5lcmljIDQwMyBGb3JiaWRkZW4gKEF1dGhvcml6YXRpb24pIGVycm9yIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzID09ICc0MDMnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDFtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiSFRUUCBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect generic http brute force", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "HTTP Bruteforce", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-magento-bf": { "path": "scenarios/crowdsecurity/http-magento-bf.yaml", "version": "0.5", "versions": { "0.1": { "digest": "a77e4cb9a813ac8bad557138f3b20abaa67d8210768fcb350fb3efcc58c1dfc1", "deprecated": false }, "0.2": { "digest": "98091fa975da7753f9b52ae6e028f9fef0dc46cb93575533a5a04ba824cda8f0", "deprecated": false }, "0.3": { "digest": "e70c86f1a22879247fb6085ca2e6949a3163f92fd33c803ce7f89f0586324a00", "deprecated": false }, "0.4": { "digest": "54d2aacd11db557b3a49a99a320e8894050dc6fbc004f5a28207b6ddfb4afa0e", "deprecated": false }, "0.5": { "digest": "b20922d5eb39f7a7f93a3e55721da80cd48e8a0a074d182ca62c459f78e6f171", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIE1hZ2VudG8gQWRtaW4gcGFnZS4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUKCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tYmYKZGVidWc6IGZhbHNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJydXRlZm9yY2Ugb24gTWFnZW50byBhZG1pbiBpbnRlcmZhY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdBRE1JTl9MT0dJTl9GQUlMRUQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogbWFnZW50bwogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNYWdlbnRvIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect bruteforce on Magento admin interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Magento Bruteforce", "remediation": true, "service": "magento", "spoofable": 0 } }, "crowdsecurity/http-magento-ccs": { "path": "scenarios/crowdsecurity/http-magento-ccs.yaml", "version": "0.3", "versions": { "0.1": { "digest": "bf2bc42b888e36b62144129dd2d61e7b1aac6a4d1926c3ebbfe8453d15c3f6f3", "deprecated": false }, "0.2": { "digest": "07dc5f21d5c4bcf6863c3ce57c4490a8a74c13d2c11ff32e73e419b768478468", "deprecated": false }, "0.3": { "digest": "a390e04333ce744c7f3cb00ac3d7e72333c40f4f1407c87116244fc0a2a0ca86", "deprecated": false } }, "long_description": "RGV0ZWN0cyBjcmVkaXQgY2FyZCBzdHVmZmluZyBvbiBNYWdlbnRvIHdlYnNpdGUuCgpNb3JlIHRoYW4gMyBwYXltZW50cyBmYWlsZWQgZnJvbSBhIHNhbWUgSVAgaW4gbGVzcyB0aGFuIDMwIHNlY29uZGVzIHdpbGwgdHJpZ2dlciB0aGlzIHNjZW5hcmlvLgo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzCmRlYnVnOiBmYWxzZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjcmVkaXQgY2FyZCBzdHVmZmluZyBmcm9tIGEgc2luZ2xlIElQIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnUEFZTUVOVF9GQUlMRUQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDMKbGVha3NwZWVkOiAzMHMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwLjAwNAogIGNvbmZpZGVuY2U6IDIKICBzcG9vZmFibGU6IDAKICBzZXJ2aWNlOiBtYWdlbnRvCiAgYmVoYXZpb3I6ICJlY29tbWVyY2U6ZnJhdWQiCiAgbGFiZWw6ICJNYWdlbnRvIENyZWRpdCBDYXJkIFN0dWZmaW5nIgo=", "description": "Detect credit card stuffing from a single IP", "author": "crowdsecurity", "labels": { "behavior": "ecommerce:fraud", "classification": [ "attack.T1110.004" ], "confidence": 2, "label": "Magento Credit Card Stuffing", "remediation": true, "service": "magento", "spoofable": 0 } }, "crowdsecurity/http-magento-ccs-by-as": { "path": "scenarios/crowdsecurity/http-magento-ccs-by-as.yaml", "version": "0.3", "versions": { "0.1": { "digest": "6e585961ae092036eb9a506c311d331c3cbd59eccdf642cae86b424c39ad730a", "deprecated": false }, "0.2": { "digest": "f65c1ddfabf04040ce288ff53a5d63db45e0db5995d43c86bd868243e3d3c099", "deprecated": false }, "0.3": { "digest": "e77332ad52bff93a640417fa59b9762979421828ac32484df886af68208dc335", "deprecated": false } }, "long_description": "RGV0ZWN0cyBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBieSBBUyBvbiBNYWdlbnRvIHdlYnNpdGUuCgoKTW9yZSB0aGFuIDEwIHBheW1lbnRzIGZhaWxlZCBpbiB0aGUgc2FtZSBBUyBpbiBsZXNzIHRoYW4gMzBzZWNvbmRlcyB3aWxsIHRyaWdnZXIgdGhpcyBzY2VuYXJpby4K", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWFzCmRlYnVnOiBmYWxzZQpkZXNjcmlwdGlvbjogIkRldGVjdCBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBmcm9tIHNhbWUgQVMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdQQVlNRU5UX0ZBSUxFRCcgYW5kIGV2dC5NZXRhLkFTTk51bWJlciAhPSAnJyAiCmdyb3VwYnk6IGV2dC5NZXRhLkFTTk51bWJlcgpkaXN0aW5jdDogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAxMApsZWFrc3BlZWQ6IDMwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAuMDA0CiAgY29uZmlkZW5jZTogMQogIHNwb29mYWJsZTogMwogIHNlcnZpY2U6IG1hZ2VudG8KICBiZWhhdmlvcjogImVjb21tZXJjZTpmcmF1ZCIKICBsYWJlbDogIk1hZ2VudG8gQ3JlZGl0IENhcmQgU3R1ZmZpbmcgQnkgQVMiCg==", "description": "Detect distributed credit card stuffing from same AS", "author": "crowdsecurity", "labels": { "behavior": "ecommerce:fraud", "classification": [ "attack.T1110.004" ], "confidence": 1, "label": "Magento Credit Card Stuffing By AS", "remediation": true, "service": "magento", "spoofable": 3 } }, "crowdsecurity/http-magento-ccs-by-country": { "path": "scenarios/crowdsecurity/http-magento-ccs-by-country.yaml", "version": "0.3", "versions": { "0.1": { "digest": "be8ae3f56024ef1be29104fa72a84e0178b2330f2e873b170cef782b1d3d6bc0", "deprecated": false }, "0.2": { "digest": "fa29d5fb5f1f420753717485319e5c85fe39c977b5525ccc895a7b24f15a598c", "deprecated": false }, "0.3": { "digest": "f4ff753638b54a01a2f455acc045e6229f62c6ce5d5751c8d1815b62f3161521", "deprecated": false } }, "long_description": "RGV0ZWN0cyBkaXN0cmlidXRlZCBjcmVkaXQgY2FyZCBzdHVmZmluZyBieSBjb3VudHJ5IG9uIE1hZ2VudG8gd2Vic2l0ZS4KCk1vcmUgdGhhbiAxMCBwYXltZW50cyBmYWlsZWQgaW4gdGhlIHNhbWUgY291bnRyeSBpbiBsZXNzIHRoYW4gMzBzZWNvbmRlcyB3aWxsIHRyaWdnZXIgdGhpcyBzY2VuYXJpby4KCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLW1hZ2VudG8tY2NzLWJ5LWNvdW50cnkKZGVidWc6IGZhbHNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGRpc3RyaWJ1dGVkIGNyZWRpdCBjYXJkIHN0dWZmaW5nIGZyb20gc2FtZSBjb3VudHJ5IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnUEFZTUVOVF9GQUlMRUQnIGFuZCBldnQuTWV0YS5Jc29Db2RlICE9ICcnICIKZ3JvdXBieTogZXZ0Lk1ldGEuSXNvQ29kZQpkaXN0aW5jdDogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAxMApsZWFrc3BlZWQ6IDMwcwpibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAuMDA0CiAgY29uZmlkZW5jZTogMQogIHNwb29mYWJsZTogMwogIHNlcnZpY2U6IG1hZ2VudG8KICBiZWhhdmlvcjogImVjb21tZXJjZTpmcmF1ZCIKICBsYWJlbDogIk1hZ2VudG8gQ3JlZGl0IENhcmQgU3R1ZmZpbmcgQnkgQ291bnRyeSIK", "description": "Detect distributed credit card stuffing from same country", "author": "crowdsecurity", "labels": { "behavior": "ecommerce:fraud", "classification": [ "attack.T1110.004" ], "confidence": 1, "label": "Magento Credit Card Stuffing By Country", "remediation": true, "service": "magento", "spoofable": 3 } }, "crowdsecurity/http-open-proxy": { "path": "scenarios/crowdsecurity/http-open-proxy.yaml", "version": "0.5", "versions": { "0.1": { "digest": "994b9d17d915f47f4ee5f10b2d8b9b7c72b5c93e64f75f3dc1313bf3b5c2613f", "deprecated": false }, "0.2": { "digest": "1c3b55ed813bbac8f8c0d9067d0ae3b7d6fe6b1d437d57ac4c3288c1f38b5ea2", "deprecated": false }, "0.3": { "digest": "e6629c2cdb8f06a1f10561079d926ae42b8d90f680541bb30355714675f0412a", "deprecated": false }, "0.4": { "digest": "5f808fac4a5cfe22723d2b588b23a72cb523796f689c9f53582ed41e0b7cbb45", "deprecated": false }, "0.5": { "digest": "63b8b494f9d7be6134c7e19c0c7b0a95d35b87548ae0ccfbc5abb0a44034b5d7", "deprecated": false } }, "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW55IElQIG1ha2luZyBhIGBDT05ORUNUYCBIVFRQIHJlcXVlc3Qgd2hpY2ggcmV0dXJucyBhIDQwMCBzdGF0dXMgY29kZS4KVGhpcyBpcyBhIHRyaWdnZXIgYnVja2V0LCBzbyBvbmx5IG9uZSByZXF1ZXN0IGlzIGVub3VnaCB0byB0cmlnZ2VyIHRoZSBzY2VuYXJpby4=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtb3Blbi1wcm94eQpkZXNjcmlwdGlvbjogIkRldGVjdCBzY2FuIGZvciBvcGVuIHByb3h5IgojYXBhY2hlIHJldHVybnMgNDA1LCBuZ2lueCA0MDAKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDAnLCc0MDUnXSAmJiAoZXZ0LlBhcnNlZC52ZXJiID09ICdDT05ORUNUJyB8fCBldnQuUGFyc2VkLnJlcXVlc3QgbWF0Y2hlcyAnXmh0dHBbc10/Oi8vJykiCmJsYWNraG9sZTogMm0KZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpzY2FuIgogIGxhYmVsOiAiSFRUUCBPcGVuIFByb3h5IFByb2JpbmciCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwo=", "description": "Detect scan for open proxy", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "HTTP Open Proxy Probing", "remediation": true, "service": "http", "spoofable": 0, "type": "scan" } }, "crowdsecurity/http-path-traversal-probing": { "path": "scenarios/crowdsecurity/http-path-traversal-probing.yaml", "version": "0.4", "versions": { "0.1": { "digest": "3f00b0aa00448549a0a9635fdd86d8135503078c7087c1f5e4af11d49e7c2ee1", "deprecated": false }, "0.2": { "digest": "b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499", "deprecated": false }, "0.3": { "digest": "ae515cb83575c4f1e82ed1011d3b2ea9f9c86077fa6f59f28aa5d235b481adbe", "deprecated": false }, "0.4": { "digest": "9d1b1e29018434aff77cec852ce7d0444e37b893995bd9bf46e7595f53ac5e6a", "deprecated": false } }, "long_description": "VGhlIGh0dHAgcGF0aCB0cmF2ZXJzYWwgcHJvYmluZyBzY2VuYXJpbyBhaW1zIGF0IGRldGVjdGluZywgd2l0aCB2ZXJ5IGxpdHRsZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLCBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nIGF0dGVtcHRzLgoKUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHMgd2lsbCBiZSBkZXRlY3RlZCB3aXRoIHRoZSBwcmVzZW5jZSBvZiBzcGVjaWZpYyBwYXRoIG1hbmlwdWxhdGlvbiBwYXR0ZXJucyBpbiB0aGUgVVJJIG9yIHRoZSBgR0VUYCBwYXJhbWV0ZXIgc3VjaCBhcyBgLi4vYCAsIGAlMkZldGMlMkZwYXNzd2RgIC4uLgoKOndhcm5pbmc6IFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4=", "content": "IyBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtcGF0aC10cmF2ZXJzYWwtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBwYXRoIHRyYXZlcnNhbCBhdHRlbXB0IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCdodHRwX3BhdGhfdHJhdmVyc2FsLnR4dCcpLHtldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgI30pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3BhdGhfdHJhdmVyc2FsLnR4dAogICAgZGVzdF9maWxlOiBodHRwX3BhdGhfdHJhdmVyc2FsLnR4dAogICAgdHlwZTogc3RyaW5nCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMwpyZXByb2Nlc3M6IHRydWUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1LjAwMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiSFRUUCBQYXRoIFRyYXZlcnNhbCBFeHBsb2l0IgogIHNlcnZpY2U6IGh0dHAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCg==", "description": "Detect path traversal attempt", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595.002" ], "confidence": 3, "label": "HTTP Path Traversal Exploit", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-probing": { "path": "scenarios/crowdsecurity/http-probing.yaml", "version": "0.4", "versions": { "0.1": { "digest": "580a3bcbb3756b8da7717c88708305791f39ef17c1e5c3041a1dd54b7293f57a", "deprecated": false }, "0.2": { "digest": "c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25", "deprecated": false }, "0.3": { "digest": "983c356924b6e01f709b3c2d901ceb4e4ce1abe6e840048558f2824a4c4a6719", "deprecated": false }, "0.4": { "digest": "4b16f896af400e006c28b1476bf5989c748186f2b3756ed9ad7d1559480d278c", "deprecated": false } }, "long_description": "VGFrZSByZW1lZGlhdGlvbiBhZ2FpbnN0IGEgc2luZ2xlIElQIHRoYXQgcmVxdWlyZXMgbXVsdGlwbGUgZGlmZmVyZW50IChodHRwIHBhdGgpIHBhZ2VzIHRoYXQgZW5kIHVwIGluIDQwNC80MDMvNDAwLgoKTGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMTAuCg==", "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgc2l0ZSBzY2FubmluZy9wcm9iaW5nIGZyb20gYSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMycsICc0MDAnXSAmJiBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArICcvJyArIGV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMTAKcmVwcm9jZXNzOiB0cnVlCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJIVFRQIFByb2JpbmciCiAgc3Bvb2ZhYmxlOiAwCiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDEK", "description": "Detect site scanning/probing from a single ip", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 1, "label": "HTTP Probing", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-sensitive-files": { "path": "scenarios/crowdsecurity/http-sensitive-files.yaml", "version": "0.4", "versions": { "0.1": { "digest": "9ed53c09709b6e9f11b52e204c8155e9a6b9db9de25686c6b1909a9c59740c5f", "deprecated": false }, "0.2": { "digest": "3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555", "deprecated": false }, "0.3": { "digest": "575087fce9fdb9351075bf563a6062fb3c5a9b35ab6844d0b2d4cc492f3497dd", "deprecated": false }, "0.4": { "digest": "cb798582ed9a3bd090d47234bef4ca2169982c44e356e88f101ec6b6a8424676", "deprecated": false } }, "long_description": "IyBIVFRQIFNlbnNpdGl2ZSBmaWxlcwoKRGV0ZWN0IHRlbnRhdGl2ZSBvZiBkYW5nZXJvdXMgZmlsZSBzY2FubmluZyBzdWNoIGFzIGxvZ3MgZmlsZSwgZGF0YWJhc2UgYmFja3VwLCB6aXAgYXJjaGl2ZSBldGMgLi4uCgojIyMgUnVsZQpNb3JlIHRoYW4gMyBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzIGluIFt0aGlzIGxpc3RdKGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L3dlYi9zZW5zaXRpdmVfZGF0YS50eHQp", "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzICgubG9nLCAuZGIgLi4pIG9yIGZvbGRlcnMgKC5naXQpIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgic2Vuc2l0aXZlX2RhdGEudHh0IiksIHsgZXZ0LlBhcnNlZC5yZXF1ZXN0IGVuZHNXaXRoICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQucmVxdWVzdApkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3NlbnNpdGl2ZV9kYXRhLnR4dAogICAgZGVzdF9maWxlOiBzZW5zaXRpdmVfZGF0YS50eHQKICAgIHR5cGU6IHN0cmluZwpjYXBhY2l0eTogNApsZWFrc3BlZWQ6IDVzCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDMKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIkFjY2VzcyB0byBzZW5zaXRpdmUgZmlsZXMgb3ZlciBIVFRQIgogIHNwb29mYWJsZTogMAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCg==", "description": "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595.003" ], "confidence": 3, "label": "Access to sensitive files over HTTP", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-sqli-probing": { "path": "scenarios/crowdsecurity/http-sqli-probing.yaml", "version": "0.4", "versions": { "0.1": { "digest": "f3388a2016f9a7fc48a31a357b21c8e65093b8031fc7b120ee2f020de16be246", "deprecated": false }, "0.2": { "digest": "87683f8a569090e52fbcc6ca2ffe139658950d6a05f9d611fd13e90ab875cdb1", "deprecated": false }, "0.3": { "digest": "5d3674a78d0dfb87d8f086f72830c61954575599883244cf23d5876954e9600c", "deprecated": false }, "0.4": { "digest": "3dd093d823feba47a79142da4e43aab0a1249acf749c15a419f4e25f8d5bc0a2", "deprecated": false } }, "long_description": "VGhlIGh0dHAgc3FsaSBwcm9iaW5nIHNjZW5hcmlvIGFpbXMgYXQgZGV0ZWN0aW5nLCB3aXRoIHZlcnkgbGl0dGxlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMsIFNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cy4KClNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFNRTC1yZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3NxbGlfcHJvYmVfcGF0dGVybnMudHh0KSBpcyBwaWNrZWQgc3BlY2lmaWNhbGx5IHRvIGxpbWl0IGZhbHNlIHBvc2l0aXZlcy4KRnVydGhlcm1vcmUsIGEgYGRpc3RpbmN0YCBkaXJlY3RpdmUgaXMgcHJlc2VudCBvbiB0aGUgZ2V0IHBhcmFtZXRlcnMgdGhlbXNlbHZlcyB0byByZWR1Y2UgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcy4KCllvdSBjYW4gdGVzdCB0aGUgYmVoYXZpb3Igb2YgdGhlIHNjZW5hcmlvIGJ5IGxhdW5jaGluZyB0aGUgZXhjZWxsZW50IFtzcWxtYXBdKGh0dHBzOi8vc3FsbWFwLm9yZykgb24gb25lIG9mIHlvdXIgcGFnZXMuCgoqKldBUk5JTkcqKiBUaGlzIHNjZW5hcmlvIGlzIF9ub3RfIGEgV0FGLCBhbmQgdGhpcyBzY2VuYXJpbyBkb2VzIF9ub3RfIGFpbXMgYXQgcmVwbGFjaW5nIGEgV0FGLiBBIG1vdGl2YXRlZCBhdHRhY2tlciB3aXRoIGtub3dsZWRnZSBvZiBjcm93ZHNlYyB3aWxsIGJlIGFibGUgdG8gYnlwYXNzIGl0LiBJdCBpcyBtb3N0bHkgbWVhbnQgdG8gYmUgYSB3YXkgdG8gZGV0ZWN0IGdlbmVyaWMgU1FMIGluamVjdGlvbiBwcm9iaW5nIHN1Y2ggYXMgcGVyZm9ybWVkIGJ5IG9wZW4tc291cmNlIG9yIGNvbW1lcmNpYWwgc2Nhbm5lcnMuCgo=", "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iYmluZy1kZXRlY3Rpb24KZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vaHViLWRhdGEuY3Jvd2RzZWMubmV0L3dlYi9zcWxpX3Byb2JlX3BhdHRlcm5zLnR4dAogICAgZGVzdF9maWxlOiBzcWxpX3Byb2JlX3BhdHRlcm5zLnR4dAogICAgdHlwZTogc3RyaW5nCmRlc2NyaXB0aW9uOiAiQSBzY2VuYXJpbyB0aGF0IGRldGVjdHMgU1FMIGluamVjdGlvbiBwcm9iaW5nIHdpdGggbWluaW1hbCBmYWxzZSBwb3NpdGl2ZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgYW55KEZpbGUoJ3NxbGlfcHJvYmVfcGF0dGVybnMudHh0JyksIHtVcHBlcihldnQuUGFyc2VkLmh0dHBfYXJncykgY29udGFpbnMgVXBwZXIoIyl9KSIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiAxMApsZWFrc3BlZWQ6IDFzCmJsYWNraG9sZTogNW0KI2xvdyBmYWxzZSBwb3NpdGl2ZXMgYXBwcm9hY2ggOiB3ZSByZXF1aXJlIGRpc3RpbmN0IHBheWxvYWRzIHRvIGF2b2lkIGZhbHNlIHBvc2l0aXZlcwpkaXN0aW5jdDogZXZ0LlBhcnNlZC5odHRwX2FyZ3MKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDIKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlNRTCBJbmplY3Rpb24gQXR0ZW1wdCIKICBzcG9vZmFibGU6IDAKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwo=", "description": "A scenario that detects SQL injection probing with minimal false positives", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595.002" ], "confidence": 3, "label": "SQL Injection Attempt", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/http-wordpress-scan": { "path": "scenarios/crowdsecurity/http-wordpress-scan.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f73967711f383b190419ea877b9d45a7583591b70e81df5d0a84540a1f4367eb", "deprecated": false }, "0.2": { "digest": "ee042ac369de1856142e19b4cdd05741644115191acbc8d54b99eb704b9aff97", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzcy1zY2FuCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFdvcmRQcmVzcyBzY2FuOiB2dWxuIGh1bnRpbmciCmZpbHRlcjogfAogIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnIGFuZCAKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddIGFuZCAKICBldnQuTWV0YS5odHRwX3N0YXR1cyBpbiBbJzQwNCcsICc0MDMnXSBhbmQKICBMb3dlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zICIvd3AtIiBhbmQKICBMb3dlcihldnQuTWV0YS5odHRwX3BhdGgpIGVuZHNXaXRoICIucGhwIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLmh0dHBfcGF0aApjYXBhY2l0eTogMwpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpzY2FuIgogIGxhYmVsOiAiV29yZFByZXNzIFZ1bG4gSHVudGluZyIKICBzcG9vZmFibGU6IDAKICBzZXJ2aWNlOiB3b3JkcHJlc3MKICBjb25maWRlbmNlOiAzCg==", "description": "Detect WordPress scan: vuln hunting", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "WordPress Vuln Hunting", "remediation": true, "service": "wordpress", "spoofable": 0 } }, "crowdsecurity/http-wordpress_user-enum": { "path": "scenarios/crowdsecurity/http-wordpress_user-enum.yaml", "version": "0.3", "versions": { "0.1": { "digest": "b3d23b71ecb4434773e907675a1c117a97acaeeb18a9d57062bded417f18b646", "deprecated": false }, "0.2": { "digest": "681c3829aefbbd4bf347ea85d62b4445012b276368d729114aa27bc380c801ab", "deprecated": false }, "0.3": { "digest": "5ff256c204b5103c73b2d1b866884662531723767ec027e0d8305298fcbb1344", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwcm9iaW5nIHRvIGVudW1lcmF0ZSB3b3JkcHJlc3MgYXV0aG9ycyA6IGAvP2F1dGhvcj1YWGAKCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUKCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc191c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgV29yZFByZXNzIHByb2Jpbmc6IGF1dGhvcnMgZW51bWVyYXRpb24iCmRlYnVnOiBmYWxzZQpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBVcHBlcihldnQuUGFyc2VkLmh0dHBfYXJncykgY29udGFpbnMgJ0FVVEhPUj0nIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogICAgLSBhdHRhY2suVDE1OTUKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIldvcmRQcmVzcyBVc2VyIEVudW1lcmF0aW9uIgogIHNwb29mYWJsZTogMAogIHNlcnZpY2U6IHdvcmRwcmVzcwogIGNvbmZpZGVuY2U6IDMK", "description": "Detect WordPress probing: authors enumeration", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1589", "attack.T1110", "attack.T1595" ], "confidence": 3, "label": "WordPress User Enumeration", "remediation": true, "service": "wordpress", "spoofable": 0 } }, "crowdsecurity/http-wordpress_wpconfig": { "path": "scenarios/crowdsecurity/http-wordpress_wpconfig.yaml", "version": "0.3", "versions": { "0.1": { "digest": "ff3876c1f9828052ba633264920100aa49402ab3e41a9cb73d28853d248a6d98", "deprecated": false }, "0.2": { "digest": "0d45562d1540796a109c8e986f2d0c79ce312f0d7547134ac449cf24c5934cb5", "deprecated": false }, "0.3": { "digest": "d9544672ddf4808450ce95dfbd9f5e9bd470c08d14c3571a4e38ab5135a5bec9", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwcm9iaW5nIHRvIGZpbmQgYWx0ZXJuYXRlIHdwLWNvbmZpZyBmaWxlLCBzdWNoIGFzIGRvbmUgYnkgd3BzY2FuLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzc193cGNvbmZpZwpkZXNjcmlwdGlvbjogIkRldGVjdCBXb3JkUHJlc3MgcHJvYmluZzogdmFyaWF0aW9ucyBhcm91bmQgd3AtY29uZmlnLnBocCBieSB3cHNjYW4iCmRlYnVnOiBmYWxzZQpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBldnQuUGFyc2VkLmZpbGVfbmFtZSBjb250YWlucyAnd3AtY29uZmlnLnBocCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5maWxlX25hbWUKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIkFjY2VzcyB0byBXb3JkUHJlc3Mgd3AtY29uZmlnLnBocCIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgc2VydmljZTogd29yZHByZXNzCg==", "description": "Detect WordPress probing: variations around wp-config.php by wpscan", "author": "crowdsecurity", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "Access to WordPress wp-config.php", "remediation": true, "service": "wordpress", "spoofable": 0 } }, "crowdsecurity/http-xss-probing": { "path": "scenarios/crowdsecurity/http-xss-probing.yaml", "version": "0.4", "versions": { "0.1": { "digest": "8d6f0d6f9dc48f8f5ad561a2cdb315e499539b3575f259e0d6cf5850ef1efc9e", "deprecated": false }, "0.2": { "digest": "1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076", "deprecated": false }, "0.3": { "digest": "c16d275e5e3bedd452be87f48aa52c6e8250211e8c205e96d653c8cc9032c44f", "deprecated": false }, "0.4": { "digest": "bc9a433be5dd82c03b92f7de826bd1bbc40649807ce1e2143607f924fcbb2d8e", "deprecated": false } }, "long_description": "VGhlIGh0dHAgWFNTIHByb2Jpbmcgc2NlbmFyaW8gYWltcyBhdCBkZXRlY3RpbmcsIHdpdGggdmVyeSBsaXR0bGUgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcywgWFNTIHByb2JpbmcgYXR0ZW1wdHMuCgpYU1MgcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFhTUyByZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3hzc19wcm9iZV9wYXR0ZXJucy50eHQpIGlzIHBpY2tlZCBzcGVjaWZpY2FsbHkgdG8gbGltaXQgZmFsc2UgcG9zaXRpdmVzLgpGdXJ0aGVybW9yZSwgYSBgZGlzdGluY3RgIGRpcmVjdGl2ZSBpcyBwcmVzZW50IG9uIHRoZSBnZXQgcGFyYW1ldGVycyB0aGVtc2VsdmVzIHRvIHJlZHVjZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLgoKCioqV0FSTklORyoqIFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYsIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEEgbW90aXZhdGVkIGF0dGFja2VyIHdpdGgga25vd2xlZGdlIG9mIGNyb3dkc2VjIHdpbGwgYmUgYWJsZSB0byBieXBhc3MgaXQuIEl0IGlzIG1vc3RseSBtZWFudCB0byBiZSBhIHdheSB0byBkZXRlY3QgZ2VuZXJpYyBYU1MgcHJvYmluZy4K", "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JiaW5nCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93ZWIveHNzX3Byb2JlX3BhdHRlcm5zLnR4dAogICAgZGVzdF9maWxlOiB4c3NfcHJvYmVfcGF0dGVybnMudHh0CiAgICB0eXBlOiBzdHJpbmcKZGVzY3JpcHRpb246ICJBIHNjZW5hcmlvIHRoYXQgZGV0ZWN0cyBYU1MgcHJvYmluZyB3aXRoIG1pbmltYWwgZmFsc2UgcG9zaXRpdmVzIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCd4c3NfcHJvYmVfcGF0dGVybnMudHh0JyksIHtVcHBlcihldnQuUGFyc2VkLmh0dHBfYXJncykgY29udGFpbnMgVXBwZXIoIyl9KSIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogMXMKYmxhY2tob2xlOiA1bQojbG93IGZhbHNlIHBvc2l0aXZlcyBhcHByb2FjaCA6IHdlIHJlcXVpcmUgZGlzdGluY3QgcGF5bG9hZHMgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1LjAwMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiWFNTIEF0dGVtcHQiCiAgc3Bvb2ZhYmxlOiAwCiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMK", "description": "A scenario that detects XSS probing with minimal false positives", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595.002" ], "confidence": 3, "label": "XSS Attempt", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/impossible-travel": { "path": "scenarios/crowdsecurity/impossible-travel.