beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
crowdsec/pkg/cwhub/.index.json
Thibault bui Koechlin 2016167654 initial import
2020-05-15 11:39:16 +02:00

499 lines
13 KiB
JSON
Raw Blame History

{
"collections" : {
"crowdsec/linux" : {
"path" : "collections/crowdsec/linux.yaml",
"version" : "0.1",
"versions" : {
"0.1" : { "digest" : "1fc917c7ad66487470e466c0ad40ddd45b9f7730a4b43e1b2542627f0596bbdc", "deprecated" : false }
},
"description" : "generic linux : ssh/nginx/apache + ssh/http scenarios",
"author" : "crowdsec",
"tags" : null,
"parsers" : ["crowdsec/apache2-logs", "crowdsec/sshd-logs", "crowdsec/nginx-logs"],
"scenarios" : ["crowdsec/ssh_enum"]
}
},
"parsers": {
"crowdsec/apache2-logs": {
"path": "parsers/s01-parse/crowdsec/apache2-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "e09bb847fb9a80aedaa4b682309b7e5876398a9a28c28911d969c5dd4aa2c0cf",
"deprecated": false
},
"0.2": {
"digest": "809d2de8c0a9bb7faa69cd53fd2f78bb4fb67b8e85a61b7179243913073890b8",
"deprecated": false
}
},
"description": "Parse Apache2 access and error logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/cowrie-logs": {
"path": "parsers/s01-parse/crowdsec/cowrie-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "5914721479adf812e27fa7d8ef7d533698d773faa863e658c9a9a9b996a2008e",
"deprecated": false
},
"0.2": {
"digest": "86240cc3887580304a1662213ba08e5993d790dcb14b3f08576cb988e449b8b2",
"deprecated": false
}
},
"description": "Parse cowrie honeypots logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/geoip": {
"path": "parsers/s02-enrich/crowdsec/geoip.yaml",
"stage": "s02-enrich",
"version": "0.2",
"versions": {
"0.1": {
"digest": "a80dd157205988b209c95017af56adcd415f7d05e2106d255853016d3068d993",
"deprecated": false
},
"0.2": {
"digest": "9546892698b3e52ee2ad835521093e11edef9c3bbd86a30c8a6b25bc2f732721",
"deprecated": false
}
},
"description": "Enrich geolocalisation data associated to the source IP",
"author": "crowdsec",
"tags": null
},
"crowdsec/http-logs": {
"path": "parsers/s02-enrich/crowdsec/http-logs.yaml",
"stage": "s02-enrich",
"version": "0.2",
"versions": {
"0.1": {
"digest": "17c20627760a32f372fabacc1933ed53ad533bc3cb6b36dc9f2237e768798abe",
"deprecated": false
},
"0.2": {
"digest": "a9c76d274bf69c3e64c486a162f589355c3a53978c2bc2b34dbdaa8c5d65b73c",
"deprecated": false
}
},
"description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",
"author": "crowdsec",
"tags": null
},
"crowdsec/mysql-logs": {
"path": "parsers/s01-parse/crowdsec/mysql-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "b5bf9052c14f6a5887804247f58088d9da364b923d61a14791722f7a695e99e4",
"deprecated": false
},
"0.2": {
"digest": "f3975dea7bb749ee0e0bd8b8f444af2f5bb028afd5f78c4198daf2de8c17a9e8",
"deprecated": false
}
},
"description": "Parse MySQL logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/naxsi-logs": {
"path": "parsers/s02-enrich/crowdsec/naxsi-logs.yaml",
"stage": "s02-enrich",
"version": "0.2",
"versions": {
"0.1": {
"digest": "75b0ef4d320aced623327bca496f77d606e2449990dd0f6ef849aa9aaf91aad2",
"deprecated": false
},
"0.2": {
"digest": "a93b89b1cb2a9d61d61c50c6dd4c89707d770c7e9c504d8683d802bb1ec57d07",
"deprecated": false
}
},
"description": "Enrich logs if its from NAXSI",
"author": "crowdsec",
"tags": null
},
"crowdsec/nginx-logs": {
"path": "parsers/s01-parse/crowdsec/nginx-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "86c5d6cb6671f1c233b06b0afbd43a33740dd55df004ae01ff43714d2ca822bf",
"deprecated": false
},
"0.2": {
"digest": "36200096b897494563d31f38bee86c22868ac9bd54b74591398474547d968339",
"deprecated": false
}
},
"description": "Parse nginx access and error logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/skip-pretag": {
"path": "parsers/s00-raw/crowdsec/skip-pretag.yaml",
"stage": "s00-raw",
"version": "0.1",
"versions": {
