# ssh bruteforce
type: leaky
debug: true
name: test/simple-leaky
description: "Simple leaky"
filter: "evt.Line.Labels.type =='testlog'"
leakspeed: "20s"
capacity: 3
cache_size: 1
distinct: evt.Meta.uniq_key
groupby: evt.Meta.source_ip
labels:
 type: overflow_1