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9f25e866bd1bd232b68e9533cf60d85cd852bac91ec325978e3e9ebd81b4c3f7", "deprecated": false } }, "long_description": "R2VuZXJpYyBpbXBsZW1lbnRhdGlvbiBvZiBpbXBvc3NpYmxlIHRyYXZlbCB0byBkZXRlY3QgdXNlcnMgbG9nZ2luZyBpbiBmcm9tIHR3byBkaWZmZXJlbnQgbG9jYXRpb25zIGluIGEgc2hvcnQgcGVyaW9kIG9mIHRpbWUuIElmIHlvdSB3aXNoIHdyaXRlIGEgcGFyc2VyIHRvIGZhbGwgaW50byB0aGlzIGdlbmVyaWMgYnVja2V0IHlvdSBtdXN0IHNldCB0aGUgZm9sbG93aW5nIGF0dHJpYnV0ZXMgb24gdGhlIGBtZXRhYCBvYmplY3Q6CgotIGBsb2dfdHlwZWA6IGBhdXRoX3N1Y2Nlc3NgCi0gYHNvdXJjZV9pcGA6IHRoZSBJUCBhZGRyZXNzCi0gYHVzZXJgOiB0aGUgdXNlciB0aGF0IGxvZ2dlZCBpbgotIGBzZXJ2aWNlYDogdGhlIHNlcnZpY2UgdGhlIHVzZXIgbG9nZ2VkIGluIHRvIEVHIGBzc2hgCgpJdCBpcyBpbXBvcnRhbnQgdG8gc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlIGFzIHRoaXMgaXMgaG93IHRoZSBidWNrZXRzIGFyZSBzZXBhcmF0ZWQuIElmIHlvdSBkbyBub3Qgc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlLCBhbGwgdGhlIGV2ZW50cyBmb3IgdGhlIHNhbWUgdXNlciB3aWxsIGZhbGwgaW50byB0aGUgc2FtZSBidWNrZXQgbm90IG1hdHRlciBpZiBpdCB3YXMgYSBkaWZmZXJlbnQgc2VydmljZSB3aGljaCBjb3VsZCBsZWFkIHRvIGZhbHNlIHBvc2l0aXZlcy4=", "content": "IyMgR2VuZXJpYyBidWNrZXQgdG8gaGFuZGxlIGltcG9zc2libGUgdHJhdmVsIGZvciBhdXRoZW50aWNhdGlvbgp0eXBlOiBjb25kaXRpb25hbApuYW1lOiBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsCmRlc2NyaXB0aW9uOiAiaW1wb3NzaWJsZSB0cmF2ZWwiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX3N1Y2Nlc3MnICYmIGV2dC5NZXRhLnVzZXIgbm90IGluIFsnJywgbmlsXSIKZ3JvdXBieTogImV2dC5NZXRhLnNlcnZpY2UgKyBldnQuTWV0YS51c2VyIgojIFRvIG1ha2UgaXQgZ2VuZXJpYyB3ZSBjb25jYXRlbmF0ZSB0aGUgc2VydmljZSBuYW1lIGFuZCB0aGUgdXNlcgpjYXBhY2l0eTogLTEKY29uZGl0aW9uOiB8CiAgICBsZW4ocXVldWUuUXVldWUpID49IDIgCiAgICBhbmQgRGlzdGFuY2UocXVldWUuUXVldWVbLTFdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMV0uRW5yaWNoZWQuTG9uZ2l0dWRlLAogICAgcXVldWUuUXVldWVbLTJdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMl0uRW5yaWNoZWQuTG9uZ2l0dWRlKSA+IDEwMDAKbGVha3NwZWVkOiAzaApsYWJlbHM6CiAgcmVtZWRpYXRpb246IGZhbHNlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA3OAogIGJlaGF2aW9yOiAiYXV0aDpzdWNjZXNzZnVsIgogIGxhYmVsOiAiSW1wb3NzaWJsZSB0cmF2ZWwiCiAgc3Bvb2ZhYmxlOiAwCiAgc2VydmljZTogYXV0aGVudGljYXRpb24KICBjb25maWRlbmNlOiAz", "description": "impossible travel", "author": "crowdsecurity", "labels": { "behavior": "auth:successful", "classification": [ "attack.T1078" ], "confidence": 3, "label": "Impossible travel", "remediation": false, "service": "authentication", "spoofable": 0 } }, "crowdsecurity/impossible-travel-user": { "path": "scenarios/crowdsecurity/impossible-travel-user.yaml", "version": "0.1", "versions": { "0.1": { "digest": "806f37a192e70eec9b8c6437fe39047651c47f35d16df59cf687dedb8133778c", "deprecated": false } }, "long_description": "R2VuZXJpYyBpbXBsZW1lbnRhdGlvbiBvZiBpbXBvc3NpYmxlIHRyYXZlbCB0byBkZXRlY3QgdXNlcnMgbG9nZ2luZyBpbiBmcm9tIHR3byBkaWZmZXJlbnQgbG9jYXRpb25zIGluIGEgc2hvcnQgcGVyaW9kIG9mIHRpbWUuIElmIHlvdSB3aXNoIHdyaXRlIGEgcGFyc2VyIHRvIGZhbGwgaW50byB0aGlzIGdlbmVyaWMgYnVja2V0IHlvdSBtdXN0IHNldCB0aGUgZm9sbG93aW5nIGF0dHJpYnV0ZXMgb24gdGhlIGBtZXRhYCBvYmplY3Q6CgotIGBsb2dfdHlwZWA6IGBhdXRoX3N1Y2Nlc3NgCi0gYHNvdXJjZV9pcGA6IHRoZSBJUCBhZGRyZXNzCi0gYHVzZXJgOiB0aGUgdXNlciB0aGF0IGxvZ2dlZCBpbgotIGBzZXJ2aWNlYDogdGhlIHNlcnZpY2UgdGhlIHVzZXIgbG9nZ2VkIGluIHRvIEVHIGBzc2hgCgpJdCBpcyBpbXBvcnRhbnQgdG8gc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlIGFzIHRoaXMgaXMgaG93IHRoZSBidWNrZXRzIGFyZSBzZXBhcmF0ZWQuIElmIHlvdSBkbyBub3Qgc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlLCBhbGwgdGhlIGV2ZW50cyBmb3IgdGhlIHNhbWUgdXNlciB3aWxsIGZhbGwgaW50byB0aGUgc2FtZSBidWNrZXQgbm90IG1hdHRlciBpZiBpdCB3YXMgYSBkaWZmZXJlbnQgc2VydmljZSB3aGljaCBjb3VsZCBsZWFkIHRvIGZhbHNlIHBvc2l0aXZlcy4=", "content": "IyMgR2VuZXJpYyBidWNrZXQgdG8gaGFuZGxlIGltcG9zc2libGUgdHJhdmVsIGZvciBhdXRoZW50aWNhdGlvbiB3aXRoIHVzZXJuYW1lIHNjb3BlCnR5cGU6IGNvbmRpdGlvbmFsCm5hbWU6IGNyb3dkc2VjdXJpdHkvaW1wb3NzaWJsZS10cmF2ZWwtdXNlcgpkZXNjcmlwdGlvbjogImltcG9zc2libGUgdHJhdmVsIHVzZXIiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX3N1Y2Nlc3MnICYmIGV2dC5NZXRhLnVzZXIgbm90IGluIFsnJywgbmlsXSIKZ3JvdXBieTogImV2dC5NZXRhLnNlcnZpY2UgKyBldnQuTWV0YS51c2VyIgojIFRvIG1ha2UgaXQgZ2VuZXJpYyB3ZSBjb25jYXRlbmF0ZSB0aGUgc2VydmljZSBuYW1lIGFuZCB0aGUgdXNlcgpjYXBhY2l0eTogLTEKY29uZGl0aW9uOiB8CiAgICBsZW4ocXVldWUuUXVldWUpID49IDIgCiAgICBhbmQgRGlzdGFuY2UocXVldWUuUXVldWVbLTFdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMV0uRW5yaWNoZWQuTG9uZ2l0dWRlLAogICAgcXVldWUuUXVldWVbLTJdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMl0uRW5yaWNoZWQuTG9uZ2l0dWRlKSA+IDEwMDAKbGVha3NwZWVkOiAzaApzY29wZToKICAgIHR5cGU6IHVzZXJuYW1lCiAgICBleHByZXNzaW9uOiBldnQuTWV0YS51c2VyCmxhYmVsczoKICByZW1lZGlhdGlvbjogZmFsc2UKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDc4CiAgYmVoYXZpb3I6ICJhdXRoOnN1Y2Nlc3NmdWwiCiAgbGFiZWw6ICJJbXBvc3NpYmxlIHRyYXZlbCIKICBzcG9vZmFibGU6IDAKICBzZXJ2aWNlOiBhdXRoZW50aWNhdGlvbgogIGNvbmZpZGVuY2U6IDM=", "description": "impossible travel user", "author": "crowdsecurity", "labels": { "behavior": "auth:successful", "classification": [ "attack.T1078" ], "confidence": 3, "label": "Impossible travel", "remediation": false, "service": "authentication", "spoofable": 0 } }, "crowdsecurity/iptables-scan-multi_ports": { "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml", "version": "0.2", "versions": { "0.1": { "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7", "deprecated": false }, "0.2": { "digest": "af7ec1e0af8a778d80f6de3c8d28c15fdce53882e7cd5c8e3291e397b6ac4985", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUuMDAxCiAgICAtIGF0dGFjay5UMTAxOAogICAgLSBhdHRhY2suVDEwNDYKICBiZWhhdmlvcjogInRjcDpzY2FuIgogIGxhYmVsOiAiVENQIFBvcnQgU2NhbiIKICBzcG9vZmFibGU6IDMKICBjb25maWRlbmNlOiAxCg==", "description": "ban IPs that are scanning us", "author": "crowdsecurity", "labels": { "behavior": "tcp:scan", "classification": [ "attack.T1595.001", "attack.T1018", "attack.T1046" ], "confidence": 1, "label": "TCP Port Scan", "remediation": true, "spoofable": 3 } }, "crowdsecurity/jira_cve-2021-26086": { "path": "scenarios/crowdsecurity/jira_cve-2021-26086.yaml", "version": "0.3", "versions": { "0.1": { "digest": "1c3631aaa5818cb3af51e6ca6d4fe270eeb362d1ea0dd3fa19c735f3671253d5", "deprecated": false }, "0.2": { "digest": "d5fef0d96708e47793854ac57ea135bed7801fc85c85f59b0e6ba95b93b3049b", "deprecated": false }, "0.3": { "digest": "b2cf725a3483845be22475b6f7556dd50e96199407eee077da49f7bff04f1b0a", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9qaXJhX2N2ZS0yMDIxLTI2MDg2CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEF0bGFzc2lhbiBKaXJhIENWRS0yMDIxLTI2MDg2IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiamlyYV9jdmVfMjAyMS0yNjA4Ni50eHQiKSwge1VwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgVXBwZXIoIyl9KQpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL2ppcmFfY3ZlXzIwMjEtMjYwODYudHh0CiAgICBkZXN0X2ZpbGU6IGppcmFfY3ZlXzIwMjEtMjYwODYudHh0CiAgICB0eXBlOiBzdHJpbmcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1LjAwMQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIxLTI2MDg2CiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJKaXJhIENWRS0yMDIxLTI2MDg2IGV4cGxvaXRhdGlvbiIKICBzcG9vZmFibGU6IDAKICBzZXJ2aWNlOiBqaXJhCiAgY29uZmlkZW5jZTogMwo=", "description": "Detect Atlassian Jira CVE-2021-26086 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595.001", "attack.T1190", "cve.CVE-2021-26086" ], "confidence": 3, "label": "Jira CVE-2021-26086 exploitation", "remediation": true, "service": "jira", "spoofable": 0 } }, "crowdsecurity/k8s-audit-anonymous-access": { "path": "scenarios/crowdsecurity/k8s-audit-anonymous-access.yaml", "version": "0.4", "versions": { "0.1": { "digest": "d554b9a458ed4edf24a67f1bdf13b32e2ddb43f7ff7b2675c706f0fa2b47ebf5", "deprecated": false }, "0.2": { "digest": "0a00e1d0df5950c4a88c9e8ee71a0069a808691b1091d9c2dad3d29d20c7e308", "deprecated": false }, "0.3": { "digest": "2c3f6ef71eff02540727a872fa4f5cf7abd2271bb3bbd970b65de810b0894a71", "deprecated": false }, "0.4": { "digest": "e5c03d518fc4133ed7a48a533a56cafb92aa6893e259f155f517963b239ab471", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhbm9ueW1vdXMgYWNjZXNzIHRvIHRoZSBLOFMgQVBJLCB1c2luZyB0aGUgY2x1c3RlciBhdWRpdCBsb2dzLgoKT25seSBhdHRlbXB0cyBkb25lIG9uIHJlc291cmNlcyB0aGF0IGFyZSBsb2dnZWQgYXQgbGVhc3QgYXQgdGhlIGBNZXRhZGF0YWAgbGV2ZWwgd2lsbCBiZSByZWNvcmRlZC4KCkFjY2VzcyB0byBgaGVhbHRoemAsIGBsaXZlemAgYW5kIGByZWFkeXpgIGFyZSBpZ25vcmVkLgoKTm8gZGVjaXNpb24gd2lsbCBiZSB0YWtlbiBiYXNlZCBvbiB0aGlzIHNjZW5hcmlvLCBpdCBpcyBvbmx5IGludGVuZGVkIGZvciBub3RpZmljYXRpb24gcHVycG9zZXMuCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1hbm9ueW1vdXMtYWNjZXNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFsbG93ZWQgYW5vbnltb3VzIGFjY2VzcyB0byB0aGUgSzhTIEFQSSIKZmlsdGVyOiB8CiAgIGV2dC5NZXRhLmxvZ190eXBlID09ICdrOHMtYXVkaXQnICYmCiAgICgKICAgIChldnQuTWV0YS5kYXRhc291cmNlX3R5cGUgPT0gIms4cy1hdWRpdCIgJiYgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5PYmplY3RSZWY/LlJlc291cmNlIG5vdCBpbiBbImhlYWx0aHoiLCAibGl2ZXoiLCAicmVhZHl6Il0pIAogICAgfHwgCiAgICAoZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlICE9ICJrOHMtYXVkaXQiICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQub2JqZWN0UmVmPy5yZXNvdXJjZSBub3QgaW4gWyJoZWFsdGh6IiwgImxpdmV6IiwgInJlYWR5eiJdKQogICApCiAgICYmIGV2dC5NZXRhLnVzZXIgaW4gWyJzeXN0ZW06YW5vbnltb3VzIiwgInN5c3RlbTp1bmF1dGhlbnRpY2F0ZWQiXQpsYWJlbHM6CiAgIG5vdGlmaWNhdGlvbjogdHJ1ZQogICBjbGFzc2lmaWNhdGlvbjoKICAgICAgLSBhdHRhY2suVDE1OTUKICAgYmVoYXZpb3I6ICJrOHM6c2NhbiIKICAgbGFiZWw6ICJLdWJlcm5ldGVzIEFQSSBhbm9ueW1vdXMgYWNjZXNzIgogICBzcG9vZmFibGU6IDAKICAgc2VydmljZTogazhzCiAgIGNvbmZpZGVuY2U6IDMK", "description": "Detect allowed anonymous access to the K8S API", "author": "crowdsecurity", "labels": { "behavior": "k8s:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "Kubernetes API anonymous access", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-api-server-bruteforce": { "path": "scenarios/crowdsecurity/k8s-audit-api-server-bruteforce.yaml", "version": "0.4", "versions": { "0.1": { "digest": "7ecb56f49b3fca372837c619a85b930b85905a318f9ab96a81a7b7f0e154720a", "deprecated": false }, "0.2": { "digest": "3794908e15dcd43bed1e23946a14e13afb67c8a067819bd53b4076394071ae7a", "deprecated": false }, "0.3": { "digest": "c134ab48fbb7e97cf523733b3086da1bc08c1b020555e0ec1ccca4fff6adef04", "deprecated": false }, "0.4": { "digest": "16f47cfcf58ab606ac40b384d8b8b0e26d937d27031e3247c700ecbedc06b7d0", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIGFnYWluc3QgdGhlIEs4UyBBUEkgc2VydmVyLgoKVGhpcyBzY2VuYXJpbyBuZWVkcyB0aGUgSzhTIGF1ZGl0IGxvZ3MgdG8gd29yay4=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9rOHMtYXVkaXQtYXBpLXNlcnZlci1icnV0ZWZvcmNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJydXRlZm9yY2UgYXR0ZW1wdHMgYWdhaW5zdCBLOFMgQVBJIHNlcnZlciIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2s4cy1hdWRpdCcgJiYgCiAgKAogICAoZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlID09ICJrOHMtYXVkaXQiICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuUmVzcG9uc2VTdGF0dXMuY29kZSBpbiBbNDAxLCA0MDNdKQogICB8fAogICAoZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlICE9ICJrOHMtYXVkaXQiICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVzcG9uc2VTdGF0dXMuY29kZSBpbiBbNDAxLCA0MDNdKQogICkKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiazhzOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJLdWJlcm5ldGVzIEFQSSBCcnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBrOHMK", "description": "Detect bruteforce attempts against K8S API server", "author": "crowdsecurity", "labels": { "behavior": "k8s:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Kubernetes API Bruteforce", "remediation": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-pod-exec": { "path": "scenarios/crowdsecurity/k8s-audit-pod-exec.yaml", "version": "0.4", "versions": { "0.1": { "digest": "da4d3286064bc873a090205cae1274e96eb9338794ecf7bebe5b7186d11d3907", "deprecated": false }, "0.2": { "digest": "4d14afcd01ba3c46f873afb7898202875eec675863d0da5c35c79341f164c4ed", "deprecated": false }, "0.3": { "digest": "b5047e4cc82051818b47fdbbe3803c7fabdb91b91318e990692760c2034a61c6", "deprecated": false }, "0.4": { "digest": "2c7bc8d2ff7d50616d7e29955a34ddd1fd05410b75965384f9c1698ef4eced9b", "deprecated": false } }, "long_description": "RGV0ZWN0cyBleGVjdXRpb24gKHZpYSBga3ViZWN0bCBleGVjYCkgaW4gcG9kcy4KClRoZSBzY2VuYXJpbyBuZWVkcyBsb2dzIGZyb20gdGhlIGBwb2RzYCByZXNvdXJjZXMgYXQgdGhlIGBNZXRhZGF0YWAgbGV2ZWwgYXQgYSBtaW5pbXVtLgoKTm8gZGVjaXNpb24gd2lsbCBiZSB0YWtlbiBiYXNlZCBvbiB0aGlzIHNjZW5hcmlvLCBpdCBpcyBvbmx5IGludGVuZGVkIGZvciBub3RpZmljYXRpb24gcHVycG9zZXMuCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1wb2QtZXhlYwpkZXNjcmlwdGlvbjogIkRldGVjdCBleGVjdXRpb24gKHZpYSBrdWJlY3RsIGV4ZWMpIGluIHBvZHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlID09ICdrOHMtYXVkaXQnICYmCiAgKAogICAoZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlID09ICJrOHMtYXVkaXQiICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuT2JqZWN0UmVmPy5SZXNvdXJjZSA9PSAncG9kcycgJiYgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5PYmplY3RSZWY/LlN1YnJlc291cmNlID09ICdleGVjJykKICAgfHwKICAgKGV2dC5NZXRhLmRhdGFzb3VyY2VfdHlwZSAhPSAiazhzLWF1ZGl0IiAmJiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0Lm9iamVjdFJlZj8ucmVzb3VyY2UgPT0gJ3BvZHMnICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQub2JqZWN0UmVmPy5zdWJyZXNvdXJjZSA9PSAnZXhlYycpCiAgKQpsYWJlbHM6CiAgbm90aWZpY2F0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTYwOQogIGJlaGF2aW9yOiAiazhzOmF1ZGl0IgogIGxhYmVsOiAiS3ViZXJuZXRlcyBFeGVjIEludG8gUG9kIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjdGk6IGZhbHNlCiAgc2VydmljZTogazhzCg==", "description": "Detect execution (via kubectl exec) in pods", "author": "crowdsecurity", "labels": { "behavior": "k8s:audit", "classification": [ "attack.T1609" ], "confidence": 3, "cti": false, "label": "Kubernetes Exec Into Pod", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-pod-host-network": { "path": "scenarios/crowdsecurity/k8s-audit-pod-host-network.yaml", "version": "0.4", "versions": { "0.1": { "digest": "22c8869a8472b15bbdef04b4c9a0a30ee8479e909df4b7672515f009ea23b28c", "deprecated": false }, "0.2": { "digest": "13e46cb544153327e7cd2057e9b1005b409172b3b3e61f1b831abaf025976a23", "deprecated": false }, "0.3": { "digest": "5162f7a8153ba082f0a67e14fa51cce45755a0d4a1d135cebd6af031609b8808", "deprecated": false }, "0.4": { "digest": "23bf720e5426846200e199b9e21ff9825ee923d985079c1c7bb799275f3dd768", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwb2RzIGNyZWF0ZWQgd2l0aCBob3N0IG5ldHdvcmtpbmcgaW4gYSBLOFMgY2x1c3RlciwgdXNpbmcgdGhlIGNsdXN0ZXIgYXVkaXQgbG9ncy4KClRoZSBzY2VuYXJpbyBuZWVkcyBsb2dzIGZyb20gdGhlIGBwb2RzYCByZXNvdXJjZXMgYXQgdGhlIGBSZXF1ZXN0YCBsZXZlbCBhdCBhIG1pbmltdW0uCgpObyBkZWNpc2lvbiB3aWxsIGJlIHRha2VuIGJhc2VkIG9uIHRoaXMgc2NlbmFyaW8sIGl0IGlzIG9ubHkgaW50ZW5kZWQgZm9yIG5vdGlmaWNhdGlvbiBwdXJwb3Nlcy4K", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1wb2QtaG9zdC1uZXR3b3JrCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHBvZHMgc3RhcnRlZCB3aXRoIGhvc3QgbmV0d29ya2luZyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2s4cy1hdWRpdCcgJiYKICAoCiAgIChldnQuTWV0YS5kYXRhc291cmNlX3R5cGUgPT0gIms4cy1hdWRpdCIgJiYgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5WZXJiID09ICdjcmVhdGUnICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuT2JqZWN0UmVmPy5SZXNvdXJjZSA9PSAncG9kcycgJiYgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5SZXF1ZXN0T2JqZWN0Py5zcGVjPy5ob3N0TmV0d29yayA9PSB0cnVlKQogICB8fAogICAoZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlICE9ICJrOHMtYXVkaXQiICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQudmVyYiA9PSAnY3JlYXRlJyAmJiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0Lm9iamVjdFJlZj8ucmVzb3VyY2UgPT0gJ3BvZHMnICYmIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVxdWVzdE9iamVjdD8uc3BlYz8uaG9zdE5ldHdvcmsgPT0gdHJ1ZSkKICApCmxhYmVsczoKICBub3RpZmljYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNjEwCiAgYmVoYXZpb3I6ICJrOHM6YXVkaXQiCiAgbGFiZWw6ICJLdWJlcm5ldGVzIFBvZCBTdGFydCBXaXRoIEhvc3QgTmV0d29ya2luZyIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgc2VydmljZTogazhzCg==", "description": "Detect pods started with host networking", "author": "crowdsecurity", "labels": { "behavior": "k8s:audit", "classification": [ "attack.T1610" ], "confidence": 3, "label": "Kubernetes Pod Start With Host Networking", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-pod-host-path-volume": { "path": "scenarios/crowdsecurity/k8s-audit-pod-host-path-volume.yaml", "version": "0.5", "versions": { "0.1": { "digest": "a2cfbc902f353f46fa5d7a38565e2aebdf0c74ffc3ee1dc285331b93ad1989ef", "deprecated": false }, "0.2": { "digest": "7a0f0c5fdaf46513bdbc858e30628e5ca16f36bf81352914b5d9ccbdea7564af", "deprecated": false }, "0.3": { "digest": "b596e6047525ef0ed7377c829010b6605faa3ea32da227f55e5e5a15f2057032", "deprecated": false }, "0.4": { "digest": "28bcdb0dc2e8303e445dadb0e1ea57a41bde1d7a57b98d9b70491b7af1d6f67e", "deprecated": false }, "0.5": { "digest": "063db67636d42747f4c305984612ceccc9c427c278223d83c05bcf310f6416d8", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwb2RzIGNyZWF0aW9uIG1vdW50aW5nIGEgc2Vuc2l0aXZlIGhvc3QgZm9sZGVyIGluIGEgSzhTIGNsdXN0ZXIsIHVzaW5nIHRoZSBjbHVzdGVyIGF1ZGl0IGxvZ3MuCgpGb2xkZXJzIG9yIGZpbGVzIGNvbnNpZGVyZWQgc2Vuc2l0aXZlIGFyZToKIC0gYC9gCiAtIGAvZXRjYAogLSBgL2V0Yy9rdWJlcm5ldGVzYAogLSBgL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0c2AKIC0gYC9wcm9jYAogLSBgL3Jvb3RgCiAtIGAvaG9tZS9hZG1pbmAKIC0gYC92YXIvbGliL2t1YmVsZXRgCiAtIGAvdmFyL2xpYi9rdWJlbGV0L3BraWAKIC0gYC92YXIvcnVuL2RvY2tlci5zb2NrYCAKIC0gYC92YXIvcnVuL2NyaW8vY3Jpby5zb2NrYAoKVGhlIHNjZW5hcmlvIG5lZWRzIGxvZ3MgZnJvbSB0aGUgYHBvZHNgIHJlc291cmNlcyBhdCB0aGUgYFJlcXVlc3RgIGxldmVsIGF0IGEgbWluaW11bS4KCk5vIGRlY2lzaW9uIHdpbGwgYmUgdGFrZW4gYmFzZWQgb24gdGhpcyBzY2VuYXJpbywgaXQgaXMgb25seSBpbnRlbmRlZCBmb3Igbm90aWZpY2F0aW9uIHB1cnBvc2VzLgo=", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1wb2QtaG9zdC1wYXRoLXZvbHVtZQpkZXNjcmlwdGlvbjogIkRldGVjdCBwb2RzIG1vdW50aW5nIGEgc2Vuc2l0aXZlIGhvc3QgZm9sZGVyIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnazhzLWF1ZGl0JyAmJgogICgKICAgKAogICAgZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlID09ICJrOHMtYXVkaXQiICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0Lk9iamVjdFJlZj8uUmVzb3VyY2UgPT0gJ3BvZHMnICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LlJlcXVlc3RPYmplY3QgIT0gbmlsICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LlJlcXVlc3RPYmplY3Quc3BlYyAhPSBuaWwgJiYKICAgIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQuUmVxdWVzdE9iamVjdC5zcGVjLnZvbHVtZXMgIT0gbmlsICYmCiAgICBhbnkoZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5SZXF1ZXN0T2JqZWN0LnNwZWMudm9sdW1lcywgeyAuaG9zdFBhdGggIT0gbmlsICYmIC5ob3N0UGF0aC5wYXRoIGluIFsiL3Byb2MiLCAiL3Zhci9ydW4vZG9ja2VyLnNvY2siLCAiLyIsICIvZXRjIiwgIi9yb290IiwgIi92YXIvcnVuL2NyaW8vY3Jpby5zb2NrIiwgIi9ob21lL2FkbWluIiwgIi92YXIvbGliL2t1YmVsZXQiLCAiL3Zhci9saWIva3ViZWxldC9wa2kiLCAiL2V0Yy9rdWJlcm5ldGVzIiwgIi9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMiXSB9KQogICApCiAgIHx8CiAgICgKICAgIGV2dC5NZXRhLmRhdGFzb3VyY2VfdHlwZSAhPSAiazhzLWF1ZGl0IiAmJgogICAgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5vYmplY3RSZWY/LnJlc291cmNlID09ICdwb2RzJyAmJgogICAgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5yZXF1ZXN0T2JqZWN0ICE9IG5pbCAmJgogICAgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5yZXF1ZXN0T2JqZWN0LnNwZWMgIT0gbmlsICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LnJlcXVlc3RPYmplY3Quc3BlYy52b2x1bWVzICE9IG5pbCAmJgogICAgYW55KGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVxdWVzdE9iamVjdC5zcGVjLnZvbHVtZXMsIHsgLmhvc3RQYXRoICE9IG5pbCAmJiAuaG9zdFBhdGgucGF0aCBpbiBbIi9wcm9jIiwgIi92YXIvcnVuL2RvY2tlci5zb2NrIiwgIi8iLCAiL2V0YyIsICIvcm9vdCIsICIvdmFyL3J1bi9jcmlvL2NyaW8uc29jayIsICIvaG9tZS9hZG1pbiIsICIvdmFyL2xpYi9rdWJlbGV0IiwgIi92YXIvbGliL2t1YmVsZXQvcGtpIiwgIi9ldGMva3ViZXJuZXRlcyIsICIvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzIl0gfSkKICAgKQogICkKbGFiZWxzOgogIG5vdGlmaWNhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE2MTAKICBiZWhhdmlvcjogIms4czphdWRpdCIKICBsYWJlbDogIkt1YmVybmV0ZXMgUG9kIFN0YXJ0IFdpdGggSG9zdCBQYXRoIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBrOHMK", "description": "Detect