{ "collections" : { "crowdsec/linux" : { "path" : "collections/crowdsec/linux.yaml", "version" : "0.1", "versions" : { "0.1" : { "digest" : "1fc917c7ad66487470e466c0ad40ddd45b9f7730a4b43e1b2542627f0596bbdc", "deprecated" : false } }, "description" : "generic linux : ssh/nginx/apache + ssh/http scenarios", "author" : "crowdsec", "tags" : null, "parsers" : ["crowdsec/apache2-logs", "crowdsec/sshd-logs", "crowdsec/nginx-logs"], "scenarios" : ["crowdsec/ssh_enum"] } }, "parsers": { "crowdsec/apache2-logs": { "path": "parsers/s01-parse/crowdsec/apache2-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "e09bb847fb9a80aedaa4b682309b7e5876398a9a28c28911d969c5dd4aa2c0cf", "deprecated": false }, "0.2": { "digest": "809d2de8c0a9bb7faa69cd53fd2f78bb4fb67b8e85a61b7179243913073890b8", "deprecated": false } }, "description": "Parse Apache2 access and error logs", "author": "crowdsec", "tags": null }, "crowdsec/cowrie-logs": { "path": "parsers/s01-parse/crowdsec/cowrie-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "5914721479adf812e27fa7d8ef7d533698d773faa863e658c9a9a9b996a2008e", "deprecated": false }, "0.2": { "digest": "86240cc3887580304a1662213ba08e5993d790dcb14b3f08576cb988e449b8b2", "deprecated": false } }, "description": "Parse cowrie honeypots logs", "author": "crowdsec", "tags": null }, "crowdsec/geoip": { "path": "parsers/s02-enrich/crowdsec/geoip.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "a80dd157205988b209c95017af56adcd415f7d05e2106d255853016d3068d993", "deprecated": false }, "0.2": { "digest": "9546892698b3e52ee2ad835521093e11edef9c3bbd86a30c8a6b25bc2f732721", "deprecated": false } }, "description": "Enrich geolocalisation data associated to the source IP", "author": "crowdsec", "tags": null }, "crowdsec/http-logs": { "path": "parsers/s02-enrich/crowdsec/http-logs.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "17c20627760a32f372fabacc1933ed53ad533bc3cb6b36dc9f2237e768798abe", "deprecated": false }, "0.2": { "digest": "a9c76d274bf69c3e64c486a162f589355c3a53978c2bc2b34dbdaa8c5d65b73c", "deprecated": false } }, "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource", "author": "crowdsec", "tags": null }, "crowdsec/mysql-logs": { "path": "parsers/s01-parse/crowdsec/mysql-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "b5bf9052c14f6a5887804247f58088d9da364b923d61a14791722f7a695e99e4", "deprecated": false }, "0.2": { "digest": "f3975dea7bb749ee0e0bd8b8f444af2f5bb028afd5f78c4198daf2de8c17a9e8", "deprecated": false } }, "description": "Parse MySQL logs", "author": "crowdsec", "tags": null }, "crowdsec/naxsi-logs": { "path": "parsers/s02-enrich/crowdsec/naxsi-logs.yaml", "stage": "s02-enrich", "version": "0.2", "versions": { "0.1": { "digest": "75b0ef4d320aced623327bca496f77d606e2449990dd0f6ef849aa9aaf91aad2", "deprecated": false }, "0.2": { "digest": "a93b89b1cb2a9d61d61c50c6dd4c89707d770c7e9c504d8683d802bb1ec57d07", "deprecated": false } }, "description": "Enrich logs if its from NAXSI", "author": "crowdsec", "tags": null }, "crowdsec/nginx-logs": { "path": "parsers/s01-parse/crowdsec/nginx-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "86c5d6cb6671f1c233b06b0afbd43a33740dd55df004ae01ff43714d2ca822bf", "deprecated": false }, "0.2": { "digest": "36200096b897494563d31f38bee86c22868ac9bd54b74591398474547d968339", "deprecated": false } }, "description": "Parse nginx access and error logs", "author": "crowdsec", "tags": null }, "crowdsec/skip-pretag": { "path": "parsers/s00-raw/crowdsec/skip-pretag.yaml", "stage": "s00-raw", "version": "0.1", "versions": { "0.1": { "digest": "c43d625b9854a5d66a5227068e943a77d57111b3411262a856a4d3c9415dd6c4", "deprecated": false } }, "author": "crowdsec", "tags": null }, "crowdsec/smb-logs": { "path": "parsers/s01-parse/crowdsec/smb-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "edba72ee6bdbfad7d453e8564de4c6cfbaa3f99c907f3ad9da3e8d499f6d264d", "deprecated": false }, "0.2": { "digest": "86a5cfaf053da6a820fb6f3679633dce76dc6b75a3f84cf18b1502d8c0d2a519", "deprecated": false } }, "description": "Parse SMB logs", "author": "crowdsec", "tags": null }, "crowdsec/sshd-logs": { "path": "parsers/s01-parse/crowdsec/sshd-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "ede920fb15f97c8fe559e2687d200232074ea2d76e57a80db147451e5fded359", "deprecated": false }, "0.2": { "digest": "43c2602153722d2bfc8f1851278469fa7838a82ce752ce1bbdde192299a93c6d", "deprecated": false } }, "description": "Parse openSSH logs", "author": "crowdsec", "tags": null }, "crowdsec/syslog-parse": { "path": "parsers/s00-raw/crowdsec/syslog-parse.yaml", "stage": "s00-raw", "version": "0.2", "versions": { "0.1": { "digest": "ea6d39fdfd9c73ece96bd57ecdff952e6db99e4d1652f3c1b74ed9d52d185846", "deprecated": false }, "0.2": { "digest": "98feb5259f175e0e17db44bc911ef458f9f55c5b524fa2e201847e16f4e83a1b", "deprecated": false } }, "author": "crowdsec", "tags": null }, "crowdsec/tcpdump-logs": { "path": "parsers/s01-parse/crowdsec/tcpdump-logs.yaml", "stage": "s01-parse", "version": "0.2", "versions": { "0.1": { "digest": "f3a55b79061bc1dbfce85855363b73a09e7cce5c0ff9972bdb4f7ec7fabcd9f8", "deprecated": false }, "0.2": { "digest": "8d0dc2230eefc35d9c7aec97cbf95a824fbdd66582aa4e5ededf17131ecd6103", "deprecated": false } }, "description": "Parse tcpdump raw logs", "author": "crowdsec", "tags": null }, "crowdsec/timemachine": { "path": "parsers/s02-enrich/crowdsec/timemachine.yaml", "stage": "s02-enrich", "version": "0.1", "versions": { "0.1": { "digest": "cd9f202305b3210511bce32950e0e06ce416391ab53875cc17d5f6aecc8bbf19", "deprecated": false } }, "author": "crowdsec", "tags": null } }, "postoverflows": { "crowdsec/rdns": { "path": "postoverflows/s00-enrich/crowdsec/rdns.yaml", "stage": "s00-enrich", "version": "0.2", "versions": { "0.1": { "digest": "d04e28fa2c74f4c1ba3f1daeeeaa8a95858f620e7587123cde224b6b376ad16a", "deprecated": false }, "0.2": { "digest": "e1f7905318e7d8c432e4cf1428e3e7c943aec7c625a5d598e5b26b36a6231f1e", "deprecated": false } }, "description": "Lookup the DNS assiocated to the source IP only for overflows", "author": "crowdsec", "tags": null } }, "scenarios": { "crowdsec/counters": { "path": "scenarios/crowdsec/counters.yaml", "version": "0.2", "versions": { "0.1": { "digest": "edd898e179c89ddc85890e702dc2975ecf411546fa3082b8f190ccb5d7304aa8", "deprecated": false }, "0.2": { "digest": "04ef21d6f7f48d66119098e8ecd23b5c1107e8fdd274ffddb5f8309252c1dfd1", "deprecated": false } }, "description": "Count unique ssh bruteforces", "author": "crowdsec", "tags": [ "ssh" ] }, "crowdsec/double_drop": { "path": "scenarios/crowdsec/double_drop.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0f6bd279437d9ef8061d8b69c6567c0389101811cc741a2ad766ffee1f7a8dc6", "deprecated": false } }, "description": "Ban a range if more than 5 ips from it are banned at a time", "author": "crowdsec", "tags": null }, "crowdsec/http_404_scan": { "path": "scenarios/crowdsec/http_404_scan.yaml", "version": "0.3", "versions": { "0.1": { "digest": "4224c98f088b553cf65db1608dc448ee5e679de31437bfe2f65352362c66b24f", "deprecated": false }, "0.2": { "digest": "62768595d349c174078057534ebc21de37560a258b98fbc63ddc5106edb4db40", "deprecated": false }, "0.3": { "digest": "9ec1df959e637d08d6fc969bbfa94deba72230cb1cb528ecba4180b62670032a", "deprecated": false } }, "description": "Detect multiple unique 404 from a single ip", "author": "crowdsec", "tags": [ "http", "scan" ] }, "crowdsec/http_aggressive_crawl": { "path": "scenarios/crowdsec/http_aggressive_crawl.yaml", "version": "0.1", "versions": { "0.1": { "digest": "e0b6a1c40f8009bec4698fb0562ad34d8159aa7e1006dedbd9d28c397ab4db1a", "deprecated": false } }, "description": "Detect aggressive crawl from multiple ips", "author": "crowdsec", "tags": [ "http", "distributed_crawl" ] }, "crowdsec/http_distributed_crawl": { "path": "scenarios/crowdsec/http_distributed_crawl.yaml", "version": "0.2", "versions": { "0.1": { "digest": "8eb442380f5a996a4ccba30b6dd39391ea021c0dead7cb3b7a7eea8f216a468f", "deprecated": false }, "0.2": { "digest": "bf778e2c091bb9099a019317311a191ece7b027389231f13a2c684f647e06a66", "deprecated": false } }, "description": "an aggressive crawl distributed amongst several ips", "author": "crowdsec", "tags": [ "http", "distributed_crawl" ] }, "crowdsec/mysql_bf": { "path": "scenarios/crowdsec/mysql_bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "058a37a9d144c25586c6cb6f5cd471436bd8adb87f54e66a0a7dfc3509bb20d0", "deprecated": false }, "0.2": { "digest": "74356430e1ff91b08b95e213e5fc8bb7b9894a3f131ffc31a6507cbfba7f2abb", "deprecated": false } }, "description": "Detect mysql bruteforce", "author": "crowdsec", "tags": [ "mysql", "bruteforce" ] }, "crowdsec/naxsi": { "path": "scenarios/crowdsec/naxsi.yaml", "version": "0.2", "versions": { "0.1": { "digest": "7004c206a2fc5e4f786ae226ebca142a5eb372bb22b56276811bf2b43b9e8c22", "deprecated": false }, "0.2": { "digest": "16838eae3b5515e732084e1508518ecdc8c35968631d617f10314e5d95950493", "deprecated": false } }, "description": "Detect custom blacklist triggered in naxsi", "author": "crowdsec", "tags": [ "http", "scan" ] }, "crowdsec/smb_bf": { "path": "scenarios/crowdsec/smb_bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "0078c276a111618d89203fac5e192d2564d186b9da7575e9cd75a186ca573e72", "deprecated": false } }, "description": "Detect smb bruteforce", "author": "crowdsec", "tags": [ "smb", "bruteforce" ] }, "crowdsec/ssh_bf": { "path": "scenarios/crowdsec/ssh_bf.yaml", "version": "0.2", "versions": { "0.1": { "digest": "252354885e933ed8f6fb255c764d15e529c285443eee5efac3bc3d801f2789fe", "deprecated": false }, "0.2": { "digest": "8e4bf46e185e8a0764535bf84ba5d8a5515e266272a363c8f8929fc85dbc4609", "deprecated": false } }, "description": "Detect ssh user enum bruteforce", "author": "crowdsec", "tags": [ "ssh", "bruteforce" ] }, "crowdsec/ssh_enum": { "path": "scenarios/crowdsec/ssh_enum.yaml", "version": "0.1", "versions": { "0.1": { "digest": "335776aafa070073abdc1c9cf333c5fd2513c982443a29476e0b31c339b6b17f", "deprecated": false } }, "description": "Detect ssh user enum bruteforce", "author": "crowdsec", "tags": [ "ssh", "bruteforce" ] }, "crowdsec/tcpdump": { "path": "scenarios/crowdsec/tcpdump.yaml", "version": "0.2", "versions": { "0.1": { "digest": "2fe9e4ce72a8552bfd65d2d28759e4724bd0a85c716685d9d9b992f9cecb5a1f", "deprecated": false }, "0.2": { "digest": "fe9392749ad32925ebd7a5c776bbde8527a1a02f8a531de04da51726bdb54bcb", "deprecated": false } }, "description": "Detect new connection with tcpdump", "author": "crowdsec", "tags": [ "tcp" ] }, "crowdsec/telnet_bf": { "path": "scenarios/crowdsec/telnet_bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "c0dcbfcfc86f3f3ecbc4888e78e06f322ca7d4dc11fd6604893f76bb52ca6c9d", "deprecated": false } }, "description": "detect telnet bruteforce", "author": "crowdsec", "tags": [ "telnet", "bruteforce" ] }, "crowdsec/wordpress_bf": { "path": "scenarios/crowdsec/wordpress_bf.yaml", "version": "0.1", "versions": { "0.1": { "digest": "a89253d2f02f0dc0bfecd85998ba5dd45eecf94929c1fa058ef9fe1646b511d9", "deprecated": false } }, "description": "detect wordpress bruteforce", "author": "crowdsec", "tags": [ "http", "bruteforce" ] } } }