618be9ff68
* properly update the time structure within event to ensure it works in time-machine * move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
16 lines
580 B
Plaintext
16 lines
580 B
Plaintext
line: Sep 19 18:33:22 scw-d95986 sshd[24347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.4
|
|
├ s00-raw
|
|
| └ 🟢 crowdsecurity/syslog-logs (+12 ~9)
|
|
├ s01-parse
|
|
| └ 🟢 crowdsecurity/sshd-logs (+8 ~1)
|
|
├ s02-enrich
|
|
| ├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
|
|
| └ 🟢 crowdsecurity/geoip-enrich (+10)
|
|
├-------- parser success 🟢
|
|
├ Scenarios
|
|
├ 🟢 crowdsecurity/ssh-bf
|
|
├ 🟢 crowdsecurity/ssh-bf_user-enum
|
|
├ 🟢 crowdsecurity/ssh-slow-bf
|
|
└ 🟢 crowdsecurity/ssh-slow-bf_user-enum
|
|
|