pods mounting a sensitive host folder", "author": "crowdsecurity", "labels": { "behavior": "k8s:audit", "classification": [ "attack.T1610" ], "confidence": 3, "label": "Kubernetes Pod Start With Host Path", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-privileged-pod-creation": { "path": "scenarios/crowdsecurity/k8s-audit-privileged-pod-creation.yaml", "version": "0.4", "versions": { "0.1": { "digest": "ba074de3c2dc77cb50b5bdf84bcc764750cd9166b279c4ac5f1e15ab01eb4308", "deprecated": false }, "0.2": { "digest": "cb38d6ab6abbea0bf3a0f8471fa88e175d3bafbbe808f17274bfbac8b464bbf0", "deprecated": false }, "0.3": { "digest": "8350fe7aeff51b0167aaba17591008942bdeeb6c8183765bd110a657d0e27f24", "deprecated": false }, "0.4": { "digest": "becd28f2a57949a529076a5800edca5cb54c4e4adb457ba43d9232659df3845b", "deprecated": false } }, "long_description": "RGV0ZWN0cyBwcml2aWxlZ2VkIHBvZHMgY3JlYXRpb24gaW4gYSBLOFMgY2x1c3RlciwgdXNpbmcgdGhlIGNsdXN0ZXIgYXVkaXQgbG9ncy4KClRoZSBzY2VuYXJpbyBuZWVkcyBsb2dzIGZyb20gdGhlIGBwb2RzYCByZXNvdXJjZXMgYXQgdGhlIGBSZXF1ZXN0YCBsZXZlbCBhdCBhIG1pbmltdW0uCgpObyBkZWNpc2lvbiB3aWxsIGJlIHRha2VuIGJhc2VkIG9uIHRoaXMgc2NlbmFyaW8sIGl0IGlzIG9ubHkgaW50ZW5kZWQgZm9yIG5vdGlmaWNhdGlvbiBwdXJwb3Nlcy4K", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1wcml2aWxlZ2VkLXBvZC1jcmVhdGlvbgpkZXNjcmlwdGlvbjogIkRldGVjdCBwcml2aWxlZ2VkIHBvZCBjcmVhdGlvbiIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2s4cy1hdWRpdCcgJiYKICAoCiAgICgKICAgIGV2dC5NZXRhLmRhdGFzb3VyY2VfdHlwZSA9PSAiazhzLWF1ZGl0IiAmJgogICAgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5WZXJiID09ICdjcmVhdGUnICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0Lk9iamVjdFJlZj8uUmVzb3VyY2UgPT0gJ3BvZHMnICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LlJlcXVlc3RPYmplY3QgIT0gbmlsICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LlJlcXVlc3RPYmplY3Quc3BlYyAhPSBuaWwgJiYKICAgIGFueShldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LlJlcXVlc3RPYmplY3Quc3BlYy5jb250YWluZXJzLCB7IC5zZWN1cml0eUNvbnRleHQgIT0gbmlsICYmIC5zZWN1cml0eUNvbnRleHQucHJpdmlsZWdlZCA9PSB0cnVlIH0pCiAgICkKICAgfHwKICAgKAogICAgZXZ0Lk1ldGEuZGF0YXNvdXJjZV90eXBlICE9ICJrOHMtYXVkaXQiICYmCiAgICBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LnZlcmIgPT0gJ2NyZWF0ZScgJiYKICAgIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQub2JqZWN0UmVmPy5yZXNvdXJjZSA9PSAncG9kcycgJiYKICAgIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVxdWVzdE9iamVjdCAhPSBuaWwgJiYKICAgIGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVxdWVzdE9iamVjdC5zcGVjICE9IG5pbCAmJgogICAgYW55KGV2dC5Vbm1hcnNoYWxlZC5rOHNfYXVkaXQucmVxdWVzdE9iamVjdC5zcGVjLmNvbnRhaW5lcnMsIHsgLnNlY3VyaXR5Q29udGV4dCAhPSBuaWwgJiYgLnNlY3VyaXR5Q29udGV4dC5wcml2aWxlZ2VkID09IHRydWUgfSkKICAgKQogICkKbGFiZWxzOgogIG5vdGlmaWNhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE2MTAKICBiZWhhdmlvcjogIms4czphdWRpdCIKICBsYWJlbDogIkt1YmVybmV0ZXMgUHJpdmlsZWdlZCBQb2QgQ3JlYXRpb24iCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIHNlcnZpY2U6IGs4cwo=", "description": "Detect privileged pod creation", "author": "crowdsecurity", "labels": { "behavior": "k8s:audit", "classification": [ "attack.T1610" ], "confidence": 3, "label": "Kubernetes Privileged Pod Creation", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/k8s-audit-service-account-access-denied": { "path": "scenarios/crowdsecurity/k8s-audit-service-account-access-denied.yaml", "version": "0.4", "versions": { "0.1": { "digest": "b43903791497159fe0dbe5da4aa53275ec41d92eecf6b77318e5f75ae2bf8770", "deprecated": false }, "0.2": { "digest": "4c34c562c8a837a1fa32e23dafc4182d371c3576266e206404974421eb13e5a9", "deprecated": false }, "0.3": { "digest": "f60ca3ffd290bc64f66c86eb5325b3fe418b884230b38ece451ee5d0dad919f3", "deprecated": false }, "0.4": { "digest": "e9532021eea1cb008a0307455aba3d42e537ac043bbcb8583f1dd2e563820fdb", "deprecated": false } }, "long_description": "RGV0ZWN0cyBzZXJ2aWNlIGFjY291bnRzIG1ha2luZyBmb3JiaWRkZW4gcmVxdWVzdHMgdG8gdGhlIEs4UyBBUEkuCgpPbmx5IGF0dGVtcHRzIGRvbmUgb24gcmVzb3VyY2VzIHRoYXQgYXJlIGxvZ2dlZCBhdCBsZWFzdCBhdCB0aGUgYE1ldGFkYXRhYCBsZXZlbCB3aWxsIGJlIHJlY29yZGVkLgoKTm8gZGVjaXNpb24gd2lsbCBiZSB0YWtlbiBiYXNlZCBvbiB0aGlzIHNjZW5hcmlvLCBpdCBpcyBvbmx5IGludGVuZGVkIGZvciBub3RpZmljYXRpb24gcHVycG9zZXMuCg==", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2s4cy1hdWRpdC1zZXJ2aWNlLWFjY291bnQtYWNjZXNzLWRlbmllZApkZXNjcmlwdGlvbjogIkRldGVjdCB1bmF1dGhvcml6ZWQgcmVxdWVzdHMgZnJvbSBzZXJ2aWNlIGFjY291bnRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSA9PSAnazhzLWF1ZGl0JyAmJgogIGV2dC5NZXRhLnVzZXIgc3RhcnRzV2l0aCAic3lzdGVtOnNlcnZpY2VhY2NvdW50OiIgJiYKICAoCiAgIChldnQuTWV0YS5kYXRhc291cmNlX3R5cGUgPT0gIms4cy1hdWRpdCIgJiYgZXZ0LlVubWFyc2hhbGVkLms4c19hdWRpdC5Bbm5vdGF0aW9uc1siYXV0aG9yaXphdGlvbi5rOHMuaW8vZGVjaXNpb24iXSA9PSAiZm9yYmlkIikKICAgfHwKICAgKGV2dC5NZXRhLmRhdGFzb3VyY2VfdHlwZSAhPSAiazhzLWF1ZGl0IiAmJiBldnQuVW5tYXJzaGFsZWQuazhzX2F1ZGl0LmFubm90YXRpb25zWyJhdXRob3JpemF0aW9uLms4cy5pby9kZWNpc2lvbiJdID09ICJmb3JiaWQiKQogICkKbGFiZWxzOgogIG5vdGlmaWNhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNzgKICAgIC0gYXR0YWNrLlQxMDY5CiAgYmVoYXZpb3I6ICJrOHM6c2NhbiIKICBsYWJlbDogIkt1YmVybmV0ZXMgU2VydmljZSBBY2NvdW50IERlbmllZCBSZXF1ZXN0IgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBrOHMK", "description": "Detect unauthorized requests from service accounts", "author": "crowdsecurity", "labels": { "behavior": "k8s:scan", "classification": [ "attack.T1078", "attack.T1069" ], "confidence": 3, "label": "Kubernetes Service Account Denied Request", "notification": true, "service": "k8s", "spoofable": 0 } }, "crowdsecurity/kasm-bruteforce": { "path": "scenarios/crowdsecurity/kasm-bruteforce.yaml", "version": "0.2", "versions": { "0.1": { "digest": "5f4464d3102dc48cb57695252d7352ab305c6f5fd50aa1e275de28030315fa63", "deprecated": false }, "0.2": { "digest": "11ae6e8e7e60c5efcfe523ea4ea357168d29e5024b28d1e0396e1e7a37cf9223", "deprecated": false } }, "long_description": "RGV0ZWN0IEtBU00gbG9naW4gYnJ1dGVmb3JjZSA1IGF0dGVtcHRzIHdpdGggbGVha3NwZWVkIG9mIDEwIHNlY29uZHM=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9rYXNtLWJydXRlZm9yY2UKZGVzY3JpcHRpb246ICJEZXRlY3Qga2FzbSBsb2dpbiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5tZXRyaWNfbmFtZSBpbiBbJ2FjY291bnQubG9naW4uZmFpbGVkX2ludmFsaWRfdXNlcicsICdhY2NvdW50LmxvZ2luLmZhaWxlZF9pbnZhbGlkX3Bhc3N3b3JkJ10iCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDMKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBsYWJlbDogIktBU00gQnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgc2VydmljZToga2FzbQo=", "description": "Detect kasm login bruteforce", "author": "crowdsecurity", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "KASM Bruteforce", "remediation": true, "service": "kasm", "spoofable": 0 } }, "crowdsecurity/litespeed-admin-bf": { "path": "scenarios/crowdsecurity/litespeed-admin-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "cf7a11ef6d75de569bdd3e0d62a805a7793102e57911a1a6256327da64aed692", "deprecated": false }, "0.2": { "digest": "456850e8d43f06d882e59991f0721d28f6c80220df0b80c17306e735587f1f36", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGxpdGVzcGVlZCBhZG1pbiBVSS4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9saXRlc3BlZWQtYWRtaW4tYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBhZ2FpbnN0IGxpdGVzcGVlZCBhZG1pbiBVSSIKZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEuc3ViX3R5cGUgPT0gJ2xpdGVzcGVlZF9hZG1pbl9hdXRoX2ZhaWwnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDFtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkxpdGVTcGVlZCBBZG1pbiBCcnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBsaXRlc3BlZWQK", "description": "Detect bruteforce against litespeed admin UI", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "LiteSpeed Admin Bruteforce", "remediation": true, "service": "litespeed", "spoofable": 0 } }, "crowdsecurity/mariadb-bf": { "path": "scenarios/crowdsecurity/mariadb-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c6daa770b5ac5f153e6b5bc0c2eb8e50f90373e1802bea40724ebe6037a15ab4", "deprecated": false }, "0.2": { "digest": "09b4708abcf47bc810fd74d8c8d1395bc5dbb732184a8231c4dda4b587da2575", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIG1hcmlhZGIgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQo=", "content": "IyBtYXJpYWRiIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbWFyaWFkYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBtYXJpYWRiIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21hcmlhZGJfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogbWFyaWFkYgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImRhdGFiYXNlOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNYXJpYURCIEJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwo=", "description": "Detect mariadb bruteforce", "author": "crowdsecurity", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "MariaDB Bruteforce", "remediation": true, "service": "mariadb", "spoofable": 0 } }, "crowdsecurity/modsecurity": { "path": "scenarios/crowdsecurity/modsecurity.yaml", "version": "0.6", "versions": { "0.1": { "digest": "447c63986f53a743d08fc16677d7f5427ed4b7efca6a0d73c47991d83582e0d0", "deprecated": false }, "0.2": { "digest": "45c2a35d4ee071e66197aa2381b0c066a18d17fe6b8aee7b0e83efb21512cdbc", "deprecated": false }, "0.3": { "digest": "91e21cd506aa43e1895be93fa3e93dbad64403edafe9ae1e87f2519689ec3f66", "deprecated": false }, "0.4": { "digest": "2e2f2591a614514acf033702c5588335136050925f88f36fb9da0bc129f30039", "deprecated": false }, "0.5": { "digest": "23c32d105550893e7facd768035f57e7413c1802f52bf93b6540b5d01746a560", "deprecated": false }, "0.6": { "digest": "7930d21b866591673c8c7d70ca43a7919a361c22b194f6cc2482381dd0e5f46b", "deprecated": false } }, "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW4gSVAgdGhhdCB0cmlnZ2VyIGEgbW9kc2VjdXJpdHkgcnVsZSB3aXRoIGEgYENSSVRJQ0FMYCBzZXZlcml0eS4K", "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIldlYiBleHBsb2l0YXRpb24gdmlhIG1vZHNlY3VyaXR5IgojbW9kc2VjIGZvciBuZ2lueCBvbmx5IGxvZ3MgdGhlIG51bWVyaWNhbCB2YWx1ZSBvZiB0aGUgc2V2ZXJpdHkKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnbW9kc2VjdXJpdHknICYmIChldnQuUGFyc2VkLnJ1bGVzZXZlcml0eSA9PSAnQ1JJVElDQUwnIHx8IGV2dC5QYXJzZWQucnVsZXNldmVyaXR5ID09ICcyJykKYmxhY2tob2xlOiAybQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIk1vZHNlY3VyaXR5IEFsZXJ0IgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDIKICBzZXJ2aWNlOiBodHRwCg==", "description": "Web exploitation via modsecurity", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Modsecurity Alert", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/mssql-bf": { "path": "scenarios/crowdsecurity/mssql-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "be8f99681f224e5176015815d11bf01b0e0012ceb24bbb264786f503d9146d81", "deprecated": false }, "0.2": { "digest": "ac0fc68fb2064422e0743f1e9a0f10c13d8881a2298b6152899f2b84d293b148", "deprecated": false } }, "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L21zc3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1zc3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21zc3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImRhdGFiYXNlOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNU1NRTCBCcnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBzZXJ2aWNlOiBtc3NxbAo=", "description": "Detect mssql bruteforce", "author": "crowdsecurity", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "MSSQL Bruteforce", "remediation": true, "service": "mssql", "spoofable": 0 } }, "crowdsecurity/mysql-bf": { "path": "scenarios/crowdsecurity/mysql-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "3783ff9de7b6d19697ee121314b20b21b8c765b279a9caacc70d3c75f4ebd455", "deprecated": false }, "0.2": { "digest": "0e32a1c1d87086a9a0d51208025a61f4c7f1833e50c95959a4c8a1fff86bff5a", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIG15c3FsIGF1dGhlbnRpY2F0aW9ucy4KCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG15c3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ215c3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJkYXRhYmFzZTpicnV0ZWZvcmNlIgogIGxhYmVsOiAiTXlTUUwgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBteXNxbAo=", "description": "Detect mysql bruteforce", "author": "crowdsecurity", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "MySQL Bruteforce", "remediation": true, "service": "mysql", "spoofable": 0 } }, "crowdsecurity/naxsi-exploit-vpatch": { "path": "scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml", "version": "0.2", "versions": { "0.1": { "digest": "908ceeb2d7f5607a114a872847df34662e4c80ed07338a55f125a56985f0d095", "deprecated": false }, "0.2": { "digest": "5899c88353cdb50f0be57a818488ead9e320b4e81260acd610186c855b1d6716", "deprecated": false } }, "long_description": "RGV0ZWN0cyBuYXhzaSBibG9ja2VkIHJlcXVlc3RzIG9uIGN1c3RvbSAoPjk5OTkpIHJ1bGVzLgoKVHJpZ2dlcnMgb24gZmlyc3QgcmVxdWVzdC4K", "content": "IyBuYXhzaSB2cGF0Y2ggcnVsZXMgZGV0ZWN0aW9uCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9uYXhzaS1leHBsb2l0LXZwYXRjaAojIGlkIGlzIGJpZ2dlciB0aGFuIDlrLCBjdXN0b20gcnVsZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdXN0b20gYmxhY2tsaXN0IHRyaWdnZXJlZCBpbiBuYXhzaSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3dhZl9uYXhzaS1sb2cnICYmIGxlbihldnQuUGFyc2VkLm5heHNpX2lkKSA+IDQiCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgc2VydmljZTogaHR0cAo=", "description": "Detect custom blacklist triggered in naxsi", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/netgear_rce": { "path": "scenarios/crowdsecurity/netgear_rce.yaml", "version": "0.3", "versions": { "0.1": { "digest": "da6b213c4c31c81a22e52b573428cd78a76cb9c00f810d0835f7831f8f80eb5d", "deprecated": false }, "0.2": { "digest": "14411baac71dcd8fa5be5c9973f36b8c6f880865e1a3004674007a0bec64212d", "deprecated": false }, "0.3": { "digest": "4b88489256201cb7341ffc5e9cefba6f3a695b8275096d32d409052e7c4d33ab", "deprecated": false } }, "long_description": "IyMgTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb24KCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBOZXRnZWFyIERHTjEwMDAgLyBER04yMjAwIFJlbW90ZSBDb21tYW5kIEV4ZWN1dGlvbi4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4Cg==", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IE5ldGdlYXIgUkNFIERHTjEwMDAvREdOMjIwIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBMb3dlcihRdWVyeVVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIHN0YXJ0c1dpdGggTG93ZXIoJy9zZXR1cC5jZ2k/bmV4dF9maWxlPW5ldGdlYXIuY2ZnJnRvZG89c3lzY21kJmNtZD0nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCnJlZmVyZW5jZXM6CiAgLSAiaHR0cHM6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMjU5NzgiCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIk5ldGdlYXIgUkNFIgogIHNlcnZpY2U6IG5ldGdlYXIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Netgear RCE DGN1000/DGN220 exploitation attempts", "author": "crowdsecurity", "references": [ "https://www.exploit-db.com/exploits/25978" ], "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Netgear RCE", "remediation": true, "service": "netgear", "spoofable": 0 } }, "crowdsecurity/nextcloud-bf": { "path": "scenarios/crowdsecurity/nextcloud-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4a6b24a95d286e48aec8eb59fa5fc17686a724be3c7860df538a7eafdb613f97", "deprecated": false }, "0.2": { "digest": "6ba276c92b2d1a9b43bff6afa09f09c1d1b7fccb9b87d649eedba803689914d8", "deprecated": false }, "0.3": { "digest": "75b4f296618a383fd240413fd51bae1be786872d4f1b46421c8871d43c15d128", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIFtOZXh0Y2xvdWRdKGh0dHBzOi8vbmV4dGNsb3VkLmNvbSkgaW5zdGFuY2UuCgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSBvbiB0cnVzdCBkb21haW4gZXJyb3IK", "content": "LS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvbmV4dGNsb3VkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IE5leHRjbG91ZCBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ25leHRjbG91ZF9mYWlsZWRfYXV0aCcsICduZXh0Y2xvdWRfYnJ1dGVmb3JjZV9hdHRlbXB0J10iCmxlYWtzcGVlZDogIjFtIgpjYXBhY2l0eTogNQojIGlmIHdlIGhhdmUgYnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGVuYWJsZWQgaW4gbmV4dGNsb3VkLCB0aGUgc2FtZSBsb2dpbiBhdHRlbXB0CiMgY2FuIGxvZyAjIGJvdGggbG9naW4gZmFpbHVyZSBhbmQgYnJ1dGVmb3JjZSBhdHRlbXB0IGF0IHRoZSBzYW1lIHRpbWUsIHNvCiMga2VlcCB0aGVtIGluIHNlcGVyYXRlIGJ1Y2tldHMKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwICsgJy0tJyArIGV2dC5NZXRhLmxvZ190eXBlCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJOZXh0Q2xvdWQgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBuZXh0Y2xvdWQKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvbmV4dGNsb3VkLWJmX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBOZXh0Y2xvdWQgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICduZXh0Y2xvdWRfZmFpbGVkX2F1dGgnIgpsZWFrc3BlZWQ6ICIxbSIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpibGFja2hvbGU6IDVtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiTmV4dENsb3VkIEJydXRlZm9yY2UiCiAgc2VydmljZTogbmV4dGNsb3VkCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L25leHRjbG91ZC1iZl9kb21haW5fZXJyb3IKZGVzY3JpcHRpb246ICJEZXRlY3QgTmV4dGNsb3VkIGRvbWFpbiBlcnJvciIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ25leHRjbG91ZF9kb21haW5fZXJyb3InIgpsZWFrc3BlZWQ6ICIxbSIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJOZXh0Q2xvdWQgQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBuZXh0Y2xvdWQK", "description": "Detect Nextcloud bruteforce", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "NextCloud Bruteforce", "remediation": true, "service": "nextcloud", "spoofable": 0 } }, "crowdsecurity/nginx-req-limit-exceeded": { "path": "scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml", "version": "0.3", "versions": { "0.1": { "digest": "7e6fa2b7386d763b570025b3144c8790f68463f7c5739d8f527c9f80f15c15ce", "deprecated": false }, "0.2": { "digest": "f064319bf72d0df012495cd33acc005ca934314519adc06d8175c8cfa84c2e18", "deprecated": false }, "0.3": { "digest": "d135e5fe0f486f5f5223006c53324b51b5b1130c4d71fcf51f75e13b8575cc03", "deprecated": false } }, "long_description": "RGV0ZWN0cyBJUHMgd2hpY2ggdmlvbGF0ZSBuZ2lueCdzIHVzZXIgc2V0IHJlcXVlc3QgbGltaXQuCgpJUCBpcyBiYW5uZWQgaWYgaXQgdmlvbGF0ZXMgbmdpbngncyB1c2VyIHNldCByZXF1ZXN0IGxpbWl0IG1vcmUgdGhhbiA1IHRpbWVzIGluIGEgbWludXRlLg==", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtcmVxLWxpbWl0LWV4Y2VlZGVkCmRlc2NyaXB0aW9uOiAiRGV0ZWN0cyBJUHMgd2hpY2ggdmlvbGF0ZSBuZ2lueCdzIHVzZXIgc2V0IHJlcXVlc3QgbGltaXQuIgpmaWx0ZXI6IGV2dC5NZXRhLnN1Yl90eXBlID09ICdyZXFfbGltaXRfZXhjZWVkZWQnCmxlYWtzcGVlZDogIjYwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE0OTgKICBiZWhhdmlvcjogImh0dHA6ZG9zIgogIGxhYmVsOiAiTmdpbnggcmVxdWVzdCBsaW1pdCBleGNlZWRlZCIKICBzZXJ2aWNlOiBodHRwCg==", "description": "Detects IPs which violate nginx's user set request limit.", "author": "crowdsecurity", "labels": { "behavior": "http:dos", "classification": [ "attack.T1498" ], "confidence": 2, "label": "Nginx request limit exceeded", "remediation": true, "service": "http", "spoofable": 2 } }, "crowdsecurity/odoo-bf_user-enum": { "path": "scenarios/crowdsecurity/odoo-bf_user-enum.