"0.1": {
"digest": "c43d625b9854a5d66a5227068e943a77d57111b3411262a856a4d3c9415dd6c4",
"deprecated": false
}
},
"author": "crowdsec",
"tags": null
},
"crowdsec/smb-logs": {
"path": "parsers/s01-parse/crowdsec/smb-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "edba72ee6bdbfad7d453e8564de4c6cfbaa3f99c907f3ad9da3e8d499f6d264d",
"deprecated": false
},
"0.2": {
"digest": "86a5cfaf053da6a820fb6f3679633dce76dc6b75a3f84cf18b1502d8c0d2a519",
"deprecated": false
}
},
"description": "Parse SMB logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/sshd-logs": {
"path": "parsers/s01-parse/crowdsec/sshd-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "ede920fb15f97c8fe559e2687d200232074ea2d76e57a80db147451e5fded359",
"deprecated": false
},
"0.2": {
"digest": "43c2602153722d2bfc8f1851278469fa7838a82ce752ce1bbdde192299a93c6d",
"deprecated": false
}
},
"description": "Parse openSSH logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/syslog-parse": {
"path": "parsers/s00-raw/crowdsec/syslog-parse.yaml",
"stage": "s00-raw",
"version": "0.2",
"versions": {
"0.1": {
"digest": "ea6d39fdfd9c73ece96bd57ecdff952e6db99e4d1652f3c1b74ed9d52d185846",
"deprecated": false
},
"0.2": {
"digest": "98feb5259f175e0e17db44bc911ef458f9f55c5b524fa2e201847e16f4e83a1b",
"deprecated": false
}
},
"author": "crowdsec",
"tags": null
},
"crowdsec/tcpdump-logs": {
"path": "parsers/s01-parse/crowdsec/tcpdump-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"versions": {
"0.1": {
"digest": "f3a55b79061bc1dbfce85855363b73a09e7cce5c0ff9972bdb4f7ec7fabcd9f8",
"deprecated": false
},
"0.2": {
"digest": "8d0dc2230eefc35d9c7aec97cbf95a824fbdd66582aa4e5ededf17131ecd6103",
"deprecated": false
}
},
"description": "Parse tcpdump raw logs",
"author": "crowdsec",
"tags": null
},
"crowdsec/timemachine": {
"path": "parsers/s02-enrich/crowdsec/timemachine.yaml",
"stage": "s02-enrich",
"version": "0.1",
"versions": {
"0.1": {
"digest": "cd9f202305b3210511bce32950e0e06ce416391ab53875cc17d5f6aecc8bbf19",
"deprecated": false
}
},
"author": "crowdsec",
"tags": null
}
},
"postoverflows": {
"crowdsec/rdns": {
"path": "postoverflows/s00-enrich/crowdsec/rdns.yaml",
"stage": "s00-enrich",
"version": "0.2",
"versions": {
"0.1": {
"digest": "d04e28fa2c74f4c1ba3f1daeeeaa8a95858f620e7587123cde224b6b376ad16a",
"deprecated": false
},
"0.2": {
"digest": "e1f7905318e7d8c432e4cf1428e3e7c943aec7c625a5d598e5b26b36a6231f1e",
"deprecated": false
}
},
"description": "Lookup the DNS assiocated to the source IP only for overflows",
"author": "crowdsec",
"tags": null
}
},
"scenarios": {
"crowdsec/counters": {
"path": "scenarios/crowdsec/counters.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "edd898e179c89ddc85890e702dc2975ecf411546fa3082b8f190ccb5d7304aa8",
"deprecated": false
},
"0.2": {
"digest": "04ef21d6f7f48d66119098e8ecd23b5c1107e8fdd274ffddb5f8309252c1dfd1",
"deprecated": false
}
},
"description": "Count unique ssh bruteforces",
"author": "crowdsec",
"tags": [
"ssh"
]
},
"crowdsec/double_drop": {
"path": "scenarios/crowdsec/double_drop.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "0f6bd279437d9ef8061d8b69c6567c0389101811cc741a2ad766ffee1f7a8dc6",
"deprecated": false
}
},
"description": "Ban a range if more than 5 ips from it are banned at a time",
"author": "crowdsec",
"tags": null
},
"crowdsec/http_404_scan": {
"path": "scenarios/crowdsec/http_404_scan.yaml",
"version": "0.3",
"versions": {
"0.1": {
"digest": "4224c98f088b553cf65db1608dc448ee5e679de31437bfe2f65352362c66b24f",
"deprecated": false
},
"0.2": {
"digest": "62768595d349c174078057534ebc21de37560a258b98fbc63ddc5106edb4db40",
"deprecated": false
},
"0.3": {
"digest": "9ec1df959e637d08d6fc969bbfa94deba72230cb1cb528ecba4180b62670032a",
"deprecated": false
}
},
"description": "Detect multiple unique 404 from a single ip",
"author": "crowdsec",
