# ssh bruteforce
type: leaky
debug: true
name: test/simple-leaky
description: "Simple leaky"
filter: "evt.Line.Labels.type =='testlog'"
leakspeed: "10s"
capacity: 1
blackhole: 1m
groupby: evt.Meta.source_ip
labels:
 type: overflow_1