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ece8333dbfb283c4b696c2963ede3636175306d65151a26bbb2ecdcd19455e53", "deprecated": false }, "0.2": { "digest": "292468af8f31901e3aeaa6db5609c90be59f6b6c5dd5af9c40a22c74f1053913", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBvZG9vIGF1dGhlbnRpY2F0aW9ucyBhbmQgdXNlciBlbnVtOgoKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBmcm9tIHNhbWUgSVAKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2Vy", "content": "IyBPZG9vIHdlYiBhdXRoIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvb2Rvby1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9kb28gd2ViIGludGVyZmFjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb2Rvb19mYWlsZWRfYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT2RvbyBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IG9kb28KLS0tCiMgT2RvbyB3ZWIgYXV0aCB1c2VyX2VudW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9vZG9vX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBvZG9vIHVzZXIgZW51bSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb2Rvb19mYWlsZWRfYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIk9kb28gQnJ1dGVmb3JjZSIKICBzZXJ2aWNlOiBvZG9vCg==", "description": "Detect bruteforce on odoo web interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Odoo Bruteforce", "remediation": true, "service": "odoo", "spoofable": 0 } }, "crowdsecurity/opnsense-gui-bf": { "path": "scenarios/crowdsecurity/opnsense-gui-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "15f0d4f03f1e18a8cd5d95467a13e86ebfd717354f53ba02b4d165e6537965bf", "deprecated": false }, "0.2": { "digest": "c1031635c18c69203a1e251d25da8f309182ed04221142e94e3a2ff1d8533af3", "deprecated": false }, "0.3": { "digest": "5f06456ab0875a8245a6863775ccfe215f3d8a38da562dbcb9de97756aea188a", "deprecated": false } }, "long_description": "IyMgT1BOU2Vuc2Ugd2ViIHBvcnRhbCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKRGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIHRoZSBPUE5TZW5zZSB3ZWIgcG9ydGFsIDoKIC0gbW9yZSB0aGFuIDUgYXR0ZW1wdHMKIC0gMTAgc2Vjb25kcyBiZXR3ZWVuIGVhY2gKCgo=", "content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLWd1aS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT1BOc2Vuc2UgR1VJIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3Buc2Vuc2UK", "description": "Detect bruteforce on opnsense web interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "OPNsense GUI Bruteforce", "remediation": true, "service": "opnsense", "spoofable": 0 } }, "crowdsecurity/palo-alto-threat": { "path": "scenarios/crowdsecurity/palo-alto-threat.yaml", "version": "0.1", "versions": { "0.1": { "digest": "9341b00080dbba122150bd55cd155e916fc9a972a6e956b96ed517b09618fbf1", "deprecated": false } }, "long_description": "IyMgUGFsbyBBbHRvIFRocmVhdAoKVGhpcyBzY2VuYXJpbyB0cmlnZ2VyIGFuIGFsZXJ0IGZvciBJUCByZXBvcnRlZCBieSBQYWxvIEFsdG8gVGhyZWF0IExvZyBpZiB0aGUgc2V2ZXJpdHkgb2YgdGhlIHRocmVhdCBpcyBoaWdoZXIgb3IgZXF1YWwgdG8gYG1lZGl1bWAu", "content": "dHlwZTogdHJpZ2dlcgpkZWJ1ZzogZmFsc2UKbmFtZTogY3Jvd2RzZWN1cml0eS9wYWxvLWFsdG8tdGhyZWF0CmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gInBhbG9fYWx0byIgJiYgZXZ0Lk1ldGEuc2V2ZXJpdHkgaW4gWyJtZWRpdW0iLCAiaGlnaCIsICJjcml0aWNhbCJdCmRlc2NyaXB0aW9uOiBEZXRlY3QgcGFsbyBhbHRvIHRocmVhdCB3aXRoIGEgc2V2ZXJpdHkgaGlnaGVyIG9yIGVxdWFsIHRvIG1lZGl1bQpibGFja2hvbGU6IDJtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgo=", "description": "Detect palo alto threat with a severity higher or equal to medium", "author": "crowdsecurity", "labels": { "remediation": true } }, "crowdsecurity/pfsense-gui-bf": { "path": "scenarios/crowdsecurity/pfsense-gui-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b23ed9edafd3b8cea053d4286abfc2513d53c54904e7348b4fc1bf24e9e3a77d", "deprecated": false }, "0.2": { "digest": "07019c43c3bbd31e077d12c85aea855332e6891db2605bae00a481dacf17826f", "deprecated": false } }, "long_description": "IyMgcGZTZW5zZSB3ZWIgcG9ydGFsIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgpEZXRlY3RzIGJydXRlZm9yY2UgYXR0ZW1wdHMgb24gdGhlIHBmU2Vuc2Ugd2ViIHBvcnRhbCA6CiAtIG1vcmUgdGhhbiA1IGF0dGVtcHRzCiAtIDEwIHNlY29uZHMgYmV0d2VlbiBlYWNoCgoK", "content": "IyBwZnNlbnNlIHdlYiBhdXRoIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBvbiBwZnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3Bmc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJwZlNlbnNlIEdVSSBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IHBmc2Vuc2UK", "description": "Detect bruteforce on pfsense web interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "pfSense GUI Bruteforce", "remediation": true, "service": "pfsense", "spoofable": 0 } }, "crowdsecurity/pgsql-bf": { "path": "scenarios/crowdsecurity/pgsql-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d2b7d3aa914ba9204f320e15301207c0fb5ea54aae57481bcbcd410cd81629bd", "deprecated": false }, "0.2": { "digest": "133fed2f8b3d0479817fcc3e0991a872ef5199adb73f5530220d10bccc6c0df0", "deprecated": false } }, "long_description": "RGV0ZWN0IHNldmVyYWwgZmFpbGVkIHBvc3RncmVzcWwgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQo=", "content": "IyBwZ3NxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L3Bnc3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFBnU1FMIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3Bnc3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHBnc3FsCiByZW1lZGlhdGlvbjogdHJ1ZQogY29uZmlkZW5jZTogMwogc3Bvb2ZhYmxlOiAwCiBjbGFzc2lmaWNhdGlvbjoKICAtIGF0dGFjay5UMTExMAogYmVoYXZpb3I6ICJkYXRhYmFzZTpicnV0ZWZvcmNlIgogbGFiZWw6ICJQb3N0Z3JlcyBCcnV0ZWZvcmNlIgo=", "description": "Detect PgSQL bruteforce", "author": "crowdsecurity", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Postgres Bruteforce", "remediation": true, "service": "pgsql", "spoofable": 0 } }, "crowdsecurity/pgsql-user-enum": { "path": "scenarios/crowdsecurity/pgsql-user-enum.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b9947e219aed3c267b0fa8ca4805d840a3ebf5ee1f0bf978cebb0f711e21336d", "deprecated": false }, "0.2": { "digest": "d85a0ac7af5f8d9b0e3678ff8f48c8524ce0a8a5f86ac94961d989afc2ee912a", "deprecated": false } }, "long_description": "RGV0ZWN0cyBhdHRlbXB0cyB0byBlbnVtZXJhdGUgcG9zdGdyZXNxbCB1c2VycwoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wZ3NxbC11c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgcG9zdGdyZXNxbCB1c2VyIGVudW1lcmF0aW9uIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdwZ3NxbF9mYWlsZWRfYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VyCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogc2VydmljZTogcGdzcWwKIHJlbWVkaWF0aW9uOiB0cnVlCiBjb25maWRlbmNlOiAzCiBzcG9vZmFibGU6IDAKIGNsYXNzaWZpY2F0aW9uOgogIC0gYXR0YWNrLlQxMTEwCiAgLSBhdHRhY2suVDE1ODkKIGJlaGF2aW9yOiAiZGF0YWJhc2U6YnJ1dGVmb3JjZSIKIGxhYmVsOiAiUG9zdGdyZXMgQnJ1dGVmb3JjZSI=", "description": "Detect postgresql user enumeration", "author": "crowdsecurity", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110", "attack.T1589" ], "confidence": 3, "label": "Postgres Bruteforce", "remediation": true, "service": "pgsql", "spoofable": 0 } }, "crowdsecurity/postfix-spam": { "path": "scenarios/crowdsecurity/postfix-spam.yaml", "version": "0.4", "versions": { "0.1": { "digest": "03876677d3fe37bdc9ad584cb015e3f0b648266450b2b494a40e1863d5a64d8a", "deprecated": false }, "0.2": { "digest": "b36d95dc5ba9cb45c8cbb1a3d37bd19d929ed387f3d7ec386b4e9e041d0bbd8e", "deprecated": false }, "0.3": { "digest": "a423cda10b76d41849ee9cb120f8a9c6aeb90afbd63fc9251966704a4878197f", "deprecated": false }, "0.4": { "digest": "6fcda4316cfd2284cfa778270fe33e4c825dce8c49d2ee166b8f01550fb8f1ae", "deprecated": false } }, "long_description": "Q29udGFpbnMgbXVsdGlwbGUgc2NlbmFyaW9zOgoKLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbTogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdCAobGVha3NwZWVkIG9mIDEwcyB3aXRoIGEgY2FwYWNpdHkgb2YgNSkKLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tcmJsOiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0IChjYXBhY2l0eSBvZiAwKQoK", "content": "IyBwb3N0Zml4IHNwYW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlX2VuaCA9PSAnc3BhbS1hdHRlbXB0JyB8fCBldnQuTWV0YS5sb2dfdHlwZSA9PSAncG9zdGZpeCcgJiYgZXZ0Lk1ldGEuYWN0aW9uID09ICdyZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKICBzZXJ2aWNlOiBwb3N0Zml4CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJzbXRwOnNwYW0iCiAgbGFiZWw6ICJQb3N0Zml4IFNwYW0iCi0tLQojIHBvc3RmaXggc3BhbQp0eXBlOiB0cmlnZ2VyCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdHNjcmVlbi1yYmwKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ3Bvc3RzY3JlZW4nICYmIGV2dC5NZXRhLnByZWdyZWV0ID09ICdQUkVHUkVFVCciCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKICBzZXJ2aWNlOiBwb3N0c2NyZWVuCiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJzbXRwOnNwYW0iCiAgbGFiZWw6ICJQb3N0Zml4IFNwYW0iCg==", "description": "Detect spammers", "author": "crowdsecurity", "references": [ "https://en.wikipedia.org/wiki/Spamming" ], "labels": { "behavior": "smtp:spam", "confidence": 3, "label": "Postfix Spam", "remediation": true, "service": "postfix", "spoofable": 0 } }, "crowdsecurity/proftpd-bf": { "path": "scenarios/crowdsecurity/proftpd-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f241fba9f1ffeb3cdf376bb7cfee0ecf804ba5d8709cfb5defbc973a11c751a5", "deprecated": false }, "0.2": { "digest": "a77e311aad794a2f70e838e1b3b4017448af74511e9acc6b154052294fa87b38", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwcm9mdHBkIGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXI=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHByb2Z0cGQgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2Z0cF9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHByb2Z0cGQKIHJlbWVkaWF0aW9uOiB0cnVlCiBjb25maWRlbmNlOiAzCiBzcG9vZmFibGU6IDAKIGNsYXNzaWZpY2F0aW9uOgogIC0gYXR0YWNrLlQxMTEwCiBiZWhhdmlvcjogImZ0cDpicnV0ZWZvcmNlIgogbGFiZWw6ICJQcm9mdHBkIEJydXRlZm9yY2UiCg==", "description": "Detect proftpd bruteforce", "author": "crowdsecurity", "labels": { "behavior": "ftp:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Proftpd Bruteforce", "remediation": true, "service": "proftpd", "spoofable": 0 } }, "crowdsecurity/proftpd-bf_user-enum": { "path": "scenarios/crowdsecurity/proftpd-bf_user-enum.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7e3b3f8d050805afce54785fe1e9eba40a6a040faf9e19e8ba40d466c3b14814", "deprecated": false }, "0.2": { "digest": "79eb461691ff5555246915d3fdc668239ce988ea02e8b2ce62cf34d80bfdb3d6", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wcm9mdHBkLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBwcm9mdHBkIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBwcm9mdHBkCiByZW1lZGlhdGlvbjogdHJ1ZQogY29uZmlkZW5jZTogMwogc3Bvb2ZhYmxlOiAwCiBjbGFzc2lmaWNhdGlvbjoKICAtIGF0dGFjay5UMTExMAogIC0gYXR0YWNrLlQxMTkwCiBiZWhhdmlvcjogImZ0cDpicnV0ZWZvcmNlIgogbGFiZWw6ICJQcm9mdHBkIEJydXRlZm9yY2UiCg==", "description": "Detect proftpd user enum bruteforce", "author": "crowdsecurity", "labels": { "behavior": "ftp:bruteforce", "classification": [ "attack.T1110", "attack.T1190" ], "confidence": 3, "label": "Proftpd Bruteforce", "remediation": true, "service": "proftpd", "spoofable": 0 } }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "path": "scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml", "version": "0.3", "versions": { "0.1": { "digest": "bab1d5aa6ee0f6677d73c70438324006f4ed0780de90891a8586030319dc1d08", "deprecated": false }, "0.2": { "digest": "9226dd76fd3e818b3a6d4a1770437e1a41a2014e082cde2a788244b50fb83889", "deprecated": false }, "0.3": { "digest": "7807f49e188dc01411c027897f4b608fb5b58d621a175b6ba934b76b214664da", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3B1bHNlLXNlY3VyZS1zc2x2cG4tY3ZlLTIwMTktMTE1MTAKZGVzY3JpcHRpb246ICJEZXRlY3QgY3ZlLTIwMTktMTE1MTAgZXhwbG9pdGF0aW9uIGF0dGVtcHMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgbWF0Y2hlcyBVcHBlcignL2RhbmEtbmEvLi4vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvLi4vLi4vLi4vLi4vLi4vLi4vLi4vW14/XStcXD8vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvJykKICAgIG9yCiAgICBVcHBlcihldnQuTWV0YS5odHRwX3BhdGgpIG1hdGNoZXMgVXBwZXIoJy9kYW5hLW5hLyUyRSUyRS9kYW5hL2h0bWw1YWNjL2d1YWNhbW9sZS8lMkUlMkUvJTJFJTJFLyUyRSUyRS8lMkUlMkUvJTJFJTJFLyUyRSUyRS8lMkUlMkUvW14/XStcXD8vZGFuYS9odG1sNWFjYy9ndWFjYW1vbGUvJykpCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDE5LTExNTEwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTAiCiAgc2VydmljZTogcHVsc2Utc2VjdXJlCg==", "description": "Detect cve-2019-11510 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "cve.CVE-2019-11510" ], "confidence": 3, "label": "Pulse Secure CVE-2019-11510", "remediation": true, "service": "pulse-secure", "spoofable": 0 } }, "crowdsecurity/smb-bf": { "path": "scenarios/crowdsecurity/smb-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ee7fea38f0a67bde1aae3979cf0579da03da5adf4e69826f12a82c74b812e9d6", "deprecated": false }, "0.2": { "digest": "a751e12a752fe652203deeb380e276a38258252296e26c27f6ccaeff038357f9", "deprecated": false } }, "long_description": "dHJhY2tzIGZhaWxlZCBzYW1iYSBhdXRoZW50aWNhdGlvbnMuCg==", "content": "IyBzbWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NtYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbWIgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc21iX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHNtYgogcmVtZWRpYXRpb246IHRydWUKIGNvbmZpZGVuY2U6IDMKIHNwb29mYWJsZTogMAogY2xhc3NpZmljYXRpb246CiAgLSBhdHRhY2suVDExMTAKIGJlaGF2aW9yOiAic21iOmJydXRlZm9yY2UiCiBsYWJlbDogIlNNQiBCcnV0ZWZvcmNlIg==", "description": "Detect smb bruteforce", "author": "crowdsecurity", "labels": { "behavior": "smb:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SMB Bruteforce", "remediation": true, "service": "smb", "spoofable": 0 } }, "crowdsecurity/spring4shell_cve-2022-22965": { "path": "scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml", "version": "0.3", "versions": { "0.1": { "digest": "b16993a7d1fe816230f0fef23e11736019a67a7fa64c5a5cc25e15589764cdcf", "deprecated": false }, "0.2": { "digest": "4e03166936f61abd0711167960b06bff7dbffb37b0642ab2a6cba6eb9da9ee98", "deprecated": false }, "0.3": { "digest": "c304e9bd45fb6dc79782d2e12f5e4cf646bd984178a0414ecd6c59162ba15cee", "deprecated": false } }, "long_description": "RGV0ZWN0IHByb2JpbmcgZm9yIGN2ZS0yMDIyLTIyOTY1IGFrYSAnc3ByaW5nNHNoZWxsJy4KCkFzIHVzdWFsLCBzbWFydCBhdHRhY2tlcnMgbWlnaHQgYnlwYXNzIHRoZSBzaWduYXR1cmUuIFRoZSBwYXR0ZXJuIGl0c2VsZiBpcyBpbnNwaXJlZCBieSA6CiAtIFtTcHJpbmcgRnJhbWV3b3JrIFJDRSAoQ1ZFLTIwMjItMjI5NjUpIE5tYXAgKE5TRSkgQ2hlY2tlcl0oaHR0cHM6Ly9naXRodWIuY29tL2FsdDNreC9DVkUtMjAyMi0yMjk2NSkKIC0gW1JhbmRvcmldKGh0dHBzOi8vdHdpdHRlci5jb20vUmFuZG9yaUF0dGFjay9zdGF0dXMvMTUwOTI5ODQ5MDEwNjU5MzI4MykKIC0gW1phcCBEZXRlY3Rpb25dKGh0dHBzOi8vd3d3LnphcHJveHkub3JnL2Jsb2cvMjAyMi0wNC0wNC1zcHJpbmc0c2hlbGwtZGV0ZWN0aW9uLXdpdGgtemFwLykKCg==", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3NwcmluZzRzaGVsbF9jdmUtMjAyMi0yMjk2NQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdmUtMjAyMi0yMjk2NSBwcm9iaW5nIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgJ0NMQVNTLk1PRFVMRS5DTEFTU0xPQURFUi4nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMi0yMjk2NQogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiU3ByaW5nNHNoZWxsIENWRS0yMDIyLTIyOTY1IgogIHNlcnZpY2U6IHNwcmluZwo=", "description": "Detect cve-2022-22965 probing", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "cve.CVE-2022-22965" ], "confidence": 3, "label": "Spring4shell CVE-2022-22965", "remediation": true, "service": "spring", "spoofable": 0 } }, "crowdsecurity/ssh-bf": { "path": "scenarios/crowdsecurity/ssh-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", "deprecated": false }, "0.2": { "digest": "94b1d6f04e9119ea1adb7fc70017fd108cede97bddbaf50b0b2bebdcc887ea28", "deprecated": false }, "0.3": { "digest": "242f36684d66bbae3044e576b7cfffef62d5323465f3f74f87923167c6d93356", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==", "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiU1NIIEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBzc2ggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNTSCBVc2VyIEVudW1lcmF0aW9uIgo=", "description": "Detect ssh bruteforce", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SSH Bruteforce", "remediation": true, "service": "ssh", "spoofable": 0 } }, "crowdsecurity/ssh-slow-bf": { "path": "scenarios/crowdsecurity/ssh-slow-bf.yaml", "version": "0.4", "versions": { "0.1": { "digest": "1b910bf7af59dab8dfbba8a735aafb3e4871d1237b29d56f53d7c0eece0381cf", "deprecated": false }, "0.2": { "digest": "48665e6f7f4f0af7a47c7e81b0550c86f111e79c0a80d90290e560846beb4008", "deprecated": false }, "0.3": { "digest": "313b1dc11a05f8beb6718cdeefe79866122eca26394efe2b814d5d2e15c28f4d", "deprecated": false }, "0.4": { "digest": "892f9a153c4dafb5392ba40d70616e88896571be8f4cc00996e7f5e8277c869e", "deprecated": false } }, "long_description": "RGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwIG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCiAK", "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogInNzaDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiU1NIIFNsb3cgQnJ1dGVmb3JjZSIKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBzbG93IHNzaCB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc3NoX2ZhaWxlZC1hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogNjBzCmNhcGFjaXR5OiAxMApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNTSCBTbG93IFVzZXIgRW51bWVyYXRpb24iCg==", "description": "Detect slow ssh bruteforce", "author": "crowdsecurity", "references": [ "http://wikipedia.com/ssh-bf-is-bad" ], "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SSH Slow Bruteforce", "remediation": true, "service": "ssh", "spoofable": 0 } }, "crowdsecurity/suricata-alerts": { "path": "scenarios/crowdsecurity/suricata-alerts.yaml", "version": "0.4", "versions": { "0.1": { "digest": "dca94f89e6df928e3d8924f9e1a012bf9c20bb9f8370c6e2c588d93da4e02e27", "deprecated": false }, "0.2": { "digest": "5ac0f4c98c5b01ac2114ecc41a27be942201f687ad242b00e73c571ef6ac98d3", "deprecated": false }, "0.3": { "digest": "ccef8952af2cb7931773dfee72eb8f7f65c476b7c5d4c8b5bfd3553b301992ac", "deprecated": false }, "0.4": { "digest": "f91dbdceb8b96904b6b87c9d23544df6021b5bb72b43b93a754afbf6bc19c89b", "deprecated": false } }, "long_description": "IyMgU3VyaWNhdGEgc2NlbmFyaW9zCgpBdXRvbWF0aWNhbGx5IHJlYWN0IHRvIGhpZ2ggc2V2ZXJpdHkgYWxlcnRzIGdlbmVyYXRlZCBieSB5b3VyIFN1cmljYXRhIDoKIC0gdHJpZ2dlciBiYW4gb24gKk1ham9yKiAoc2V2ZXJpdHk6MSkgcnVsZXMKIC0gdHJpZ2dlciBiYW4gb24gPjIgKipkaXN0aW5jdCoqIHJ1bGVzIG9mIHNldmVyaXR5IDIKCgo=", "content": "IyBmb3IgbWF4ICgxKSBwcmlvcml0eSA6IGtpbGwgb24gc2lnaHQKdHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLW1ham9yLXNldmVyaXR5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXQgYXR0ZW1wdHMgdmlhIGVtZXJnaW5nIHRocmVhdCBydWxlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3N1cmljYXRhX2FsZXJ0JyAmJiBldnQuUGFyc2VkLnByb3RvID09ICdUQ1AnICYmIGV2dC5NZXRhLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkgPT0gJzEnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHN1cmljYXRhCiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAyCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBhdHRhY2suVDE1OTUKICBiZWhhdmlvcjogImdlbmVyaWM6ZXhwbG9pdCIKICBsYWJlbDogIlN1cmljYXRhIFNldmVyaXR5IDEgRXZlbnQiCgotLS0KIyBmb3IgbG93ZXIgKDIpIHByaW9yaXR5IDogd2FpdCBmb3IgPj0zIGRpZmZlcmVudCBzaWduYXR1cmVzIGJlaW5nIHRyaWdnZXJlZAojIHdlIGludGVudGlvbmFsbHkgYXZvaWQgc2NlbmFyaW9zIG9uIHByaW9yaXR5IDMgYW5kIHN1Y2ggdGhhdCBhcmUgdG9vIHNlbnNpdGl2ZSB0byBmYWxzZSBwb3NpdGl2ZXMKdHlwZTogbGVha3kKY2FwYWNpdHk6IDIKbGVha3NwZWVkOiAyMHMKZGlzdGluY3Q6IGV2dC5NZXRhLnN1cmljYXRhX2FsZXJ0X3NpZ25hdHVyZV9pZApuYW1lOiBjcm93ZHNlY3VyaXR5L3N1cmljYXRhLWhpZ2gtbWVkaXVtLXNldmVyaXR5CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXQgYXR0ZW1wdHMgdmlhIGVtZXJnaW5nIHRocmVhdCBydWxlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3N1cmljYXRhX2FsZXJ0JyAmJiBldnQuUGFyc2VkLnByb3RvID09ICdUQ1AnICYmIGV2dC5NZXRhLnN1cmljYXRhX3J1bGVfc2V2ZXJpdHkgPT0gJzInIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHN1cmljYXRhCiAgY29uZmlkZW5jZTogMgogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJnZW5lcmljOmV4cGxvaXQiCiAgbGFiZWw6ICJTdXJpY2F0YSBTZXZlcml0eSAyIEV2ZW50Igo=", "description": "Detect exploit attempts via emerging threat rules", "author": "crowdsecurity", "references": [ "http://rules.emergingthreats.net/" ], "labels": { "behavior": "generic:exploit", "classification": [ "attack.T1190", "attack.T1595" ], "confidence": 2, "label": "Suricata Severity 1 Event", "remediation": true, "service": "suricata", "spoofable": 0 } }, "crowdsecurity/synology-dsm-bf": { "path": "scenarios/crowdsecurity/synology-dsm-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8d70f3ab754d69ce9c10fb668bf3fb6bf9f02dca26e577c6c8b0c10731b0c442", "deprecated": false }, "0.2": { "digest": "8e89ba870ba373ddc4bc2f745cb08dcf6666035a17bfa5043906158c160f93af", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IFN5bm9sb2d5IERTTSBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUK", "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3N5bm9sb2d5LWRzbS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBTeW5vbG9neSBEU00gd2ViIGF1dGggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3N5bm9sb2d5LWRzbV9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHN5bm9sb2d5X2RzbQogcmVtZWRpYXRpb246IHRydWUKIGNvbmZpZGVuY2U6IDMKIHNwb29mYWJsZTogMAogY2xhc3NpZmljYXRpb246CiAgLSBhdHRhY2suVDExMTAKIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogbGFiZWw6ICJTeW5vbG9neSBEU00gQnJ1dGVmb3JjZSI=", "description": "Detect Synology DSM web auth bruteforce", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Synology DSM Bruteforce", "remediation": true, "service": "synology_dsm", "spoofable": 0 } }, "crowdsecurity/teamspeak3-bf": { "path": "scenarios/crowdsecurity/teamspeak3-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6a6f6a1c73fed4a1ccb9745e42614bc693b975f2eabb31b7c9ac2ede9568b166", "deprecated": false }, "0.2": { "digest": "fe7bc25db10780c851f053e8b388b734a7c8d929412b730d3256ab700f56368d", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IHRlYW1zcGVhazMgYnJ1dGVmb3JjZSBhdHRhY2suCgojIyMgUnVsZQoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMgo=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWFtc3BlYWszLWJmCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHRlYW1zcGVhazMgc2VydmVyIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RzM19mYWlsX2F1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogMgpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IHRlYW1zcGVhazMKICB0eXBlOiBicnV0ZWZvcmNlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiZ2VuZXJpYzpicnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDIKICBsYWJlbDogIlRlYW1TcGVhazMgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "detect teamspeak3 server bruteforce", "author": "crowdsecurity", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 2, "label": "TeamSpeak3 Bruteforce", "remediation": true, "service": "teamspeak3", "spoofable": 0, "type": "bruteforce" } }, "crowdsecurity/teleport-bf": { "path": "scenarios/crowdsecurity/teleport-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "cfc359efcdedb98f82d200cea373d98de3ba94993b6cbd0f784df53134d0b428", "deprecated": false } }, "long_description": "U2NlbmFyaW9zIHRvIGRldGVjdCB0ZWxlcG9ydCBhdXRoZW50aWNhdGlvbiBicnV0ZWZvcmNlIGF0dGFja3Mu", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxlcG9ydC1iZgpkZXNjcmlwdGlvbjogImRldGVjdCB0ZWxlcG9ydCBicnV0ZWZvcmNlIgpmaWx0ZXI6IHwgCiAgZXZ0Lk1ldGEuc2VydmljZSA9PSAndGVsZXBvcnQnICYmCiAgZXZ0Lk1ldGEuc3ViX3R5cGUgaW4gWydhdXRoJywgJ3VzZXIubG9naW4nXSAmJgogIGV2dC5NZXRhLnN1Y2Nlc3MgPT0gJ2ZhbHNlJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAiMTBzIgpibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHRlbGVwb3J0CiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQogY29uZmlkZW5jZTogMwogc3Bvb2ZhYmxlOiAwCiBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiBsYWJlbDogIlRlbGVwb3J0IEJydXRlZm9yY2UiCiBiZWhhdmlvcjogInRlbGVwb3J0OmJydXRlZm9yY2UiCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3RlbGVwb3J0LXNsb3ctYmYKZGVzY3JpcHRpb246ICJkZXRlY3Qgc2xvdyB0ZWxlcG9ydCBicnV0ZWZvcmNlIgpmaWx0ZXI6IHwgCiAgZXZ0Lk1ldGEuc2VydmljZSA9PSAndGVsZXBvcnQnICYmCiAgZXZ0Lk1ldGEuc3ViX3R5cGUgaW4gWydhdXRoJywgJ3VzZXIubG9naW4nXSAmJgogIGV2dC5NZXRhLnN1Y2Nlc3MgPT0gJ2ZhbHNlJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDEwCmxlYWtzcGVlZDogMW0KYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0ZWxlcG9ydAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKIGNvbmZpZGVuY2U6IDMKIHNwb29mYWJsZTogMAogY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogbGFiZWw6ICJUZWxlcG9ydCBCcnV0ZWZvcmNlIgogYmVoYXZpb3I6ICJ0ZWxlcG9ydDpicnV0ZWZvcmNlIg==", "description": "detect teleport bruteforce", "author": "crowdsecurity", "labels": { "behavior": "teleport:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Teleport Bruteforce", "remediation": true, "service": "teleport", "spoofable": 0, "type": "bruteforce" } }, "crowdsecurity/telnet-bf": { "path": "scenarios/crowdsecurity/telnet-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "fd1769c247b352916a0400c33668b315a6d7a0ab8e672f339b00d9de2df71229", "deprecated": false }, "0.2": { "digest": "3e21b4bdaba0abd031f17f4ee8c0e661695e463681892b71ff6333b92673c4a1", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IFRlbG5ldCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxuZXQtYmYKZGVzY3JpcHRpb246ICJkZXRlY3QgdGVsbmV0IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RlbG5ldF9uZXdfc2Vzc2lvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogdGVsbmV0CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogInRlbG5ldDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiVGVsbmV0IEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "detect telnet bruteforce", "author": "crowdsecurity", "labels": { "behavior": "telnet:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Telnet Bruteforce", "remediation": true, "service": "telnet", "spoofable": 0 } }, "crowdsecurity/thehive-bf": { "path": "scenarios/crowdsecurity/thehive-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "6a8e5ab92bdc2087dffb2702d9990a7c974654ce88db63a3b7f4a40b3af75790", "deprecated": false }, "0.2": { "digest": "a082bd5622ebf06280de10cdd126699b8d53f8ca002085e4113d3ea174597e9a", "deprecated": false }, "0.3": { "digest": "ef76556198a2c9c72636092cfac1ca8a604f905a372e923fa57fcc467e5e66fe", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBUaGVoaXZlIGF1dGhlbnRpY2F0aW9uczoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgZnJvbSBzYW1lIElQ", "content": "dHlwZTogbGVha3kKZGVidWc6IGZhbHNlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGhlaGl2ZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIFRoZWhpdmUgd2ViIGludGVyZmFjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAndGhlaGl2ZV9mYWlsZWRfYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJUaGUgSGl2ZSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect bruteforce on Thehive web interface", "author": "crowdsecurity", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "The Hive Bruteforce", "remediation": true, "service": "http", "spoofable": 0 } }, "crowdsecurity/thinkphp-cve-2018-20062": { "path": "scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml", "version": "0.6", "versions": { "0.1": { "digest": "bf76bbd0e78be17642a4ea0d8c080ae72b43075fa74ba77990aac602285c1857", "deprecated": false }, "0.2": { "digest": "abb7a26fc4cd630c545738b3cf43d36439526eec9c5a25668f434c1cf9f0320b", "deprecated": false }, "0.3": { "digest": "1cc85df2f1e642e83ec20e0197777795b82ff076842c6b169a8a7b1e4687de3a", "deprecated": false }, "0.4": { "digest": "a7d01cde79e669479f49160d5c122898ee88e14ac07d27d232b9b14ac839d5d5", "deprecated": false }, "0.5": { "digest": "e91ada2fdadd6e70b1feceb4977e4830fdcc811e0ace9cf3f6055cacc5943e8d", "deprecated": false }, "0.6": { "digest": "3a3596ed6734fc879a1d93c5b9e9b69906140fc68223578d72d31f07c2e1640f", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS90aGlua3BocC1jdmUtMjAxOC0yMDA2MgpkZXNjcmlwdGlvbjogIkRldGVjdCBUaGlua1BIUCBDVkUtMjAxOC0yMDA2MiBleHBsb2l0YXRpb24gYXR0ZW1wcyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSBhbmQgUmVnZXhwSW5GaWxlKExvd2VyKGV2dC5NZXRhLmh0dHBfcGF0aCksICJ0aGlua3BocF9jdmVfMjAxOC0yMDA2Mi50eHQiKQpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3RoaW5rcGhwX2N2ZV8yMDE4LTIwMDYyLnR4dAogICAgZGVzdF9maWxlOiB0aGlua3BocF9jdmVfMjAxOC0yMDA2Mi50eHQKICAgIHR5cGU6IHJlZ2V4cAogICAgc3RyYXRlZ3k6IExSVQogICAgc2l6ZTogMjAKICAgIHR0bDogMTBzCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBjdmUuQ1ZFLTIwMTgtMjAwNjIKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIlRoaW5rUEhQIENWRS0yMDE4LTIwMDYyIgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogdGhpbmtwaHAK", "description": "Detect ThinkPHP CVE-2018-20062 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2018-20062" ], "confidence": 3, "label": "ThinkPHP CVE-2018-20062", "remediation": true, "service": "thinkphp", "spoofable": 0 } }, "crowdsecurity/vmware-cve-2022-22954": { "path": "scenarios/crowdsecurity/vmware-cve-2022-22954.yaml", "version": "0.3", "versions": { "0.1": { "digest": "a5d994d73edec1ea334d09cd057193163a32527797f9556774f167bda1593616", "deprecated": false }, "0.2": { "digest": "d26a37b84b843dba6a0266d54f754438b875fa8bc62de6ddd7d9d2d5d1eba07c", "deprecated": false }, "0.3": { "digest": "4970a46baaef676bd66166bbeedd764df53cc0b81f6a15812e5b231953b6314a", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBWbXdhcmUgQ1ZFLTIwMjItMjI5NTQKClJlZjogaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwKUG9jOiBodHRwczovL2dpdGh1Yi5jb20vc2hlcmxvY2tzZWN1cml0eS9WTXdhcmUtQ1ZFLTIwMjItMjI5NTQ=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3Ztd2FyZS1jdmUtMjAyMi0yMjk1NApkZXNjcmlwdGlvbjogIkRldGVjdCBWbXdhcmUgQ1ZFLTIwMjItMjI5NTQgZXhwbG9pdGF0aW9uIGF0dGVtcHRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIFVwcGVyKFF1ZXJ5VW5lc2NhcGUoZXZ0Lk1ldGEuaHR0cF9wYXRoKSkgc3RhcnRzV2l0aCBVcHBlcignL2NhdGFsb2ctcG9ydGFsL3VpL29hdXRoL3ZlcmlmeT9lcnJvcj0mZGV2aWNlVWRpZD0keyJmcmVlbWFya2VyLnRlbXBsYXRlLnV0aWxpdHkuRXhlY3V0ZSI/bmV3KCkoJykKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMi0yMjk1NAogIGJlaGF2aW9yOiAidm0tbWFuYWdlbWVudDpleHBsb2l0IgogIGxhYmVsOiAiVk1XQVJFIENWRS0yMDIyLTIyOTU0IgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogdm13YXJlCg==", "description": "Detect Vmware CVE-2022-22954 exploitation attempts", "author": "crowdsecurity", "labels": { "behavior": "vm-management:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2022-22954" ], "confidence": 3, "label": "VMWARE CVE-2022-22954", "remediation": true, "service": "vmware", "spoofable": 0 } }, "crowdsecurity/vmware-vcenter-vmsa-2021-0027": { "path": "scenarios/crowdsecurity/vmware-vcenter-vmsa-2021-0027.yaml", "version": "0.2", "versions": { "0.1": { "digest": "4d497542fa056c82b0089b7849ce686544b8ae9775f6dffddd6ac5074ec5964b", "deprecated": false }, "0.2": { "digest": "f4d75dc60a53e0a98cf3af39207c52de14a7aeb4571eb15234e881aea5793064", "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBWTVNBLTIwMjEtMDAyNwoKUmVmOiBodHRwczovL3d3dy52bXdhcmUuY29tL3NlY3VyaXR5L2Fkdmlzb3JpZXMvVk1TQS0yMDIxLTAwMjcuaHRtbAo=", "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L3Ztd2FyZS12Y2VudGVyLXZtc2EtMjAyMS0wMDI3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFZNU0EtMjAyMS0wMDI3IGV4cGxvaXRhdGlvbiBhdHRlbXBzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBtYXRjaGVzICcvdWkvdmNhdi1ib290c3RyYXAvcmVzdC92Y2F2LXByb3ZpZGVycy9wcm92aWRlci1sb2dvXFw/dXJsPShmaWxlfGh0dHApJwpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gY3ZlLkNWRS0yMDIxLTAwMjcKICBiZWhhdmlvcjogInZtLW1hbmFnZW1lbnQ6ZXhwbG9pdCIKICBsYWJlbDogIlZNV0FSRSBWQ2VudGVyIFZNU0EgQ1ZFLTIwMjEtMDAyNyIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IHZtd2FyZQo=", "description": "Detect VMSA-2021-0027 exploitation attemps", "author": "crowdsecurity", "labels": { "behavior": "vm-management:exploit", "classification": [ "attack.T1190", "attack.T1595", "cve.CVE-2021-0027" ], "confidence": 3, "label": "VMWARE VCenter VMSA CVE-2021-0027", "remediation": true, "service": "vmware", "spoofable": 0 } }, "crowdsecurity/vsftpd-bf": { "path": "scenarios/crowdsecurity/vsftpd-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1", "deprecated": false }, "0.2": { "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91", "deprecated": false } }, "long_description": "IyMgRGV0ZWN0IEZUUCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdnNmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEZUUCBicnV0ZWZvcmNlICh2c2Z0cGQpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJmdHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlZTRlRQRCBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgc2VydmljZTogdnNmdHBkCg==", "description": "Detect FTP bruteforce (vsftpd)", "author": "crowdsecurity", "labels": { "behavior": "ftp:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0 } }, "crowdsecurity/windows-CVE-2022-30190-msdt": { "path": "scenarios/crowdsecurity/windows-CVE-2022-30190-msdt.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6cac369ca1553245cf9a837275492822387a43a0a4f138560dfdda208def1103", "deprecated": false }, "0.2": { "digest": "2e41d1c94e7af7e2cdb8eb0c22152a44f320b9e7ef00b6604b3f77977e86f3ed", "deprecated": false } }, "long_description": "VGhpcyBzY2VuYXJpbyBkZXRlY3RzIHNvbWUgYXR0ZW1wdHMgYXQgZXhwbG9pdGluZyBbQ1ZFLTIwMjItMzAxOTBdKGh0dHBzOi8vbXNyYy1ibG9nLm1pY3Jvc29mdC5jb20vMjAyMi8wNS8zMC9ndWlkYW5jZS1mb3ItY3ZlLTIwMjItMzAxOTAtbWljcm9zb2Z0LXN1cHBvcnQtZGlhZ25vc3RpYy10b29sLXZ1bG5lcmFiaWxpdHkvKSBvbiBXaW5kb3dzLgoKSXQgZG9lcyBzbyBieSBwYXJzaW5nIHN5c21vbiBsb2dzLCBtb3JlIHNwZWNpZmljYWxseSB0aGUgb25lIHdpdGggZXZlbnQgSUQgMSAocHJvY2VzcyBjcmVhdGlvbikuCgpUaGlzIG1lYW5zIHRoYXQgeW91IG5lZWQgYSB3b3JraW5nIHN5c21vbiBpbnN0YWxsYXRpb24gdG8gYmUgYWJsZSB0byB1c2UgdGhpcyBzY2VuYXJpby4g", "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTMwMTkwLW1zZHQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItMzAxOTAgZnJvbSBzeXNtb24gZXZlbnRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5zZXJ2aWNlID09ICdzeXNtb24nICYmIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMScgJiYgCiAgVXBwZXIoZXZ0LlBhcnNlZC5JbWFnZSkgZW5kc1dpdGggJ01TRFQuRVhFJyAmJiAKICBVcHBlcihldnQuUGFyc2VkLlBhcmVudEltYWdlKSBlbmRzV2l0aCAnV0lOV09SRC5FWEUnICYmCiAgKFVwcGVyKGV2dC5QYXJzZWQuQ29tbWFuZExpbmUpIGNvbnRhaW5zICdQQ1dESUFHTk9TVElDJyAmJiBVcHBlcihldnQuUGFyc2VkLkNvbW1hbmRMaW5lKSBjb250YWlucyAnSVRfUkVCUk9XU0VGT1JGSUxFJyAmJiBVcHBlcihldnQuUGFyc2VkLkNvbW1hbmRMaW5lKSBjb250YWlucyAnSVRfQlJPV1NFRk9SRklMRScpCmxhYmVsczoKICB0eXBlOiByY2UKICBub3RpZmljYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA1OQogICAgLSBhdHRhY2suVDEyMDMKICAgIC0gY3ZlLkNWRS0yMDIyLTMwMTkwCiAgYmVoYXZpb3JzOiAid2luZG93czpyY2UiCiAgbGFiZWw6ICJDVkUtMjAyMi0zMDE5MCIKICBzZXJ2aWNlOiB3aW5kb3dzCnNjb3BlOgogIHR5cGU6IHVzZXJfYWNjb3VudAogIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuVXNlcgo=", "description": "Detect CVE-2022-30190 from sysmon events", "author": "crowdsecurity", "labels": { "behaviors": "windows:rce", "classification": [ "attack.T1059", "attack.T1203", "cve.CVE-2022-30190" ], "confidence": 3, "label": "CVE-2022-30190", "notification": true, "service": "windows", "spoofable": 0, "type": "rce" } }, "crowdsecurity/windows-bf": { "path": "scenarios/crowdsecurity/windows-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8bab4995597e6a72e87131cd681ed6023c90cc805c3ee824bfbce1725e67fdd8", "deprecated": false }, "0.2": { "digest": "d90b8a59f018321a1571744836a05c7a1d1214902bede5b3122f0c66339ce155", "deprecated": false } }, "long_description": "RGV0ZWN0cyBCRiBhZ2FpbnN0IHNlcnZpY2VzIHVzaW5nIHdpbmRvd3MgYXV0aGVudGljYXRpb24gKFJEUCwgU01CLCBPV0EsIC4uLikuCgpCdWNrZXRzIGhhdmUgYSBjYXBhY2l0eSBvZiA1IGFuZCBhIGxlYWtzcGVlZCBvZiAxMHMu", "content": "IyB3aW5kb3dzIGF1dGggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3dpbmRvd3MtYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgd2luZG93cyBhdXRoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd3aW5kb3dzX2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJ3aW5kb3dzOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJXaW5kb3dzIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKICBzZXJ2aWNlOiB3aW5kb3dzCg==", "description": "Detect windows auth bruteforce", "author": "crowdsecurity", "labels": { "behavior": "windows:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Windows Bruteforce", "remediation": true, "service": "windows", "spoofable": 0 } }, "crowdsecurity/wireguard-auth": { "path": "scenarios/crowdsecurity/wireguard-auth.yaml", "version": "0.2", "versions": { "0.1": { "digest": "63d0813873be54c7fe419127eae9981713dadfca5e3514583d1ade1f20633d04", "deprecated": false }, "0.2": { "digest": "e2620820c7b1b14d80075ba0613da2c75462bd10597d9236cf434eba5386ad4e", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIGFnYWluc3QgYSB3aXJlZ3VhcmQgc2VydmVyLiBJdCB3aWxsIHBhcnNlIHRoZSB3aXJlZ3VhcmQgbG9nIGZpbGUgYW5kIGNvdW50IHRoZSBudW1iZXIgb2YgZmFpbGVkIGxvZ2luIGF0dGVtcHRzIHBlciBJUCBhZGRyZXNzLiBJZiB0aGUgbnVtYmVyIG9mIGZhaWxlZCBsb2dpbiBhdHRlbXB0cyBleGNlZWRzIHRoZSB0aHJlc2hvbGQsIHRoZSBJUCBhZGRyZXNzIHdpbGwgdHJpZ2dlciBhbiBhbGVydC4=", "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS93aXJlZ3VhcmQtYXV0aApkZXNjcmlwdGlvbjogIkRldGVjdHMgcmVqZWN0ZWQgY29ubmVjdGlvbnMgYXR0ZW1wdHMgYW5kIHVuYXV0aG9yaXplZCBwYWNrZXRzIHRocm91Z2ggd2lyZWd1YXJkIHR1bm5lbHMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICd3aXJlZ3VhcmRfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogMwpibGFja2hvbGU6IDFtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IHdpcmVndWFyZAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJXaXJlZ3VhcmQgQnJ1dGVmb3JjZSIKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIK", "description": "Detects rejected connections attempts and unauthorized packets through wireguard tunnels", "author": "crowdsecurity", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Wireguard Bruteforce", "remediation": true, "service": "wireguard", "spoofable": 0 } }, "darkclip/charon-ipsec-bf": { "path": "scenarios/darkclip/charon-ipsec-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "183e51751d76663ff636d1b64acae7ade0ac6995ec50ea77a09e573f9a61079e", "deprecated": false } }, "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIGF1dGhlbnRpY2F0aW9ucyBmb3IgQ2hhcm9uIElQc2VjIHNlcnZlci4KCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSBzb3VyY2U=", "content": "bmFtZTogZGFya2NsaXAvY2hhcm9uLWlwc2VjLWJmCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIkRldGVjdCBDaGFyb24gSVBzZWMgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2NoYXJvbl9pcHNlY19hdXRoX2ZhaWwnIgp0eXBlOiBsZWFreQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBjaGFyb25faXBzZWMKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGxhYmVsOiAiQ2hhcm9uIElQc2VjIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Charon IPsec bruteforce", "author": "darkclip", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Charon IPsec Bruteforce", "remediation": true, "service": "charon_ipsec", "spoofable": 0 } }, "darkclip/charon-ipsec-slow-bf": { "path": "scenarios/darkclip/charon-ipsec-slow-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "b91ab9160377e1a2396c593b054374c778cb6affadecdba952207fb1e9442fe0", "deprecated": false } }, "long_description": "RGV0ZWN0cyBzbG93IGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIGZvciBDaGFyb24gSVBzZWMgc2VydmVyLgoKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgb24gc2FtZSBzb3VyY2U=", "content": "bmFtZTogZGFya2NsaXAvY2hhcm9uLWlwc2VjLWJmCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIkRldGVjdCBDaGFyb24gSVBzZWMgc2xvdyBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnY2hhcm9uX2lwc2VjX2F1dGhfZmFpbCciCnR5cGU6IGxlYWt5Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApsZWFrc3BlZWQ6ICI2MHMiCmNhcGFjaXR5OiAxMApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBjaGFyb25faXBzZWMKICBiZWhhdmlvcjogImdlbmVyaWM6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGxhYmVsOiAiQ2hhcm9uIElQc2VjIFNsb3cgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Charon IPsec slow bruteforce", "author": "darkclip", "labels": { "behavior": "generic:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Charon IPsec Slow Bruteforce", "remediation": true, "service": "charon_ipsec", "spoofable": 0 } }, "firewallservices/lemonldap-ng-bf": { "path": "scenarios/firewallservices/lemonldap-ng-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "92ffa388cc0c79431a9014d6a384a84e7571d5e3445ff60d29792eb5d36307da", "deprecated": false }, "0.2": { "digest": "d27d2e0536ff663a0d5821598cf063be7c382946117116cf6335bf18258488a0", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBMZW1vbmxkYXA6Ok5HIGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMzBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDJtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBMZW1vbmxkYXA6Ok5HIGJydXRmb3JjZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9sZW1vbmxkYXAtbmctYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgTGVtb25sZGFwOjpORyBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2xsbmcnIGFuZCBldnQuTWV0YS5sb2dfdHlwZSA9PSAnbGxuZ19hdXRoX2ZhaWwnCmxlYWtzcGVlZDogMzBzCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogbGRhcAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJsZGFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJMZW1vbkxEQVAgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQoKLS0tCiMgTGVtb25sZGFwOjpORyB1c2VyIGVudW1lcmF0aW9uCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBmaXJld2FsbHNlcnZpY2VzL2xlbW9ubGRhcC1uZy11c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgTGVtb25sZGFwOjpORyB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5zZXJ2aWNlID09ICdsbG5nJyBhbmQgZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2xsbmdfYXV0aF9mYWlsJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAybQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBsZGFwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJsZGFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJMZW1vbkxEQVAgVXNlciBFbnVtIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect Lemonldap::NG bruteforce", "author": "firewallservices", "labels": { "behavior": "ldap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "LemonLDAP Bruteforce", "remediation": true, "service": "ldap", "spoofable": 0 } }, "firewallservices/pf-scan-multi_ports": { "path": "scenarios/firewallservices/pf-scan-multi_ports.yaml", "version": "0.4", "versions": { "0.1": { "digest": "d650a9e64532d14a46dcf5bfc952b0a0eb1825efdb07a179069d9c7f8f185d78", "deprecated": false }, "0.2": { "digest": "42359d53fdf4b78cf2600d81c5a893bb0306589190447cde88f5c0e788706136", "deprecated": false }, "0.3": { "digest": "d650a9e64532d14a46dcf5bfc952b0a0eb1825efdb07a179069d9c7f8f185d78", "deprecated": false }, "0.4": { "digest": "a8017247b648a5b731414ea6e7923b12d8da86ae0be535b96aa122ac65653b1f", "deprecated": false } }, "long_description": "RGV0ZWN0cyBUQ1AgcG9ydCBzY2FuIDogZGV0ZWN0cyBpZiBhIHNpbmdsZSBJUCBhdHRlbXB0cyBjb25uZWN0aW9uIHRvIG1hbnkgZGlmZmVyZW50IHBvcnRzLgoKTGVha3NwZWVkIG9mIDVzLCBjYXBhY2l0eSBvZiAxNS4K", "content": "dHlwZTogbGVha3kKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3BmX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICBjb25maWRlbmNlOiAxCiAgc3Bvb2ZhYmxlOiAzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDEKICAgIC0gYXR0YWNrLlQxMDE4CiAgICAtIGF0dGFjay5UMTA0NgogIGJlaGF2aW9yOiAidGNwOnNjYW4iCiAgbGFiZWw6ICJQRiBTY2FuIE11bHRpIFBvcnRzIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "ban IPs that are scanning us", "author": "firewallservices", "labels": { "behavior": "tcp:scan", "classification": [ "attack.T1595.001", "attack.T1018", "attack.T1046" ], "confidence": 