"tags": [
"http",
"scan"
]
},
"crowdsec/http_aggressive_crawl": {
"path": "scenarios/crowdsec/http_aggressive_crawl.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "e0b6a1c40f8009bec4698fb0562ad34d8159aa7e1006dedbd9d28c397ab4db1a",
"deprecated": false
}
},
"description": "Detect aggressive crawl from multiple ips",
"author": "crowdsec",
"tags": [
"http",
"distributed_crawl"
]
},
"crowdsec/http_distributed_crawl": {
"path": "scenarios/crowdsec/http_distributed_crawl.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "8eb442380f5a996a4ccba30b6dd39391ea021c0dead7cb3b7a7eea8f216a468f",
"deprecated": false
},
"0.2": {
"digest": "bf778e2c091bb9099a019317311a191ece7b027389231f13a2c684f647e06a66",
"deprecated": false
}
},
"description": "an aggressive crawl distributed amongst several ips",
"author": "crowdsec",
"tags": [
"http",
"distributed_crawl"
]
},
"crowdsec/mysql_bf": {
"path": "scenarios/crowdsec/mysql_bf.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "058a37a9d144c25586c6cb6f5cd471436bd8adb87f54e66a0a7dfc3509bb20d0",
"deprecated": false
},
"0.2": {
"digest": "74356430e1ff91b08b95e213e5fc8bb7b9894a3f131ffc31a6507cbfba7f2abb",
"deprecated": false
}
},
"description": "Detect mysql bruteforce",
"author": "crowdsec",
"tags": [
"mysql",
"bruteforce"
]
},
"crowdsec/naxsi": {
"path": "scenarios/crowdsec/naxsi.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "7004c206a2fc5e4f786ae226ebca142a5eb372bb22b56276811bf2b43b9e8c22",
"deprecated": false
},
"0.2": {
"digest": "16838eae3b5515e732084e1508518ecdc8c35968631d617f10314e5d95950493",
"deprecated": false
}
},
"description": "Detect custom blacklist triggered in naxsi",
"author": "crowdsec",
"tags": [
"http",
"scan"
]
},
"crowdsec/smb_bf": {
"path": "scenarios/crowdsec/smb_bf.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "0078c276a111618d89203fac5e192d2564d186b9da7575e9cd75a186ca573e72",
"deprecated": false
}
},
"description": "Detect smb bruteforce",
"author": "crowdsec",
"tags": [
"smb",
"bruteforce"
]
},
"crowdsec/ssh_bf": {
"path": "scenarios/crowdsec/ssh_bf.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "252354885e933ed8f6fb255c764d15e529c285443eee5efac3bc3d801f2789fe",
"deprecated": false
},
"0.2": {
"digest": "8e4bf46e185e8a0764535bf84ba5d8a5515e266272a363c8f8929fc85dbc4609",
"deprecated": false
}
},
"description": "Detect ssh user enum bruteforce",
"author": "crowdsec",
"tags": [
"ssh",
"bruteforce"
]
},
"crowdsec/ssh_enum": {
"path": "scenarios/crowdsec/ssh_enum.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "335776aafa070073abdc1c9cf333c5fd2513c982443a29476e0b31c339b6b17f",
"deprecated": false
}
},
"description": "Detect ssh user enum bruteforce",
"author": "crowdsec",
"tags": [
"ssh",
"bruteforce"
]
},
"crowdsec/tcpdump": {
"path": "scenarios/crowdsec/tcpdump.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "2fe9e4ce72a8552bfd65d2d28759e4724bd0a85c716685d9d9b992f9cecb5a1f",
"deprecated": false
},
"0.2": {
"digest": "fe9392749ad32925ebd7a5c776bbde8527a1a02f8a531de04da51726bdb54bcb",
"deprecated": false
}
},
"description": "Detect new connection with tcpdump",
"author": "crowdsec",
"tags": [
"tcp"
]
},
"crowdsec/telnet_bf": {
"path": "scenarios/crowdsec/telnet_bf.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "c0dcbfcfc86f3f3ecbc4888e78e06f322ca7d4dc11fd6604893f76bb52ca6c9d",
"deprecated": false
}
},
"description": "detect telnet bruteforce",
"author": "crowdsec",
"tags": [
"telnet",
"bruteforce"
]
},
"crowdsec/wordpress_bf": {
"path": "scenarios/crowdsec/wordpress_bf.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "a89253d2f02f0dc0bfecd85998ba5dd45eecf94929c1fa058ef9fe1646b511d9",
"deprecated": false
}
},
"description": "detect wordpress bruteforce",
"author": "crowdsec",
"tags": [
"http",
"bruteforce"
]
}
}
}
Reference in a new issue View git blame Copy permalink