1, "label": "PF Scan Multi Ports", "remediation": true, "service": "tcp", "spoofable": 3 } }, "firewallservices/zimbra-bf": { "path": "scenarios/firewallservices/zimbra-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "20cd0d65ecb94e81c785bbc8117d3cf12333bf0b32f600d14949be7ce21f3a4c", "deprecated": false }, "0.2": { "digest": "f7c711ae8b784fb37120952db8b47815c35c917dc6be49e6818d7a97b1aea379", "deprecated": false } }, "long_description": "RGV0ZWN0IHZhcmlvdXMgYXV0aGVudGljYXRpb24gZmFpbHVyZXMgb24gWmltYnJhCi0gT24gdGhlIHdlYiBsb2dpbiBwYWdlCi0gT24gdGhlIFNNVFAgc2VydmVyIChTTVRQUyBhbmQgU1VCTUlTU0lPTikKLSBPbiB0aGUgSU1BUCBzZXJ2ZXIKClRoaXMgc2NlbmFyaW8gdXNlcyB0d28gbGVha3kgYnVja2V0czoKLSBsZWFrc3BlZWQgb2YgMzBzLCBjYXBhY2l0eSBvZiA1IChwZXIgY2xpZW50IElQKQotIGxlYWtzcGVlZCBvZiAybSwgY2FwYWNpdHkgb2YgNSwgb24gdW5pcSB0YXJnZXQgdXNlciAocGVyIGNsaWVudCBJUCkK", "content": "IyBaaW1icmEgYnJ1dGZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBmaXJld2FsbHNlcnZpY2VzL3ppbWJyYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBaaW1icmEgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnemltYnJhX2F1dGhfZmFpbCcKbGVha3NwZWVkOiAzMHMKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiB6aW1icmEKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAicG9wMy9pbWFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJaaW1icmEgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBaaW1icmEgdXNlciBlbnVtZXJhdGlvbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy96aW1icmEtdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFppbWJyYSB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnemltYnJhX2F1dGhfZmFpbCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VyCmxlYWtzcGVlZDogMm0KY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogemltYnJhCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkuMDAyCiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAicG9wMy9pbWFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJaaW1icmEgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect Zimbra bruteforce", "author": "firewallservices", "labels": { "behavior": "pop3/imap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Zimbra Bruteforce", "remediation": true, "service": "zimbra", "spoofable": 0 } }, "firix/authentik-bf": { "path": "scenarios/firix/authentik-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "f2d5cf9e9fa750c2e3372aebeaf35fe13d56b7e0089dc01a744b6687d1872f3b", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBhdXRoZW50aWsgYXV0aGVudGljYXRpb25zOgoKIC0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCg==", "content": "IyBBdXRoZW50aWsgQkYgc2Nhbgp0eXBlOiBsZWFreQpuYW1lOiBmaXJpeC9hdXRoZW50aWstYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYXV0aGVudGlrIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydhdXRoZW50aWtfZmFpbGVkX2F1dGgnLCAnYXV0aGVudGlrX2ludmFsaWRfdXNlcm5hbWUnXQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAyMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogYXV0aGVudGlrCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkF1dGhlbnRpayBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIEF1dGhlbnRpayB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogZmlyaXgvYXV0aGVudGlrLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBhdXRoZW50aWsgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydhdXRoZW50aWtfZmFpbGVkX2F1dGgnLCAnYXV0aGVudGlrX2ludmFsaWRfdXNlcm5hbWUnXQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmxlYWtzcGVlZDogMTBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGF1dGhlbnRpawogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiQXV0aGVudGlrIFVzZXIgRW51bWVyYXRpb24iCiAgcmVtZWRpYXRpb246IHRydWUgCg==", "description": "Detect authentik bruteforce", "author": "firix", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Authentik Bruteforce", "remediation": true, "service": "authentik", "spoofable": 0 } }, "fulljackz/proxmox-bf": { "path": "scenarios/fulljackz/proxmox-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "0e9371bccf18fdd2195b68c9506182d0958ef4e8a31289d34106fda4b58ccd17", "deprecated": false }, "0.2": { "digest": "b0d36f0ced0f2b05e56c0655a1730181a653796133e0770a72ea5cf71db5cb9e", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwcm94bW94IGF1dGhlbnRpY2F0aW9ucyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBQcm94bW94IGF1dGhlbnQgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBmdWxsamFja3ovcHJveG1veC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBwcm94bW94IGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwdmVfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQoKbGFiZWxzOgogIHNlcnZpY2U6IHZtLW1hbmFnZW1lbnQKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAidm0tbWFuYWdlbWVudDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiUHZlRGFlbW9uIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgUHJveG1veCBiYWQgdXNlcgp0eXBlOiBsZWFreQpuYW1lOiBmdWxsamFja3ovcHJveG1veC1iZi11c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgcHJveG1veCB3cm9uZyB1c2VybmFtZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3B2ZV9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS5zb3VyY2VfdXNlcgpibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogdm0tbWFuYWdlbWVudAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAidm0tbWFuYWdlbWVudDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiUHZlRGFlbW9uIFVzZXIgRW51bSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect proxmox bruteforce", "author": "fulljackz", "labels": { "behavior": "vm-management:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "PveDaemon Bruteforce", "remediation": true, "service": "vm-management", "spoofable": 0 } }, "fulljackz/pureftpd-bf": { "path": "scenarios/fulljackz/pureftpd-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "b3d2ff52ddeff8e7bc547565b7d797c7420f4f5dc4cd00181f4a2be28dd56be7", "deprecated": false }, "0.2": { "digest": "36c442c20c6124c19a31fc4e57d2d65e9d1dfd63b59aebda95c3f0846ff9ed16", "deprecated": false } }, "content": "IyBQdXJlZnRwZCBhdXRoZW50IGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogZnVsbGphY2t6L3B1cmVmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHB1cmVmdHBkIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwZnRwZF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBmdHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiZnRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJQdXJlRlRQRCBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect pureftpd bruteforce", "author": "fulljackz", "labels": { "behavior": "ftp:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "PureFTPD Bruteforce", "remediation": true, "service": "ftp", "spoofable": 0 } }, "gauth-fr/immich-bf": { "path": "scenarios/gauth-fr/immich-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "ac8169ad4527ba503533131e47f7ffe26f5c49ac2ffda361217e45c77125c887", "deprecated": false }, "0.2": { "digest": "55a427ed10a711e624975181bdf80a2050238107245f0f0cf954a8d0a91f7244", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBJbW1pY2ggYXV0aGVudGljYXRpb25zOgoKIC0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBpbW1pY2ggQkYgc2NhbgpuYW1lOiBnYXV0aC1mci9pbW1pY2gtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgaW1taWNoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdpbW1pY2hfZmFpbGVkX2F1dGgnIgojZGVidWc6IHRydWUKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogaW1taWNoCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIkltbWljaCBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIGltbWljaCB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogZ2F1dGgtZnIvaW1taWNoLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBpbW1pY2ggdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdpbW1pY2hfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogaW1taWNoCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICBsYWJlbDogIkltbWljaCBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect immich bruteforce", "author": "gauth-fr", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Immich Bruteforce", "remediation": true, "service": "immich", "spoofable": 0 } }, "hitech95/mail-generic-bf": { "path": "scenarios/hitech95/mail-generic-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f4dd689cd76dbad62fc1188d106ee58d67e9637398e25f1ee6c4dd56039491c1", "deprecated": false }, "0.2": { "digest": "6240b1295617a293ce14a9e5ccea082a0df0d55259ca01653d423eb6a290c72a", "deprecated": false } }, "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGVtYWlsIChTTVRQLCBJTUFQLCBQT1ApIGF1dGguCgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgaXAKIC0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgMyBvbiBzYW1lIHRhcmdldCB1c2VyCg==", "content": "IyBHbG9iYWwgYnJvdXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGhpdGVjaDk1L2VtYWlsLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBlbWFpbCBicnV0ZSBmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21haWxfYXV0aCcgJiYgZXZ0Lk1ldGEuc3ViX3R5cGUgPT0gJ2F1dGhfZmFpbCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IHBvcDMvaW1hcAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJwb3AzL2ltYXA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlBPUDMvSU1BUCBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIFBlciB1c2VyIGJyb3V0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBoaXRlY2g5NS9lbWFpbC11c2VyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNwZWNpZmljIHVzZXIgZW1haWwgYnJ1dGUgZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdtYWlsX2F1dGgnICYmIGV2dC5NZXRhLnN1Yl90eXBlID09ICdhdXRoX2ZhaWwnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmNhcGFjaXR5OiAzCmxlYWtzcGVlZDogIjMwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogcG9wMy9pbWFwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkuMDAyCiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAicG9wMy9pbWFwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNYWlsIFVzZXIgRW51bSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect generic email brute force", "author": "hitech95", "labels": { "behavior": "pop3/imap:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "POP3/IMAP Bruteforce", "remediation": true, "service": "pop3/imap", "spoofable": 0 } }, "inherent-io/keycloak-bf": { "path": "scenarios/inherent-io/keycloak-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e49641024ac18c51c5f562e9f1c4a60ec31e0ef0525f5754537bc7ac8a425ddb", "deprecated": false }, "0.2": { "digest": "ae82c46c8629fc58402e4b86bed8b8099c04484fb9acf5d29b5d293690056a15", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBLZXljbG9hayBhdXRoZW50aWNhdGlvbnMgOgoKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCg==", "content": "dHlwZTogbGVha3kKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qga2V5Y2xvYWsgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5lcnJvciBpbiBbJ3VzZXJfbm90X2ZvdW5kJywgJ2ludmFsaWRfdXNlcl9jcmVkZW50aWFscyddCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBrZXljbG9hawogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJLZXljbG9hayBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBpbmhlcmVudC1pby9rZXljbG9hay11c2VyLWVudW0tYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qga2V5Y2xvYWsgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEuZXJyb3IgaW4gWyd1c2VyX25vdF9mb3VuZCcsICdpbnZhbGlkX3VzZXJfY3JlZGVudGlhbHMnXQpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IGtleWNsb2FrCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICBsYWJlbDogIktleWNsb2FrIEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect keycloak bruteforce", "author": "inherent-io", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Keycloak Bruteforce", "remediation": true, "service": "keycloak", "spoofable": 0 } }, "inherent-io/keycloak-slow-bf": { "path": "scenarios/inherent-io/keycloak-slow-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "14928e0df7050fa79b4e332f228afc71e287c2a67fefd2c77aab19de99fad70a", "deprecated": false }, "0.2": { "digest": "001444d0fbb4395b81e6caf835e8d7c5dde0fd3818c0b7b70d79264ab6453b04", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBLZXljbG9hayBhdXRoZW50aWNhdGlvbnMgOgoKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgNjBzLCBjYXBhY2l0eSBvZiAxMCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "dHlwZTogbGVha3kKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstc2xvdy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBrZXljbG9hayBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5lcnJvciBpbiBbJ3VzZXJfbm90X2ZvdW5kJywgJ2ludmFsaWRfdXNlcl9jcmVkZW50aWFscyddIgpsZWFrc3BlZWQ6ICI2MHMiCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IGtleWNsb2FrCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIktleWNsb2FrIEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGluaGVyZW50LWlvL2tleWNsb2FrLXVzZXItZW51bS1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGtleWNsb2FrIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5lcnJvciBpbiBbJ3VzZXJfbm90X2ZvdW5kJywgJ2ludmFsaWRfdXNlcl9jcmVkZW50aWFscyddIgpsZWFrc3BlZWQ6ICI2MHMiCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBrZXljbG9hawogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgbGFiZWw6ICJLZXljbG9hayBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect keycloak bruteforce", "author": "inherent-io", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Keycloak Bruteforce", "remediation": true, "service": "keycloak", "spoofable": 0 } }, "jbowdre/miniflux-bf": { "path": "scenarios/jbowdre/miniflux-bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "ca3feff94722b7029e3797f11737233f64b38e3cee1d05125ac1391fc70f4ddf", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBNaW5pZmx1eCBhdXRoZW50aWNhdGlvbnM6CgotIGxlYWtzcGVlZCBvZiAyMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgotIGxlYWtzcGVlZCBvZiAxbSwgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBtaW5pZmx1eCBCRiBzY2FuCm5hbWU6IGpib3dkcmUvbWluaWZsdXgtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgbWluaWZsdXggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21pbmlmbHV4X2ZhaWxlZF9hdXRoJyIKdHlwZTogbGVha3kKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogMjBzCmNhcGFjaXR5OiA1CmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IG1pbmlmbHV4CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBsYWJlbDogIk1pbmlmbHV4IEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgbWluaWZsdXggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGpib3dkcmUvbWluaWZsdXgtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1pbmlmbHV4IHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbWluaWZsdXhfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXIKbGVha3NwZWVkOiAxbQpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBtaW5pZmx1eAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgbGFiZWw6ICJNaW5pZmx1eCBCcnV0ZWZvcmNlIgogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCgo=", "description": "Detect miniflux bruteforce", "author": "jbowdre", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Miniflux Bruteforce", "remediation": true, "service": "miniflux", "spoofable": 0 } }, "jusabatier/apereo-cas-bf": { "path": "scenarios/jusabatier/apereo-cas-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d1bf29f3d7bbf0a7bee0a9e0dddc953c9f0cad2ac4f5d6dcefe7d8ae3dc833a6", "deprecated": false }, "0.2": { "digest": "828c0aeff9e1dd41f90b2fb1f83d4d8fb1bd6812045e30f19f772cb4879dbca1", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBDQVMgYXV0aGVudGljYXRpb25zIDoKCiogbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiogbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBjYXMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgQ0FTIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9jYXMtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJDQVMgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBjYXMgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGp1c2FiYXRpZXIvYXBlcmVvLWNhcy1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgQ0FTIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQ0FTIFVzZXIgRW51bSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "CAS Bruteforce", "remediation": true, "service": "http", "spoofable": 0 } }, "jusabatier/apereo-cas-slow-bf": { "path": "scenarios/jusabatier/apereo-cas-slow-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "4bcde74a3f00abede206b5821669531c8ebfbf80b79530414050bfd3ccbfc6f9", "deprecated": false }, "0.2": { "digest": "272deed2d9f9f5e4a49364246a92c1cd826daa49d77717de71b9e5688059f87e", "deprecated": false } }, "long_description": "RGV0ZWN0IHNsb3cgQ0FTIGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIDoKCiogbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgb24gc2FtZSB0YXJnZXQgdXNlcgoqIGxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBDQVMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2Nhcy1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgQ0FTIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9jYXMtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQ0FTIFNsb3cgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBjYXMgdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGp1c2FiYXRpZXIvY2FzLXNsb3ctYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgQ0FTIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdjYXNfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiA2MHMKY2FwYWNpdHk6IDEwCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIkNBUyBTbG93IFVzZXIgRW51bSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect slow CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "CAS Slow Bruteforce", "remediation": true, "service": "http", "spoofable": 0 } }, "jusabatier/cas-slow-bf": { "path": "scenarios/jusabatier/cas-slow-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6279c83e01b94e7d87271e16118d6b06be9662873c941884a12038fa7adc76c1", "deprecated": false }, "0.2": { "digest": "49a43e695621ca9c777d8825d67a7354da4012d94320740c39adf786d76b9028", "deprecated": false } }, "content": "IyBDQVMgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtc2xvdy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbG93IENBUyBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnY2FzX2ZhaWxlZC1hdXRoJyIKbGVha3NwZWVkOiAiNjBzIgpyZWZlcmVuY2VzOgogIC0gaHR0cDovL3dpa2lwZWRpYS5jb20vY2FzLWJmLWlzLWJhZApjYXBhY2l0eTogMTAKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJBcGVyZW8gQ0FTIEJydXRlZm9yY2UiCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgY2FzIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBqdXNhYmF0aWVyL2FwZXJlby1jYXMtc2xvdy1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc2xvdyBDQVMgdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2Nhc19mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDYwcwpjYXBhY2l0eTogMTAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgICAtIGF0dGFjay5UMTU5NQogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiQXBlcmVvIENBUyBTbG93IFVzZXIgRW51bSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect slow CAS bruteforce", "author": "jusabatier", "references": [ "http://wikipedia.com/cas-bf-is-bad" ], "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110", "attack.T1595" ], "confidence": 3, "label": "Apereo CAS Bruteforce", "remediation": true, "service": "http", "spoofable": 0 } }, "lourys/pterodactyl-wings-bf": { "path": "scenarios/lourys/pterodactyl-wings-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "05da99b5df02bed22d6627edd06897404a53ed13f9033b79cdf7b9cc21538cbe", "deprecated": false }, "0.2": { "digest": "4837e97a679e794ebd2d2a90028a2c649748a5ffbf1a27c286b799214bc40222", "deprecated": false }, "0.3": { "digest": "55b6dc21a6ecbff059805e5c399c9f3ed7aaeae00890e0ac9615123a3533cfc5", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBwdGVyb2RhY3R5bCB3aW5ncyBhdXRoZW50aWNhdGlvbnM6CgpJbnZhbGlkIGZvcm1hdDoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAxIG9uIHNhbWUgdGFyZ2V0IHVzZXIKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAxIHVuaXF1ZSBkaXN0aW5jdCB1c2VycwoKSW52YWxpZCB1c2VybmFtZS9wYXNzd29yZDoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiAz", "content": "IyMjIyMjIyMjIyMjIyMjIyMjIyMKIyMgSW52YWxpZCBmb3JtYXQgIyMKIyMjIyMjIyMjIyMjIyMjIyMjIyMKdHlwZTogbGVha3kKbmFtZTogbG91cnlzL3B0ZXJvZGFjdHlsLXdpbmdzLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGludmFsaWRfZm9ybWF0IHNzaCBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAncHRlcm9kYWN0bHlfd2luZ3NfaW52YWxpZF9mb3JtYXQnIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiAxCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDE1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHB0ZXJvZGFjdHlsCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDEKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlB0ZXJvZGFjdHlsIFdpbmcgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KdHlwZTogbGVha3kKbmFtZTogbG91cnlzL3B0ZXJvZGFjdHlsLXdpbmdzLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGludmFsaWRfZm9ybWF0IHNzaCB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAncHRlcm9kYWN0bHlfd2luZ3NfaW52YWxpZF9mb3JtYXQnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxNXMKY2FwYWNpdHk6IDEKYmxhY2tob2xlOiAxNW0KbGFiZWxzOgogIHNlcnZpY2U6IHB0ZXJvZGFjdHlsCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA4NwogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDEKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlB0ZXJvZGFjdHlsIFdpbmcgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyBJbnZhbGlkIHVzZXJuYW1lL3Bhc3N3b3JkICMjCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IGxvdXJ5cy9wdGVyb2RhY3R5bC13aW5ncy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBpbnZhbGlkX3VzZXJuYW1lX29yX3Bhc3N3b3JkIHNzaCBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdwdGVyb2RhY3RseV93aW5nc19pbnZhbGlkX3VzZXJuYW1lX29yX3Bhc3N3b3JkJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogcHRlcm9kYWN0eWwKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiUHRlcm9kYWN0eWwgV2luZyBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect invalid_format ssh bruteforce", "author": "lourys", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 1, "label": "Pterodactyl Wing Bruteforce", "remediation": true, "service": "pterodactyl", "spoofable": 0 } }, "ltsich/http-w00tw00t": { "path": "scenarios/ltsich/http-w00tw00t.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f0cba1520658a1016e9d1952473fa9e78175deef2117d2b921e7d994a6e7a549", "deprecated": false }, "0.2": { "digest": "6327526c8c38490c33a5441ad144d35ad3bfc49b309194b2c437a178cf95908b", "deprecated": false } }, "long_description": "dHJpZ2dlciBzY2VuYXJpbyB0byBkZXRlY3QgdzAwdHcwMHQgcGF0dGVybiB1c2VkIGJ5IGh0dHAgdnVsbmVyYWJpbGl0eSBzY2FubmVyLCBzZWUgW3RoaXMgcmVzc291cmNlXShodHRwczovL2lzYy5zYW5zLmVkdS9mb3J1bXMvZGlhcnkvdzAwdHcwMHQvOTAwLykKCj4gQ29udHJpYnV0ZWQgYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", "content": "I2NvbnRyaWJ1dGVkIGJ5IGx0c2ljaAp0eXBlOiB0cmlnZ2VyCm5hbWU6IGx0c2ljaC9odHRwLXcwMHR3MDB0CmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHcwMHR3MDB0IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3cwMHR3MDB0LmF0LklTQy5TQU5TLkRGaW5kJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGJlaGF2aW9yOiAiaHR0cDpzY2FuIgogIGxhYmVsOiAidzAwdCB3MDB0IFNjYW5uZXIiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "detect w00tw00t", "author": "ltsich", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595" ], "confidence": 3, "label": "w00t w00t Scanner", "remediation": true, "service": "http", "spoofable": 0 } }, "mstilkerich/bind9-refused": { "path": "scenarios/mstilkerich/bind9-refused.yaml", "version": "0.2", "versions": { "0.1": { "digest": "16ff798ce0bde3b31c91eed4d3b022b70ccbe723579ab80ac889880058a50d20", "deprecated": false }, "0.2": { "digest": "a7567674f1b50c578195fa8e6a95c99e9573598c63720c8ae3b585ff492aa91e", "deprecated": false } }, "long_description": "RGV0ZWN0IEFYRlIgcmVxdWVzdHMgYW5kIEROUyBxdWVyaWVzIHJlamVjdGVkIGJ5IGJpbmQ5IHNlY3VyaXR5IHBvbGljeToKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAK", "content": "dHlwZTogbGVha3kKbmFtZTogbXN0aWxrZXJpY2gvYmluZDktcmVmdXNlZApkZXNjcmlwdGlvbjogIkFjdCBvbiBxdWVyaWVzIC8gem9uZSB0cmFuc2ZlcnMgZGVuaWVkIGJ5IGJpbmQ5IHBvbGljeSIKZGVidWc6IGZhbHNlCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdiaW5kOV9kZW5pZWQnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxMHMKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogZG9tYWluCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5MC4wMDIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgYmVoYXZpb3I6ICJnZW5lcmljOnNjYW4iCiAgbGFiZWw6ICJEb21haW4gdHJhbnNmZXIgYXR0ZW1wdCIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Act on queries / zone transfers denied by bind9 policy", "author": "mstilkerich", "labels": { "behavior": "generic:scan", "classification": [ "attack.T1590.002" ], "confidence": 3, "label": "Domain transfer attempt", "remediation": true, "service": "domain", "spoofable": 0 } }, "mwinters-stuff/mailu-admin-bf": { "path": "scenarios/mwinters-stuff/mailu-admin-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f5f64aea87e23bec59055bd1d701aa190de5c77edb2b8b23baf98176ff544515", "deprecated": false }, "0.2": { "digest": "67f3eb683565052c8d13cb3cac78d34e79895310a97a3bc487a4db016627f386", "deprecated": false } }, "long_description": "RGV0ZWN0cyB0aGUgYnJ1dGUgZm9yY2UgYXR0YWNrcyBvbiB0aGUgbWFpbHUgYWRtaW4gY29udGFpbmVyLg==", "content": "IyBtYWlsdS1hZG1pbiBicnV0ZWZvcmNlCnR5cGU6IHRyaWdnZXIKIyBkZWJ1ZzogdHJ1ZQpuYW1lOiBtd2ludGVycy1zdHVmZi9tYWlsdS1hZG1pbi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBtYWlsdSBhZG1pbiBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdtYWlsdV9hZG1pbl9hdXRoX2F0dGVtcHQnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCiMgcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMC4wMDEKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJNYWlsdSB3ZWIgYWRtaW4gYXV0aGVudGljYXRpb24gYXR0ZW1wdCIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect mailu admin bruteforce", "author": "mwinters-stuff", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110.001" ], "confidence": 3, "label": "Mailu web admin authentication attempt", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-bot-protection": { "path": "scenarios/openappsec/openappsec-bot-protection.yaml", "version": "0.2", "versions": { "0.1": { "digest": "359fa8bc8cbcba17f082b9dd0ff714bee45f7b4f1428a81bddfc98d7d379e8be", "deprecated": false }, "0.2": { "digest": "131dcf6809a4df02095cb2f1ad9cf85372b4b318823a63ef1a817a440652c91b", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWJvdC1wcm90ZWN0aW9uCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnQm90IFByb3RlY3Rpb24nIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ2JvdCBwcm90ZWN0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpzcGFtIgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnQm90IFByb3RlY3Rpb24nIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Bot Protection' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:spam", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'Bot Protection' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-cross-site-redirect": { "path": "scenarios/openappsec/openappsec-cross-site-redirect.yaml", "version": "0.2", "versions": { "0.1": { "digest": "1d6a3d6144b9c31b384161674f4d6aa9f19ac200c5e8f608539a8d0f4a316f6b", "deprecated": false }, "0.2": { "digest": "883d8ef5392e68b80b4ee7ebb9ac34f087069f077a46fbe48433871c0ed9dc8f", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWNyb3NzLXNpdGUtcmVkaXJlY3QKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdDcm9zcyBTaXRlIFJlZGlyZWN0JyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdjcm9zcyBzaXRlIHJlZGlyZWN0Jwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1NjYKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAyCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJPcGVuYXBwc2VjICdjcm9zcyBzaXRlIHJlZGlyZWN0JyBkZXRlY3Rpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect openappsec 'prevent' securityActions on 'Cross Site Redirect' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1566" ], "confidence": 2, "label": "Openappsec 'cross site redirect' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-csrf": { "path": "scenarios/openappsec/openappsec-csrf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "0ba2cee3113519c489e5a59ca436a776acb6039a6feae4b96ac1ae9b80bc17ff", "deprecated": false }, "0.2": { "digest": "9a0e799668d2feac96fbdee3195657c5f53d42036bb9c356639b662045a1a122", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWNzcmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdDcm9zcyBTaXRlIFJlcXVlc3QgRm9yZ2VyeScgZXZlbnRzICh3aGVuIHdhZiBibG9ja3MgbWFsaWNpb3VzIHJlcXVlc3QpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdvcGVuYXBwc2VjX3NlY3VyaXR5X2xvZycgYW5kIExvd2VyKGV2dC5NZXRhLnNlY3VyaXR5X2FjdGlvbikgaW4gWydwcmV2ZW50JywgJ2RldGVjdCddIGFuZCBMb3dlcihldnQuTWV0YS5pbmNpZGVudF90eXBlKSBjb250YWlucyAnY3Jvc3Mgc2l0ZSByZXF1ZXN0IGZvcmdlcnknCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE4OQogIGNvbmZpZGVuY2U6IDIKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIk9wZW5hcHBzZWMgJ2Nyb3NzIHNpdGUgcmVxdWVzdCBmb3JnZXJ5JyBkZXRlY3Rpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect openappsec 'prevent' securityActions on 'Cross Site Request Forgery' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1189" ], "confidence": 2, "label": "Openappsec 'cross site request forgery' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-error-disclosure": { "path": "scenarios/openappsec/openappsec-error-disclosure.yaml", "version": "0.2", "versions": { "0.1": { "digest": "f80c4a142337e7282fcd356b7fd8163d9bd5931ef0f118b33a03529042599d23", "deprecated": false }, "0.2": { "digest": "fc81a79b1c8063f5b63381c211294e3793e8072fc871e208b1fcc62800904d34", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWVycm9yLWRpc2Nsb3N1cmUKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdFcnJvciBEaXNjbG9zdXJlJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdlcnJvciBkaXNjbG9zdXJlJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAxCiAgY29uZmlkZW5jZTogMQogIGJlaGF2aW9yOiAiaHR0cDpzY2FuIgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnZXJyb3IgZGlzY2xvc3VyZScgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'Error Disclosure' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 1, "label": "Openappsec 'error disclosure' detection", "remediation": true, "service": "http", "spoofable": 1 } }, "openappsec/openappsec-error-limit": { "path": "scenarios/openappsec/openappsec-error-limit.yaml", "version": "0.2", "versions": { "0.1": { "digest": "dadb5af9a8635ad6e0194fd8a879b8ef7a8b17f24f4eb451096274a2fc173a6e", "deprecated": false }, "0.2": { "digest": "890e27e4725874b45aa18a0df5e1e83a7621bdb2bb3a9c073ba085844d8a8012", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWVycm9yLWxpbWl0CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnRXJyb3IgTGltaXQnIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ2Vycm9yIGxpbWl0Jwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAxCiAgY29uZmlkZW5jZTogMQogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnZXJyb3IgbGltaXQnIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Error Limit' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 1, "label": "Openappsec 'error limit' detection", "remediation": true, "service": "http", "spoofable": 1 } }, "openappsec/openappsec-evasion-techniques": { "path": "scenarios/openappsec/openappsec-evasion-techniques.yaml", "version": "0.2", "versions": { "0.1": { "digest": "65dba84b391cef5817a1d6ce4e15335f9dfb9494ee95818c43dcf56069b39800", "deprecated": false }, "0.2": { "digest": "d3561fcdcec8f943aa5bbeb7d5b8c80b782c71ad70b6891f570b050e70954956", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWV2YXNpb24tdGVjaG5pcXVlcwpkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ0V2YXNpb24gVGVjaG5pcXVlcycgZXZlbnRzICh3aGVuIHdhZiBibG9ja3MgbWFsaWNpb3VzIHJlcXVlc3QpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdvcGVuYXBwc2VjX3NlY3VyaXR5X2xvZycgYW5kIExvd2VyKGV2dC5NZXRhLnNlY3VyaXR5X2FjdGlvbikgaW4gWydwcmV2ZW50JywgJ2RldGVjdCddIGFuZCBMb3dlcihldnQuTWV0YS5pbmNpZGVudF90eXBlKSBjb250YWlucyAnZXZhc2lvbiB0ZWNobmlxdWVzJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMQogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnRXZhc2lvbiBUZWNobmlxdWVzJyBkZXRlY3Rpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect openappsec 'prevent' securityActions on 'Evasion Techniques' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 1, "label": "Openappsec 'Evasion Techniques' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-general": { "path": "scenarios/openappsec/openappsec-general.yaml", "version": "0.2", "versions": { "0.1": { "digest": "957a11028e7acc2818e6211a8e694fcc23456e158de5c4a68b839a497d61bc08", "deprecated": false }, "0.2": { "digest": "dab3b58b3a506b4b562b7ef3963a14076c9bc48ef29426bd30a0e19bb7cbecdb", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWdlbmVyYWwKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdHZW5lcmFsJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdnZW5lcmFsJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMQogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnZ2VuZXJhbCcgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'General' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 1, "label": "Openappsec 'general' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-http-limit-violation": { "path": "scenarios/openappsec/openappsec-http-limit-violation.yaml", "version": "0.2", "versions": { "0.1": { "digest": "fb6955f977a48384eaf944a3fa22f197ceb7cd997dc6d871ac8adb0af23b4642", "deprecated": false }, "0.2": { "digest": "2050cb2b8128ea8ce53cdc4fa1e43500ef9f11305ee4856a11801044e9f5644e", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWh0dHAtbGltaXQtdmlvbGF0aW9uCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnSHR0cCBsaW1pdCB2aW9sYXRpb24nIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ2h0dHAgbGltaXQgdmlvbGF0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMQogIGJlaGF2aW9yOiAiaHR0cDpzcGFtIgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnaHR0cCBsaW1pdCB2aW9sYXRpb24nIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Http limit violation' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:spam", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 1, "label": "Openappsec 'http limit violation' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-http-method-violation": { "path": "scenarios/openappsec/openappsec-http-method-violation.yaml", "version": "0.2", "versions": { "0.1": { "digest": "1111724d5182ee0e33d275633b9e5230bfab7956f06cda6348593f6eace2df6f", "deprecated": false }, "0.2": { "digest": "f4ca829b97b0ee227fd90be71be8fd475eb63f791452ca634ff233e3085530a3", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWh0dHAtbWV0aG9kLXZpb2xhdGlvbgpkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ0lsbGVnYWwgaHR0cCBtZXRob2QgdmlvbGF0aW9uJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdpbGxlZ2FsIGh0dHAgbWV0aG9kIHZpb2xhdGlvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGF0dGFjay5UMTE5MAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIk9wZW5hcHBzZWMgJ2lsbGVnYWwgaHR0cCBtZXRob2QgdmlvbGF0aW9uJyBkZXRlY3Rpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect openappsec 'prevent' securityActions on 'Illegal http method violation' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 3, "label": "Openappsec 'illegal http method violation' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-ldap-injection": { "path": "scenarios/openappsec/openappsec-ldap-injection.yaml", "version": "0.2", "versions": { "0.1": { "digest": "37056e311beb6d0213db74c273774e30a978d490dc3af7c15db3ec5df20ca752", "deprecated": false }, "0.2": { "digest": "042aff245e25ab509b7f578848a97cd2131abe492636126006e323d63b1dd0b3", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpkZWJ1ZzogZmFsc2UKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLWxkYXAtaW5qZWN0aW9uCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnTERBUCBJbmplY3Rpb24nIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ2xkYXAgaW5qZWN0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnbGRhcCBpbmplY3Rpb24nIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'LDAP Injection' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'ldap injection' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-open-redirect": { "path": "scenarios/openappsec/openappsec-open-redirect.yaml", "version": "0.2", "versions": { "0.1": { "digest": "1fa3254fa19e895e3209d06518d8947ccc895979f425d76c023030b8a2e098ec", "deprecated": false }, "0.2": { "digest": "bffcbad62ab71fb63aeba4405fcef5a2d623d9bf98032103ab859837ea478a9b", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLW9wZW4tcmVkaXJlY3QKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdPcGVuIFJlZGlyZWN0JyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdvcGVuIHJlZGlyZWN0Jwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExODkKICAgIC0gYXR0YWNrLlQxNTY2CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnb3BlbiByZWRpcmVjdCcgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'Open Redirect' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1189", "attack.T1566" ], "confidence": 2, "label": "Openappsec 'open redirect' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-path-traversal": { "path": "scenarios/openappsec/openappsec-path-traversal.yaml", "version": "0.2", "versions": { "0.1": { "digest": "21763dd00a0bc8970f94dc79a2d0ae5bab8684bc5af503f2d2a6335b0cea68a8", "deprecated": false }, "0.2": { "digest": "4cb2b83be3ef0204a5acfa8f7b125fb74c2a017cd202af60d3c1ce3d903ee60c", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXBhdGgtdHJhdmVyc2FsCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnUGF0aCBUcmF2ZXJzYWwnIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ3BhdGggdHJhdmVyc2FsJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAncGF0aCB0cmF2ZXJzYWwnIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Path Traversal' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'path traversal' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-probing": { "path": "scenarios/openappsec/openappsec-probing.yaml", "version": "0.2", "versions": { "0.1": { "digest": "6add1b1101bbb54c961329ec9b14b160b98b4c24661a7448c8e4469ffb167973", "deprecated": false }, "0.2": { "digest": "9de0d6dcba782e7bd114951fe8933710c79743ec858878c53b8d658436967e12", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdWdWxuZXJhYmlsaXR5IFNjYW5uaW5nJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICd2dWxuZXJhYmlsaXR5IHNjYW5uaW5nJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpzY2FuIgogIGxhYmVsOiAiT3BlbmFwcHNlYyAncHJvYmluZycgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'Vulnerability Scanning' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:scan", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'probing' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-rce": { "path": "scenarios/openappsec/openappsec-rce.yaml", "version": "0.2", "versions": { "0.1": { "digest": "fc5691b14b1d2e38f1fef9f430107a8b31d7825e503ef33c6b11ac9f34c37f62", "deprecated": false }, "0.2": { "digest": "a6a032e95fb4d61eb3c19ff5ee263b97f12e72052e9b41222de3758263d5d2cd", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgpkZWJ1ZzogZmFsc2UKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXJjZQpkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ1JlbW90ZSBDb2RlIEV4ZWN1dGlvbicgZXZlbnRzICh3aGVuIHdhZiBibG9ja3MgbWFsaWNpb3VzIHJlcXVlc3QpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdvcGVuYXBwc2VjX3NlY3VyaXR5X2xvZycgYW5kIExvd2VyKGV2dC5NZXRhLnNlY3VyaXR5X2FjdGlvbikgaW4gWydwcmV2ZW50JywgJ2RldGVjdCddIGFuZCBMb3dlcihldnQuTWV0YS5pbmNpZGVudF90eXBlKSBjb250YWlucyAncmVtb3RlIGNvZGUgZXhlY3V0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAncmNlJyBkZXRlY3Rpb24iCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect openappsec 'prevent' securityActions on 'Remote Code Execution' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'rce' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-request-rate-limit": { "path": "scenarios/openappsec/openappsec-request-rate-limit.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8e915688ead3b21a9660ad94521098df7e152ef74822d96df0d29d09b3625377", "deprecated": false }, "0.2": { "digest": "98c6638dda03c0b6ffb29bcb5b09571890eae5c764a0d7ab3c9678d0458680f6", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXJlcXVlc3QtcmF0ZS1saW1pdApkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ1JlcXVlc3QgUmF0ZSBMaW1pdCcgZXZlbnRzICh3aGVuIHdhZiBibG9ja3MgbWFsaWNpb3VzIHJlcXVlc3QpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdvcGVuYXBwc2VjX3NlY3VyaXR5X2xvZycgYW5kIExvd2VyKGV2dC5NZXRhLnNlY3VyaXR5X2FjdGlvbikgaW4gWydwcmV2ZW50JywgJ2RldGVjdCddIGFuZCBMb3dlcihldnQuTWV0YS5pbmNpZGVudF90eXBlKSBjb250YWlucyAncmVxdWVzdCByYXRlIGxpbWl0Jwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE0OTgKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAyCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJPcGVuYXBwc2VjICdyZXF1ZXN0IHJhdGUgbGltaXQnIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Request Rate Limit' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1498" ], "confidence": 2, "label": "Openappsec 'request rate limit' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-schema-validation": { "path": "scenarios/openappsec/openappsec-schema-validation.yaml", "version": "0.2", "versions": { "0.1": { "digest": "5db74f61a78169a46c9e57c8d9b29cfff2ae4f5f89b2a0acffa6a54a1bebdf57", "deprecated": false }, "0.2": { "digest": "ed81a89e2acacea4ced7ba6461a4449b2c52cce41ea004e8e699f259000c0b95", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXNjaGVtYS12YWxpZGF0aW9uCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG9wZW5hcHBzZWMgJ3ByZXZlbnQnIHNlY3VyaXR5QWN0aW9ucyBvbiAnU2NoZW1hIFZhbGlkYXRpb24nIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ3NjaGVtYSB2YWxpZGF0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAxCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJPcGVuYXBwc2VjICdzY2hlbWEgdmFsaWRhdGlvbnMnIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Schema Validation' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1190" ], "confidence": 1, "label": "Openappsec 'schema validations' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-sql-injection": { "path": "scenarios/openappsec/openappsec-sql-injection.yaml", "version": "0.2", "versions": { "0.1": { "digest": "1b9c623f1c1a7b7147154264aca614b2aadcdb8fe6d25a1362caee43e5644912", "deprecated": false }, "0.2": { "digest": "ef6a4c2887b8080047e8aae572272424d3d7e44ddc9c3dda913d5cbb616e1bec", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXNxbC1pbmplY3Rpb24KZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdTUUwgSW5qZWN0aW9uJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdzcWwgaW5qZWN0aW9uJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAnU1FMIEluamVjdGlvbicgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'SQL Injection' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'SQL Injection' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-url-instead-of-file": { "path": "scenarios/openappsec/openappsec-url-instead-of-file.yaml", "version": "0.2", "versions": { "0.1": { "digest": "370c0b576759dcc3fe7f2fe1809723eb761598c94cc8432cc2781d4691f0b296", "deprecated": false }, "0.2": { "digest": "13f6f3de0158e49291738a0c83ab27c48f4d9c97ff9a2c53d97a92fbe0b2c510", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXVybC1pbnN0ZWFkLW9mLWZpbGUKZGVzY3JpcHRpb246ICJEZXRlY3Qgb3BlbmFwcHNlYyAncHJldmVudCcgc2VjdXJpdHlBY3Rpb25zIG9uICdVUkwgaW5zdGVhZCBvZiBmaWxlJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICd1cmwgaW5zdGVhZCBvZiBmaWxlJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3BlbmFwcHNlYyAndXJsIGluc3RlYWQgb2YgZmlsZScgZGV0ZWN0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect openappsec 'prevent' securityActions on 'URL instead of file' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'url instead of file' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-xss": { "path": "scenarios/openappsec/openappsec-xss.yaml", "version": "0.2", "versions": { "0.1": { "digest": "43cb006041497512db66ac2dbff9ebe799d524685f5a57e4c0e8721ff4d19de7", "deprecated": false }, "0.2": { "digest": "4162af0592925a3de3c136c16e42a1ecc7b94d293867779092a252c371483c8a", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXhzcwpkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ0Nyb3NzIFNpdGUgU2NyaXB0aW5nJyBldmVudHMgKHdoZW4gd2FmIGJsb2NrcyBtYWxpY2lvdXMgcmVxdWVzdCkiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wZW5hcHBzZWNfc2VjdXJpdHlfbG9nJyBhbmQgTG93ZXIoZXZ0Lk1ldGEuc2VjdXJpdHlfYWN0aW9uKSBpbiBbJ3ByZXZlbnQnLCAnZGV0ZWN0J10gYW5kIExvd2VyKGV2dC5NZXRhLmluY2lkZW50X3R5cGUpIGNvbnRhaW5zICdjcm9zcyBzaXRlIHNjcmlwdGluZycKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogIHNlcnZpY2U6IGh0dHAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTg5CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAyCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJPcGVuYXBwc2VjICdYU1MnIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect openappsec 'prevent' securityActions on 'Cross Site Scripting' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1189", "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'XSS' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "openappsec/openappsec-xxe": { "path": "scenarios/openappsec/openappsec-xxe.yaml", "version": "0.2", "versions": { "0.1": { "digest": "d7d63f2b84a74fa26697fd74d78f9fc187a54ace8b0dc1e1ae28aacf055892a5", "deprecated": false }, "0.2": { "digest": "6bcf9558fb7681b4293a7b1d5a705b9f5fd49d2ea6c332354251eba271203195", "deprecated": false } }, "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogb3BlbmFwcHNlYy9vcGVuYXBwc2VjLXh4ZQpkZXNjcmlwdGlvbjogIkRldGVjdCBvcGVuYXBwc2VjICdwcmV2ZW50JyBzZWN1cml0eUFjdGlvbnMgb24gJ1hNTCBFeHRlcm5hbCBFbnRpdHknIGV2ZW50cyAod2hlbiB3YWYgYmxvY2tzIG1hbGljaW91cyByZXF1ZXN0KSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnb3BlbmFwcHNlY19zZWN1cml0eV9sb2cnIGFuZCBMb3dlcihldnQuTWV0YS5zZWN1cml0eV9hY3Rpb24pIGluIFsncHJldmVudCcsICdkZXRlY3QnXSBhbmQgTG93ZXIoZXZ0Lk1ldGEuaW5jaWRlbnRfdHlwZSkgY29udGFpbnMgJ3htbCBleHRlcm5hbCBlbnRpdHknCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAyCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIk9wZW5hcHBzZWMgJ1hNTCBFeHRlcm5hbCBFbnRpdHknIGRldGVjdGlvbiIKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNlcnZpY2U6IGh0dHAK", "description": "Detect openappsec 'prevent' securityActions on 'XML External Entity' events (when waf blocks malicious request)", "author": "openappsec", "labels": { "behavior": "http:exploit", "classification": [ "attack.T1595", "attack.T1190" ], "confidence": 2, "label": "Openappsec 'XML External Entity' detection", "remediation": true, "service": "http", "spoofable": 0 } }, "schiz0phr3ne/prowlarr-bf": { "path": "scenarios/schiz0phr3ne/prowlarr-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "feac3b8dda8d9841c36edd56c9e4504d4be3f3cf6027e67c00fb8f2f6b6784ee", "deprecated": false }, "0.2": { "digest": "97580733f96cea718dea67b07f9a3f1e27091623f38290c04c2dcbb81d63394d", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBQcm93bGFyciBhdXRoZW50aWNhdGlvbnM6CgotIGxlYWtzcGVlZCBvZiAxNXMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCi0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycwo=", "content": "IyBQcm93bGFyciBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHNjaGl6MHBocjNuZS9wcm93bGFyci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBQcm93bGFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3Byb3dsYXJyX2ZhaWxlZF9hdXRoZW50aWNhdGlvbiddIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogcHJvd2xhcnIKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiUHJvd2xhcnIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBQcm93bGFyciB1c2VyIGVudW0gYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBzY2hpejBwaHIzbmUvcHJvd2xhcnItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFByb3dsYXJyIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3Byb3dsYXJyX2ZhaWxlZF9hdXRoZW50aWNhdGlvbiddIgpsZWFrc3BlZWQ6ICIzMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHByb3dsYXJyCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJQcm93bGFyciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Prowlarr bruteforce", "author": "schiz0phr3ne", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Prowlarr Bruteforce", "remediation": true, "service": "prowlarr", "spoofable": 0 } }, "schiz0phr3ne/radarr-bf": { "path": "scenarios/schiz0phr3ne/radarr-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "e4917c28697b2e60f6324f0daa7c844154a852ba7db95080575fb428a1596786", "deprecated": false }, "0.2": { "digest": "00abe1e708f2f2f19ad43a44f004fb6f2f0b6c46238196412545a2e17d32a1b8", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBSYWRhcnIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiAzMHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBSYWRhcnIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBzY2hpejBwaHIzbmUvcmFkYXJyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFJhZGFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3JhZGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMTVzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHJhZGFycgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJSYWRhcnIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBSYWRhcnIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogc2NoaXowcGhyM25lL3JhZGFyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgUmFkYXJyIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3JhZGFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiByYWRhcnIKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlJhZGFyciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Radarr bruteforce", "author": "schiz0phr3ne", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Radarr Bruteforce", "remediation": true, "service": "radarr", "spoofable": 0 } }, "schiz0phr3ne/sonarr-bf": { "path": "scenarios/schiz0phr3ne/sonarr-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "110d81a708fdb4d201495e61619d2d36acb24d8e8b8a6e55e2210517618aaff1", "deprecated": false }, "0.2": { "digest": "0bbff63af5b5b9c8179c29111f500b068a45787e519a4c497a7bd10b397f5ea2", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBTb25hcnIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMTVzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiAzMHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", "content": "IyBTb25hcnIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBzY2hpejBwaHIzbmUvc29uYXJyLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFNvbmFyciBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3NvbmFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMTVzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNvbmFycgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJTb25hcnIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBTb25hcnIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogc2NoaXowcGhyM25lL3NvbmFyci1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgU29uYXJyIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3NvbmFycl9mYWlsZWRfYXV0aGVudGljYXRpb24nXSIKbGVha3NwZWVkOiAiMzBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzb25hcnIKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNvbmFyciBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Sonarr bruteforce", "author": "schiz0phr3ne", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Sonarr Bruteforce", "remediation": true, "service": "sonarr", "spoofable": 0 } }, "thespad/sshesame-honeypot": { "path": "scenarios/thespad/sshesame-honeypot.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0818e9e2be666b4e6315050b7fa96f82dc47b6010c07704370738875842c160b", "deprecated": false }, "0.2": { "digest": "a6120c94b2390d7deea3b79407e37870e084fed11d08bd7434162ce6f84257a5", "deprecated": false }, "0.3": { "digest": "950cf9776305bfb38f8711a5d5a2ed59f533e40e51666b0393d0117634bf4799", "deprecated": false } }, "long_description": "IyBzc2hlc2FtZSBzY2VuYXJpb3MKClNjZW5hcmlvcyBmb3IgW3NzaGVzYW1lXShodHRwczovL2dpdGh1Yi5jb20vamFrc2kvc3NoZXNhbWUvKSBob25leXBvdCBsb2dzLgoKIyMgU2NlbmFyaW8gc2V0dXAKCiogQWxsIGxvZ2luIGV2ZW50czogbGVha3NwZWVkIG9mIDMwbSwgY2FwYWNpdHkgb2YgMwoqIEFueSBjb21tYW5kcyBzZW50IGJ5IGNsaWVudHMgYXMgcGFydCBvZiBhIGNvbm5lY3Rpb24gYXR0ZW1wdCB3aWxsIGltbWVkaWF0ZWx5IG92ZXJmbG93Cg==", "content": "IyBzc2hlc2FtZSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRoZXNwYWQvc3NoZXNhbWUtYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoZXNhbWUgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaGVzYW1lX2xvZ2luJyIKbGVha3NwZWVkOiAiMzBtIgpjYXBhY2l0eTogMwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogc3NoZXNhbWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAic3NoOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJTU0hlc2FtZSBCcnV0ZWZvcmNlIgogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHNzaGVzYW1lIGNvbW1hbmRzCnR5cGU6IHRyaWdnZXIKbmFtZTogdGhlc3BhZC9zc2hlc2FtZS1jbWQKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoZXNhbWUgY29tbWFuZHMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hlc2FtZV9jbWQnIgpjYXBhY2l0eTogMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogc3NoZXNhbWUKICB0eXBlOiBjb21tYW5kCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMDU5CiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHNzaGVzYW1lIGlucHV0CnR5cGU6IGxlYWt5Cm5hbWU6IHRoZXNwYWQvc3NoZXNhbWUtaW5wdXQKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoZXNhbWUgaW5wdXQgc3BhbSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaGVzYW1lX2lucHV0JyIKbGVha3NwZWVkOiAiNW0iCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2hlc2FtZQogIGJlaGF2aW9yOiAic3NoOmJydXRlZm9yY2UiCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNTkKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect sshesame bruteforce", "author": "thespad", "labels": { "behavior": "ssh:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "SSHesame Bruteforce", "remediation": true, "service": "sshesame", "spoofable": 0 } }, "timokoessler/gitlab-bf": { "path": "scenarios/timokoessler/gitlab-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "c41f3f4003eeb331fa35aa2ace0e861a674992efdb5a26c5f9d447db40a67eca", "deprecated": false }, "0.2": { "digest": "2cd1a9d5dfd164c06ed4dd7a89104e1f25251ab4eb35c8f8f66890fbd127a6f5", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBHaXRMYWIgYXV0aGVudGljYXRpb25zOgoKLSBsZWFrc3BlZWQgb2YgMjBzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcAotIGxlYWtzcGVlZCBvZiA0MHMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwIGFuZCB1bmlxdWUgZGlzdGluY3QgdXNlcnM=", "content": "IyBnaXRsYWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiB0aW1va29lc3NsZXIvZ2l0bGFiLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGdpdGxhYiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2dpdGxhYl9mYWlsZWRfcGFzc3dvcmQnLCAnZ2l0bGFiX2ZhaWxlZF90b3RwJ10iCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBnaXRsYWIKICBiZWhhdmlvcjogInZjczpicnV0ZWZvcmNlIgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgbGFiZWw6ICJHaXRsYWIgQnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBnaXRsYWIgdXNlciBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL2dpdGxhYi1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgZ2l0bGFiIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnZ2l0bGFiX2ZhaWxlZF9wYXNzd29yZCciCmxlYWtzcGVlZDogIjQwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VybmFtZQpibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogZ2l0bGFiCiAgYmVoYXZpb3I6ICJ2Y3M6YnJ1dGVmb3JjZSIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICBsYWJlbDogIkdpdGxhYiBVc2VyIEVudW1lcmF0aW9uIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect gitlab bruteforce", "author": "timokoessler", "labels": { "behavior": "vcs:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Gitlab Bruteforce", "remediation": true, "service": "gitlab", "spoofable": 0 } }, "timokoessler/mongodb-bf": { "path": "scenarios/timokoessler/mongodb-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "2091dbe9f9e71d2f31a6c6dbcd1aaa5b8eb8215925bfdf8a36f9b3c1624cffcf", "deprecated": false }, "0.2": { "digest": "df5a0f8e6bad0a57e451ba4c06adb9a2852b45a9c717917ff254b8d78ce06f80", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBNb25nb0RCIGF1dGhlbnRpY2F0aW9uczoKCi0gbGVha3NwZWVkIG9mIDIwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAKLSBsZWFrc3BlZWQgb2YgNDBzLCBjYXBhY2l0eSBvZiA1IG9uIHNvdXJjZSBpcCBhbmQgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCi0gbGVha3NwZWVkIG9mIDQwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCBhdXRoZW50aWNhdGlvbiBkYXRhYmFzZQ==", "content": "IyBtb25nb2RiIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL21vbmdvZGItYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgbW9uZ29kYiBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbW9uZ29kYl9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjIwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBtb25nb2RiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiZGF0YWJhc2U6YnJ1dGVmb3JjZSIKICBsYWJlbDogIk1vbmdvREIgQnJ1dGVmb3JjZSIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgbW9uZ29kYiB1c2VyIGVudW0gYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiB0aW1va29lc3NsZXIvbW9uZ29kYi1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgbW9uZ29kYiB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ21vbmdvZGJfZmFpbGVkX2F1dGgnIgpsZWFrc3BlZWQ6ICI0MHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IG1vbmdvZGIKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiZGF0YWJhc2U6YnJ1dGVmb3JjZSIKICBsYWJlbDogIk1vbmdvREIgVXNlciBFbnVtZXJhdGlvbiIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUKLS0tCiMgbW9uZ29kYiBhdXRoZW50aWNhdGlvbiBkYXRhYmFzZSBlbnVtIGJydXRlZm9yY2UKdHlwZTogbGVha3kKbmFtZTogdGltb2tvZXNzbGVyL21vbmdvZGItYmZfYXV0aC1kYi1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG1vbmdvZGIgYXV0aGVudGljYXRpb24gZGF0YWJhc2UgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnbW9uZ29kYl9mYWlsZWRfYXV0aCciCmxlYWtzcGVlZDogIjQwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS5hdXRoZW50aWNhdGlvbl9kYXRhYmFzZQpibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogbW9uZ29kYgogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1ODkKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJkYXRhYmFzZTpicnV0ZWZvcmNlIgogIGxhYmVsOiAiTW9uZ29EQiBBdXRoZW50aWNhdGlvbiBFbnVtZXJhdGlvbiIKICBzcG9vZmFibGU6IDAKICBjb25maWRlbmNlOiAzCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect mongodb bruteforce", "author": "timokoessler", "labels": { "behavior": "database:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "MongoDB Bruteforce", "remediation": true, "service": "mongodb", "spoofable": 0 } }, "timokoessler/uptime-kuma-bf": { "path": "scenarios/timokoessler/uptime-kuma-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "a50fbbc0db115694fc140607f27688c499d63b3702b2bc596809f3cfaeb58c02", "deprecated": false }, "0.2": { "digest": "c78efdf197b94e8be0540b5d6e1bfa6c926cda8e8bd51969d8db4c3960eb9f04", "deprecated": false } }, "long_description": "RGV0ZWN0IGZhaWxlZCBVcHRpbWUgS3VtYSBhdXRoZW50aWNhdGlvbnM6CgotIGxlYWtzcGVlZCBvZiAxNXMsIGNhcGFjaXR5IG9mIDUgb24gc291cmNlIGlwCi0gbGVha3NwZWVkIG9mIDMwcywgY2FwYWNpdHkgb2YgNSBvbiBzb3VyY2UgaXAgYW5kIHVuaXF1ZSBkaXN0aW5jdCB1c2Vycw==", "content": "IyBVcHRpbWUgS3VtYSBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5Cm5hbWU6IHRpbW9rb2Vzc2xlci91cHRpbWUta3VtYS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBVcHRpbWUgS3VtYSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3VwdGltZV9rdW1hX2ZhaWxlZF9wYXNzd29yZCcsICd1cHRpbWVfa3VtYV9mYWlsZWRfdG90cCddIgpsZWFrc3BlZWQ6ICIxNXMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiAgc2VydmljZTogdXB0aW1lLWt1bWEKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJVcHRpbWUgS3VtYSBCcnV0ZWZvcmNlIgogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDMKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBVcHRpbWUgS3VtYSB1c2VyIGVudW0gYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiB0aW1va29lc3NsZXIvdXB0aW1lLWt1bWEtYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IFVwdGltZSBLdW1hIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ3VwdGltZV9rdW1hX2ZhaWxlZF9wYXNzd29yZCcsICd1cHRpbWVfa3VtYV9mYWlsZWRfdG90cCddIgpsZWFrc3BlZWQ6ICIzMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudXNlcm5hbWUKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHVwdGltZS1rdW1hCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU4OQogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlVwdGltZSBLdW1hIFVzZXIgRW51bWVyYXRpb24iCiAgc3Bvb2ZhYmxlOiAwCiAgY29uZmlkZW5jZTogMwogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect Uptime Kuma bruteforce", "author": "timokoessler", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Uptime Kuma Bruteforce", "remediation": true, "service": "uptime-kuma", "spoofable": 0 } }, "xs539/bookstack-bf": { "path": "scenarios/xs539/bookstack-bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "828ad724c5f1e4753fcb812c7aea04fac5be2f1c0ef336bde572515496e6f3ff", "deprecated": false }, "0.2": { "digest": "808f23a3c6324bfff37364a37ab62141ac8e0c124486a999ca9382ba8362de6e", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogeHM1MzkvYm9va3N0YWNrLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGJvb2tzdGFjayBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnYm9va3N0YWNrX2ZhaWxlZF9hdXRoJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogMTVtCmNhcGFjaXR5OiAzCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGJvb2tzdGFjawogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJCb29rc3RhY2sgQnJ1dGVmb3JjZSIKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KdHlwZTogbGVha3kKbmFtZTogIHhzNTM5L2Jvb2tzdGFjay1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3QgYm9va3N0YWNrIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdib29rc3RhY2tfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogMTVtCmNhcGFjaXR5OiAzCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGJvb2tzdGFjawogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgbGFiZWw6ICJCb29rc3RhY2sgVXNlciBFbnVtZXJhdGlvbiIKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect bookstack bruteforce", "author": "xs539", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Bookstack Bruteforce", "remediation": true, "service": "bookstack", "spoofable": 0 } }, "xs539/joplin-server-bf": { "path": "scenarios/xs539/joplin-server-bf.yaml", "version": "0.3", "versions": { "0.1": { "digest": "0c145a9d2072160940cb9de1d84b19a92df3b5227581f008481a505f74301ffb", "deprecated": false }, "0.2": { "digest": "5ffec4624031734a05c87617f2d4a242b04ab9ca5cfe54c78d4f2a91835ae7f3", "deprecated": false }, "0.3": { "digest": "edb791f6bdcaca842a71097a78202b717ba499dad029513f71154e4a22e5b67e", "deprecated": false } }, "content": "dHlwZTogbGVha3kKbmFtZTogeHM1Mzkvam9wbGluLXNlcnZlci1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBKb3BsaW4gU2VydmVyIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdqb3BsaW5fc2VydmVyX2ZhaWxlZF9hdXRoJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmxlYWtzcGVlZDogMTVtCmNhcGFjaXR5OiAzCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGpvcGxpbgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgbGFiZWw6ICJKb3BsaW4gQnJ1dGVmb3JjZSIKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KdHlwZTogbGVha3kKbmFtZTogIHhzNTM5L2pvcGxpbi1zZXJ2ZXItYmZfdXNlci1lbnVtCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEpvcGxpbiBTZXJ2ZXIgYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2pvcGxpbl9zZXJ2ZXJfZmFpbGVkX2F1dGgnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogMTVtCmNhcGFjaXR5OiAzCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHNlcnZpY2U6IGpvcGxpbgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgbGFiZWw6ICJKb3BsaW4gVXNlciBFbnVtZXJhdGlvbiIKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQ==", "description": "Detect Joplin Server bruteforce", "author": "xs539", "labels": { "behavior": "http:bruteforce", "classification": [ "attack.T1110" ], "confidence": 3, "label": "Joplin Bruteforce", "remediation": true, "service": "joplin", "spoofable": 0 } } } }