From 28d14ed312644f3eb618fad6adc025daa7da248c Mon Sep 17 00:00:00 2001 From: blotus Date: Wed, 3 Jul 2024 11:13:56 +0200 Subject: [PATCH 01/10] cve-2024-6387: much faster leakspeed and higher capacity --- scenarios/crowdsecurity/ssh-cve-2024-6387.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml index 929d8176257..1d245253586 100644 --- a/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml +++ b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml @@ -3,8 +3,8 @@ type: leaky name: crowdsecurity/ssh-cve-2024-6387 description: "Detect exploitation attempt of CVE-2024-6387" filter: "evt.Meta.log_type == 'ssh_auth_timeout'" -leakspeed: "180s" -capacity: 3 +leakspeed: "2s" +capacity: 20 groupby: evt.Meta.source_ip blackhole: 1m reprocess: true @@ -17,4 +17,4 @@ labels: - cve.CVE-2024-6387 label: "SSH CVE-2024-6387" behavior: "ssh:exploit" - remediation: true \ No newline at end of file + remediation: true From ef81875dcb70c6f630b406932329b23fa5e61ea3 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 3 Jul 2024 09:14:29 +0000 Subject: [PATCH 02/10] Update index --- .index.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.index.json b/.index.json index 46a1baa6084..a0bfe81925e 100644 --- a/.index.json +++ b/.index.json @@ -13942,15 +13942,19 @@ }, "crowdsecurity/ssh-cve-2024-6387": { "path": "scenarios/crowdsecurity/ssh-cve-2024-6387.yaml", - "version": "0.1", + "version": "0.2", "versions": { "0.1": { "digest": "1a36e33f8743790c5544faa999aa8dd062f6e2b696e16232d3a3f28576119503", "deprecated": false + }, + "0.2": { + "digest": "07cd656d9aaf98762ae805a5e5c18514e9f58fe5211a597a1401b9bb89027841", + "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBDVkUtMjAyNC02Mzg3CiA=", - "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMTgwcyIKY2FwYWNpdHk6IDMKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjdmUuQ1ZFLTIwMjQtNjM4NwogIGxhYmVsOiAiU1NIIENWRS0yMDI0LTYzODciCiAgYmVoYXZpb3I6ICJzc2g6ZXhwbG9pdCIKICByZW1lZGlhdGlvbjogdHJ1ZQ==", + "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMnMiCmNhcGFjaXR5OiAyMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyNC02Mzg3CiAgbGFiZWw6ICJTU0ggQ1ZFLTIwMjQtNjM4NyIKICBiZWhhdmlvcjogInNzaDpleHBsb2l0IgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", "description": "Detect exploitation attempt of CVE-2024-6387", "author": "crowdsecurity", "labels": { From 0bb4ddcac1bd6412a125f8a4e4501b866129f4f9 Mon Sep 17 00:00:00 2001 From: blotus Date: Wed, 3 Jul 2024 11:21:06 +0200 Subject: [PATCH 03/10] Do not show in CTI for now --- scenarios/crowdsecurity/ssh-cve-2024-6387.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml index 1d245253586..8feb2d02442 100644 --- a/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml +++ b/scenarios/crowdsecurity/ssh-cve-2024-6387.yaml @@ -12,6 +12,8 @@ labels: service: ssh confidence: 3 spoofable: 0 + cti: false + public: false classification: - attack.T1190 - cve.CVE-2024-6387 From 3ee36b89bbd6e49d24e0a8d0b8adce4c87c251e0 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 3 Jul 2024 09:21:38 +0000 Subject: [PATCH 04/10] Update taxonomy --- taxonomy/scenarios.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index e00e8a3f8ce..0a5f71e2376 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -3982,7 +3982,7 @@ ], "confidence": 3, "spoofable": 0, - "cti": true, + "cti": false, "service": "ssh", "cves": [ "CVE-2024-6387" From 91ee5443f2b60e28f92d42163a13abcf01418671 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 3 Jul 2024 09:21:40 +0000 Subject: [PATCH 05/10] Update index --- .index.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.index.json b/.index.json index a0bfe81925e..39f31b17686 100644 --- a/.index.json +++ b/.index.json @@ -13942,7 +13942,7 @@ }, "crowdsecurity/ssh-cve-2024-6387": { "path": "scenarios/crowdsecurity/ssh-cve-2024-6387.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "1a36e33f8743790c5544faa999aa8dd062f6e2b696e16232d3a3f28576119503", @@ -13951,10 +13951,14 @@ "0.2": { "digest": "07cd656d9aaf98762ae805a5e5c18514e9f58fe5211a597a1401b9bb89027841", "deprecated": false + }, + "0.3": { + "digest": "2b56281d406b8cb679e9d095c4cb929b6846e04d2d6b99548114b0773825e828", + "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBDVkUtMjAyNC02Mzg3CiA=", - "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMnMiCmNhcGFjaXR5OiAyMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyNC02Mzg3CiAgbGFiZWw6ICJTU0ggQ1ZFLTIwMjQtNjM4NyIKICBiZWhhdmlvcjogInNzaDpleHBsb2l0IgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMnMiCmNhcGFjaXR5OiAyMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjdGk6IGZhbHNlCiAgcHVibGljOiBmYWxzZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDI0LTYzODcKICBsYWJlbDogIlNTSCBDVkUtMjAyNC02Mzg3IgogIGJlaGF2aW9yOiAic3NoOmV4cGxvaXQiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect exploitation attempt of CVE-2024-6387", "author": "crowdsecurity", "labels": { @@ -13964,7 +13968,9 @@ "cve.CVE-2024-6387" ], "confidence": 3, + "cti": false, "label": "SSH CVE-2024-6387", + "public": false, "remediation": true, "service": "ssh", "spoofable": 0 From 8e727f248e1c8ca717874401b995dea8cffbd281 Mon Sep 17 00:00:00 2001 From: alteredCoder Date: Wed, 3 Jul 2024 11:45:46 +0200 Subject: [PATCH 06/10] support public: false in taxonomy --- scripts/scenario_taxonomy.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/scenario_taxonomy.py b/scripts/scenario_taxonomy.py index fb53ff8ee22..a42dadb6984 100644 --- a/scripts/scenario_taxonomy.py +++ b/scripts/scenario_taxonomy.py @@ -260,6 +260,7 @@ def main(): confidence = 0 spoofable = 0 in_cti = True + is_public = True if "label" in labels: scenario_label = scenario["labels"]["label"] @@ -276,6 +277,10 @@ def main(): if not labels["cti"]: in_cti = False + if "public" in labels: + if not labels["public"]: + is_public = False + if scenario_label == "": desc = scenario["description"].lower() if desc.startswith("detect "): @@ -320,6 +325,7 @@ def main(): "spoofable": spoofable, "cti": in_cti, "service": service, + "public": is_public, } if len(cves) > 0: From 52e809df334fcf27c2217f4cb689704bdffc095e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 3 Jul 2024 09:46:22 +0000 Subject: [PATCH 07/10] Update taxonomy --- taxonomy/scenarios.json | 785 ++++++++++++++++++++++++++++------------ 1 file changed, 553 insertions(+), 232 deletions(-) diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index 0a5f71e2376..bb2c370c3fc 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -13,7 +13,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/vpatch-CVE-2017-9841": { "name": "crowdsecurity/vpatch-CVE-2017-9841", @@ -30,6 +31,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2017-9841" ], @@ -52,6 +54,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2018-1000861" ], @@ -74,6 +77,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2018-10562" ], @@ -96,6 +100,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2019-1003030" ], @@ -118,6 +123,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2019-12989" ], @@ -140,6 +146,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2020-11738" ], @@ -162,6 +169,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2020-17496" ], @@ -184,6 +192,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2021-22941" ], @@ -206,6 +215,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2021-3129" ], @@ -228,6 +238,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-22954" ] @@ -247,6 +258,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-22965" ], @@ -269,6 +281,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-27926" ], @@ -291,6 +304,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-35914" ], @@ -313,6 +327,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-44877" ], @@ -335,6 +350,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2022-46169" ], @@ -360,6 +376,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-0600" ], @@ -382,6 +399,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-0900" ], @@ -404,6 +422,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-1389" ], @@ -426,6 +445,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-2009" ], @@ -448,6 +468,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-20198" ], @@ -470,6 +491,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-22515" ], @@ -492,6 +514,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-22527" ] @@ -511,6 +534,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-23488" ], @@ -533,6 +557,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-23489" ], @@ -555,6 +580,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-23752" ], @@ -578,6 +604,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-24489" ], @@ -600,6 +627,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-28121" ], @@ -622,6 +650,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-33617" ], @@ -644,6 +673,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-34362" ], @@ -666,6 +696,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-35078" ] @@ -685,6 +716,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-35082" ] @@ -704,6 +736,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-3519" ], @@ -726,6 +759,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-38205" ], @@ -748,6 +782,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-40044" ], @@ -770,6 +805,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-42793" ], @@ -791,6 +827,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-4634" ], @@ -813,6 +850,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-46805", "CVE-2024-21887" @@ -837,6 +875,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-49070" ], @@ -859,6 +898,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-50164" ], @@ -881,6 +921,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-6360" ], @@ -903,6 +944,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-6553" ], @@ -925,6 +967,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-6567" ], @@ -947,6 +990,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-3519" ], @@ -969,6 +1013,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-7028" ] @@ -988,6 +1033,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-1061" ], @@ -1010,6 +1056,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-1071" ], @@ -1032,6 +1079,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-1212" ] @@ -1051,6 +1099,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-22024" ], @@ -1073,6 +1122,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-23897" ], @@ -1095,6 +1145,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2017-9841" ], @@ -1117,6 +1168,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-29849" ] @@ -1136,6 +1188,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-3273" ] @@ -1156,6 +1209,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-4577" ], @@ -1180,6 +1234,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-1709" ] @@ -1198,7 +1253,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/vpatch-laravel-debug-mode": { "name": "crowdsecurity/vpatch-laravel-debug-mode", @@ -1215,6 +1271,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2017-16894", "CVE-2021-41714", @@ -1235,7 +1292,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "Dominic-Wagner/vaultwarden-bf": { "name": "Dominic-Wagner/vaultwarden-bf", @@ -1250,7 +1308,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "vaultwarden" + "service": "vaultwarden", + "public": true }, "Dominic-Wagner/vaultwarden-bf_user-enum": { "name": "Dominic-Wagner/vaultwarden-bf_user-enum", @@ -1266,7 +1325,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "vaultwarden" + "service": "vaultwarden", + "public": true }, "LePresidente/adguardhome-bf": { "name": "LePresidente/adguardhome-bf", @@ -1281,7 +1341,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "adguardhome" + "service": "adguardhome", + "public": true }, "LePresidente/authelia-bf": { "name": "LePresidente/authelia-bf", @@ -1296,7 +1357,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authelia" + "service": "authelia", + "public": true }, "LePresidente/authelia-bf_user-enum": { "name": "LePresidente/authelia-bf_user-enum", @@ -1312,7 +1374,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authelia" + "service": "authelia", + "public": true }, "LePresidente/emby-bf": { "name": "LePresidente/emby-bf", @@ -1327,7 +1390,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "emby" + "service": "emby", + "public": true }, "LePresidente/gitea-bf": { "name": "LePresidente/gitea-bf", @@ -1342,7 +1406,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "gitea" + "service": "gitea", + "public": true }, "LePresidente/gitea-bf_user-enum": { "name": "LePresidente/gitea-bf_user-enum", @@ -1358,7 +1423,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "gitea" + "service": "gitea", + "public": true }, "LePresidente/grafana-bf": { "name": "LePresidente/grafana-bf", @@ -1373,7 +1439,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "grafana" + "service": "grafana", + "public": true }, "LePresidente/harbor-bf": { "name": "LePresidente/harbor-bf", @@ -1388,7 +1455,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "harbor" + "service": "harbor", + "public": true }, "LePresidente/harbor-bf_user-enum": { "name": "LePresidente/harbor-bf_user-enum", @@ -1404,7 +1472,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "harbor" + "service": "harbor", + "public": true }, "LePresidente/jellyfin-bf": { "name": "LePresidente/jellyfin-bf", @@ -1419,7 +1488,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "jellyfin" + "service": "jellyfin", + "public": true }, "LePresidente/jellyfin-bf_user-enum": { "name": "LePresidente/jellyfin-bf_user-enum", @@ -1435,7 +1505,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "jellyfin" + "service": "jellyfin", + "public": true }, "LePresidente/jellyseerr-bf": { "name": "LePresidente/jellyseerr-bf", @@ -1450,7 +1521,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "jellyseerr" + "service": "jellyseerr", + "public": true }, "LePresidente/jellyseerr-bf_user-enum": { "name": "LePresidente/jellyseerr-bf_user-enum", @@ -1466,7 +1538,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "jellyseerr" + "service": "jellyseerr", + "public": true }, "LePresidente/ombi-bf": { "name": "LePresidente/ombi-bf", @@ -1481,7 +1554,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ombi" + "service": "ombi", + "public": true }, "LePresidente/overseerr-bf": { "name": "LePresidente/overseerr-bf", @@ -1496,7 +1570,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "overseerr" + "service": "overseerr", + "public": true }, "LePresidente/overseerr-bf_user-enum": { "name": "LePresidente/overseerr-bf_user-enum", @@ -1512,7 +1587,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "overseerr" + "service": "overseerr", + "public": true }, "LePresidente/redmine-bf": { "name": "LePresidente/redmine-bf", @@ -1527,7 +1603,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "redmine" + "service": "redmine", + "public": true }, "LePresidente/redmine-bf_user-enum": { "name": "LePresidente/redmine-bf_user-enum", @@ -1543,7 +1620,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "redmine" + "service": "redmine", + "public": true }, "lepresidente/ssh-bad-keyexchange-bf": { "name": "lepresidente/ssh-bad-keyexchange-bf", @@ -1558,7 +1636,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "MariuszKociubinski/bitwarden-bf": { "name": "MariuszKociubinski/bitwarden-bf", @@ -1573,7 +1652,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "bitwarden" + "service": "bitwarden", + "public": true }, "a1ad/meshcentral-bf": { "name": "a1ad/meshcentral-bf", @@ -1588,7 +1668,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "meshcentral" + "service": "meshcentral", + "public": true }, "a1ad/meshcentral-bf_user-enum": { "name": "a1ad/meshcentral-bf_user-enum", @@ -1604,7 +1685,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "meshcentral" + "service": "meshcentral", + "public": true }, "a1ad/mikrotik-bf": { "name": "a1ad/mikrotik-bf", @@ -1619,7 +1701,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mikrotik" + "service": "mikrotik", + "public": true }, "a1ad/mikrotik-bf_user-enum": { "name": "a1ad/mikrotik-bf_user-enum", @@ -1635,7 +1718,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mikrotik" + "service": "mikrotik", + "public": true }, "a1ad/mikrotik-scan-multi_ports": { "name": "a1ad/mikrotik-scan-multi_ports", @@ -1652,7 +1736,8 @@ "confidence": 1, "spoofable": 2, "cti": true, - "service": "mikrotik" + "service": "mikrotik", + "public": true }, "aidalinfo/couchdb-slow-bf": { "name": "aidalinfo/couchdb-slow-bf", @@ -1665,7 +1750,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "couchdb" + "service": "couchdb", + "public": true }, "aidalinfo/couchdb-bf": { "name": "aidalinfo/couchdb-bf", @@ -1678,7 +1764,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "couchdb" + "service": "couchdb", + "public": true }, "aidalinfo/couchdb-crawl": { "name": "aidalinfo/couchdb-crawl", @@ -1693,7 +1780,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "couchdb" + "service": "couchdb", + "public": true }, "aidalinfo/tcpudp-flood-traefik": { "name": "aidalinfo/tcpudp-flood-traefik", @@ -1706,7 +1794,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": null + "service": null, + "public": true }, "andreasbrett/baikal-bf": { "name": "andreasbrett/baikal-bf", @@ -1721,7 +1810,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "baikal" + "service": "baikal", + "public": true }, "andreasbrett/baikal-bf_user-enum": { "name": "andreasbrett/baikal-bf_user-enum", @@ -1736,7 +1826,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "baikal" + "service": "baikal", + "public": true }, "andreasbrett/paperless-ngx-bf": { "name": "andreasbrett/paperless-ngx-bf", @@ -1751,7 +1842,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "paperless-ngx" + "service": "paperless-ngx", + "public": true }, "andreasbrett/paperless-ngx-bf_user-enum": { "name": "andreasbrett/paperless-ngx-bf_user-enum", @@ -1766,7 +1858,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "paperless-ngx" + "service": "paperless-ngx", + "public": true }, "andreasbrett/webmin-bf": { "name": "andreasbrett/webmin-bf", @@ -1781,7 +1874,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "webmin" + "service": "webmin", + "public": true }, "andreasbrett/webmin-bf_user-enum": { "name": "andreasbrett/webmin-bf_user-enum", @@ -1796,7 +1890,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "webmin" + "service": "webmin", + "public": true }, "baudneo/gotify-bf": { "name": "baudneo/gotify-bf", @@ -1811,7 +1906,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "gotify" + "service": "gotify", + "public": true }, "baudneo/zoneminder-bf": { "name": "baudneo/zoneminder-bf", @@ -1827,7 +1923,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "zoneminder" + "service": "zoneminder", + "public": true }, "baudneo/zoneminder_cve-2022-39285": { "name": "baudneo/zoneminder_cve-2022-39285", @@ -1844,6 +1941,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", + "public": true, "cves": [ "CVE-2022-39285" ] @@ -1863,6 +1961,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", + "public": true, "cves": [ "CVE-2022-39290" ] @@ -1882,6 +1981,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", + "public": true, "cves": [ "CVE-2022-39291" ] @@ -1899,7 +1999,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "apache-guacamole" + "service": "apache-guacamole", + "public": true }, "corvese/apache-guacamole_user_enum": { "name": "corvese/apache-guacamole_user_enum", @@ -1915,7 +2016,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "apache-guacamole" + "service": "apache-guacamole", + "public": true }, "crowdsecurity/CVE-2017-9841": { "name": "crowdsecurity/CVE-2017-9841", @@ -1932,6 +2034,7 @@ "spoofable": 0, "cti": true, "service": "PHP", + "public": true, "cves": [ "CVE-2017-9841" ] @@ -1951,6 +2054,7 @@ "spoofable": 0, "cti": true, "service": "telerik", + "public": true, "cves": [ "CVE-2019-18935" ] @@ -1969,6 +2073,7 @@ "spoofable": 0, "cti": true, "service": "linux", + "public": true, "cves": [ "CVE-2021-4034" ] @@ -1988,6 +2093,7 @@ "spoofable": 0, "cti": true, "service": "atlassian-confluence", + "public": true, "cves": [ "CVE-2022-26134" ] @@ -2007,6 +2113,7 @@ "spoofable": 0, "cti": true, "service": "glpi", + "public": true, "cves": [ "CVE-2022-35914" ] @@ -2026,6 +2133,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", + "public": true, "cves": [ "CVE-2022-37042" ] @@ -2044,6 +2152,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", + "public": true, "cves": [ "CVE-2022-40684" ] @@ -2063,6 +2172,7 @@ "spoofable": 0, "cti": true, "service": "exchange", + "public": true, "cves": [ "CVE-2022-41082" ] @@ -2081,6 +2191,7 @@ "spoofable": 0, "cti": true, "service": "ghost", + "public": true, "cves": [ "CVE-2022-41697" ] @@ -2100,6 +2211,7 @@ "spoofable": 0, "cti": true, "service": "apache", + "public": true, "cves": [ "CVE-2022-42889" ] @@ -2119,6 +2231,7 @@ "spoofable": 0, "cti": true, "service": "centos", + "public": true, "cves": [ "CVE-2022-44877" ] @@ -2137,6 +2250,7 @@ "spoofable": 0, "cti": true, "service": "cacti", + "public": true, "cves": [ "CVE-2022-46169" ] @@ -2156,6 +2270,7 @@ "spoofable": 0, "cti": true, "service": "cacti", + "public": true, "cves": [ "CVE-2022-46169" ] @@ -2175,6 +2290,7 @@ "spoofable": 0, "cti": true, "service": "confluence", + "public": true, "cves": [ "CVE-2023-22515" ] @@ -2194,6 +2310,7 @@ "spoofable": 0, "cti": true, "service": "Atlassian Confluence", + "public": true, "cves": [ "CVE-2023-22518" ] @@ -2212,6 +2329,7 @@ "spoofable": 0, "cti": true, "service": "windows", + "public": true, "cves": [ "CVE-2023-23397" ] @@ -2231,6 +2349,7 @@ "spoofable": 1, "cti": true, "service": "owncloud", + "public": true, "cves": [ "CVE-2023-49103" ] @@ -2248,7 +2367,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/amavis-blocked": { "name": "crowdsecurity/amavis-blocked", @@ -2262,7 +2382,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "amavis" + "service": "amavis", + "public": true }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "name": "crowdsecurity/apache_log4j2_cve-2021-44228", @@ -2279,6 +2400,7 @@ "spoofable": 0, "cti": true, "service": "apache", + "public": true, "cves": [ "CVE-2021-44228" ] @@ -2296,7 +2418,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/asterisk_bf": { "name": "crowdsecurity/asterisk_bf", @@ -2311,7 +2434,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "asterisk" + "service": "asterisk", + "public": true }, "crowdsecurity/asterisk_user_enum": { "name": "crowdsecurity/asterisk_user_enum", @@ -2328,7 +2452,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "asterisk" + "service": "asterisk", + "public": true }, "crowdsecurity/auditd-base64-exec-behavior": { "name": "crowdsecurity/auditd-base64-exec-behavior", @@ -2343,7 +2468,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/auditd-postexploit-exec-from-net": { "name": "crowdsecurity/auditd-postexploit-exec-from-net", @@ -2358,7 +2484,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/auditd-postexploit-pkill": { "name": "crowdsecurity/auditd-postexploit-pkill", @@ -2373,7 +2500,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/auditd-postexploit-rm": { "name": "crowdsecurity/auditd-postexploit-rm", @@ -2388,7 +2516,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/auditd-suid-crash": { "name": "crowdsecurity/auditd-suid-crash", @@ -2403,7 +2532,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/auditd-sus-exec": { "name": "crowdsecurity/auditd-sus-exec", @@ -2418,7 +2548,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "linux" + "service": "linux", + "public": true }, "crowdsecurity/aws-cloudtrail-bf-console-login": { "name": "crowdsecurity/aws-cloudtrail-bf-console-login", @@ -2433,7 +2564,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change": { "name": "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change", @@ -2448,7 +2580,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-config-config-change": { "name": "crowdsecurity/aws-cis-benchmark-config-config-change", @@ -2463,7 +2596,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-console-auth-fail": { "name": "crowdsecurity/aws-cis-benchmark-console-auth-fail", @@ -2478,7 +2612,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-iam-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-iam-policy-change", @@ -2493,7 +2628,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-kms-deletion": { "name": "crowdsecurity/aws-cis-benchmark-kms-deletion", @@ -2508,7 +2644,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-login-no-mfa": { "name": "crowdsecurity/aws-cis-benchmark-login-no-mfa", @@ -2524,7 +2661,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-nacl-change": { "name": "crowdsecurity/aws-cis-benchmark-nacl-change", @@ -2539,7 +2677,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-ngw-change": { "name": "crowdsecurity/aws-cis-benchmark-ngw-change", @@ -2554,7 +2693,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-root-usage": { "name": "crowdsecurity/aws-cis-benchmark-root-usage", @@ -2570,7 +2710,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-route-table-change": { "name": "crowdsecurity/aws-cis-benchmark-route-table-change", @@ -2585,7 +2726,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-s3-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-s3-policy-change", @@ -2600,7 +2742,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-security-group-change": { "name": "crowdsecurity/aws-cis-benchmark-security-group-change", @@ -2615,7 +2758,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-unauthorized-call": { "name": "crowdsecurity/aws-cis-benchmark-unauthorized-call", @@ -2630,7 +2774,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cis-benchmark-vpc-change": { "name": "crowdsecurity/aws-cis-benchmark-vpc-change", @@ -2645,7 +2790,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cloudtrail-postexploit": { "name": "crowdsecurity/aws-cloudtrail-postexploit", @@ -2661,7 +2807,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login": { "name": "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login", @@ -2676,7 +2823,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "aws" + "service": "aws", + "public": true }, "crowdsecurity/configserver-lfd-bf": { "name": "crowdsecurity/configserver-lfd-bf", @@ -2691,7 +2839,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "crowdsecurity/cpanel-bf-attempt": { "name": "crowdsecurity/cpanel-bf-attempt", @@ -2706,7 +2855,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "cpanel" + "service": "cpanel", + "public": true }, "crowdsecurity/cpanel-bf": { "name": "crowdsecurity/cpanel-bf", @@ -2721,7 +2871,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "cpanel" + "service": "cpanel", + "public": true }, "crowdsecurity/crowdsec-appsec-inband": { "name": "crowdsecurity/crowdsec-appsec-inband", @@ -2736,7 +2887,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/crowdsec-appsec-outofband": { "name": "crowdsecurity/crowdsec-appsec-outofband", @@ -2747,7 +2899,8 @@ "confidence": 0, "spoofable": 0, "cti": true, - "service": null + "service": null, + "public": true }, "crowdsecurity/dovecot-spam": { "name": "crowdsecurity/dovecot-spam", @@ -2762,7 +2915,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "dovecot" + "service": "dovecot", + "public": true }, "crowdsecurity/endlessh-bf": { "name": "crowdsecurity/endlessh-bf", @@ -2777,7 +2931,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "endlessh" + "service": "endlessh", + "public": true }, "crowdsecurity/exchange-bf": { "name": "crowdsecurity/exchange-bf", @@ -2792,7 +2947,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "exchange" + "service": "exchange", + "public": true }, "crowdsecurity/exim-bf": { "name": "crowdsecurity/exim-bf", @@ -2807,7 +2963,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "smtp" + "service": "smtp", + "public": true }, "crowdsecurity/exim-user-bf": { "name": "crowdsecurity/exim-user-bf", @@ -2822,7 +2979,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "smtp" + "service": "smtp", + "public": true }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "name": "crowdsecurity/f5-big-ip-cve-2020-5902", @@ -2839,6 +2997,7 @@ "spoofable": 0, "cti": true, "service": "f5", + "public": true, "cves": [ "CVE-2020-5902" ] @@ -2858,6 +3017,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", + "public": true, "cves": [ "CVE-2018-13379" ] @@ -2875,7 +3035,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "freeswitch" + "service": "freeswitch", + "public": true }, "crowdsecurity/freeswitch-bf": { "name": "crowdsecurity/freeswitch-bf", @@ -2890,7 +3051,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "freeswitch" + "service": "freeswitch", + "public": true }, "crowdsecurity/freeswitch-slow-bf": { "name": "crowdsecurity/freeswitch-slow-bf", @@ -2905,7 +3067,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "freeswitch" + "service": "freeswitch", + "public": true }, "crowdsecurity/freeswitch-user-enumeration": { "name": "crowdsecurity/freeswitch-user-enumeration", @@ -2920,7 +3083,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "freeswitch" + "service": "freeswitch", + "public": true }, "crowdsecurity/grafana-cve-2021-43798": { "name": "crowdsecurity/grafana-cve-2021-43798", @@ -2937,6 +3101,7 @@ "spoofable": 0, "cti": true, "service": "grafana", + "public": true, "cves": [ "CVE-2021-43798" ] @@ -2954,7 +3119,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "home-assistant" + "service": "home-assistant", + "public": true }, "crowdsecurity/http-admin-interface-probing": { "name": "crowdsecurity/http-admin-interface-probing", @@ -2969,7 +3135,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-apiscp-bf": { "name": "crowdsecurity/http-apiscp-bf", @@ -2984,7 +3151,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "apisCP" + "service": "apisCP", + "public": true }, "crowdsecurity/http-backdoors-attempts": { "name": "crowdsecurity/http-backdoors-attempts", @@ -2999,7 +3167,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-bad-user-agent": { "name": "crowdsecurity/http-bad-user-agent", @@ -3014,7 +3183,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-bf-wordpress_bf": { "name": "crowdsecurity/http-bf-wordpress_bf", @@ -3029,7 +3199,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wordpress" + "service": "wordpress", + "public": true }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "name": "crowdsecurity/http-bf-wordpress_bf_xmlrpc", @@ -3044,7 +3215,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wordpress" + "service": "wordpress", + "public": true }, "crowdsecurity/http-crawl-non_statics": { "name": "crowdsecurity/http-crawl-non_statics", @@ -3059,7 +3231,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-cve-2021-41773": { "name": "crowdsecurity/http-cve-2021-41773", @@ -3076,6 +3249,7 @@ "spoofable": 0, "cti": true, "service": "apache", + "public": true, "cves": [ "CVE-2021-41773" ] @@ -3095,6 +3269,7 @@ "spoofable": 0, "cti": true, "service": "apache", + "public": true, "cves": [ "CVE-2021-42013" ] @@ -3112,7 +3287,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-dos-bypass-cache": { "name": "crowdsecurity/http-dos-bypass-cache", @@ -3127,7 +3303,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-dos-invalid-http-versions": { "name": "crowdsecurity/http-dos-invalid-http-versions", @@ -3142,7 +3319,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-dos-random-uri": { "name": "crowdsecurity/http-dos-random-uri", @@ -3157,7 +3335,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-dos-swithcing-ua": { "name": "crowdsecurity/http-dos-swithcing-ua", @@ -3172,7 +3351,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-generic-bf": { "name": "crowdsecurity/http-generic-bf", @@ -3187,7 +3367,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "LePresidente/http-generic-401-bf": { "name": "LePresidente/http-generic-401-bf", @@ -3202,7 +3383,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "LePresidente/http-generic-403-bf": { "name": "LePresidente/http-generic-403-bf", @@ -3217,7 +3399,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-magento-bf": { "name": "crowdsecurity/http-magento-bf", @@ -3232,7 +3415,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "magento" + "service": "magento", + "public": true }, "crowdsecurity/http-magento-ccs-by-as": { "name": "crowdsecurity/http-magento-ccs-by-as", @@ -3247,7 +3431,8 @@ "confidence": 1, "spoofable": 3, "cti": true, - "service": "magento" + "service": "magento", + "public": true }, "crowdsecurity/http-magento-ccs-by-country": { "name": "crowdsecurity/http-magento-ccs-by-country", @@ -3262,7 +3447,8 @@ "confidence": 1, "spoofable": 3, "cti": true, - "service": "magento" + "service": "magento", + "public": true }, "crowdsecurity/http-magento-ccs": { "name": "crowdsecurity/http-magento-ccs", @@ -3277,7 +3463,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "magento" + "service": "magento", + "public": true }, "crowdsecurity/http-open-proxy": { "name": "crowdsecurity/http-open-proxy", @@ -3292,7 +3479,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-path-traversal-probing": { "name": "crowdsecurity/http-path-traversal-probing", @@ -3307,7 +3495,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-probing": { "name": "crowdsecurity/http-probing", @@ -3322,7 +3511,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-sensitive-files": { "name": "crowdsecurity/http-sensitive-files", @@ -3337,7 +3527,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-sqli-probbing-detection": { "name": "crowdsecurity/http-sqli-probbing-detection", @@ -3352,7 +3543,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/http-wordpress-scan": { "name": "crowdsecurity/http-wordpress-scan", @@ -3367,7 +3559,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wordpress" + "service": "wordpress", + "public": true }, "crowdsecurity/http-wordpress_user-enum": { "name": "crowdsecurity/http-wordpress_user-enum", @@ -3384,7 +3577,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wordpress" + "service": "wordpress", + "public": true }, "crowdsecurity/http-wordpress_wpconfig": { "name": "crowdsecurity/http-wordpress_wpconfig", @@ -3399,7 +3593,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wordpress" + "service": "wordpress", + "public": true }, "crowdsecurity/http-xss-probbing": { "name": "crowdsecurity/http-xss-probbing", @@ -3414,7 +3609,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/impossible-travel-user": { "name": "crowdsecurity/impossible-travel-user", @@ -3427,7 +3623,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authentication" + "service": "authentication", + "public": true }, "crowdsecurity/impossible-travel": { "name": "crowdsecurity/impossible-travel", @@ -3440,7 +3637,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authentication" + "service": "authentication", + "public": true }, "crowdsecurity/iptables-scan-multi_ports": { "name": "crowdsecurity/iptables-scan-multi_ports", @@ -3457,7 +3655,8 @@ "confidence": 1, "spoofable": 3, "cti": true, - "service": null + "service": null, + "public": true }, "crowdsecurity/jira_cve-2021-26086": { "name": "crowdsecurity/jira_cve-2021-26086", @@ -3474,6 +3673,7 @@ "spoofable": 0, "cti": true, "service": "jira", + "public": true, "cves": [ "CVE-2021-26086" ] @@ -3491,7 +3691,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-api-server-bruteforce": { "name": "crowdsecurity/k8s-audit-api-server-bruteforce", @@ -3506,7 +3707,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-pod-exec": { "name": "crowdsecurity/k8s-audit-pod-exec", @@ -3521,7 +3723,8 @@ "confidence": 3, "spoofable": 0, "cti": false, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-pod-host-network": { "name": "crowdsecurity/k8s-audit-pod-host-network", @@ -3536,7 +3739,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-pod-host-path-volume": { "name": "crowdsecurity/k8s-audit-pod-host-path-volume", @@ -3551,7 +3755,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-privileged-pod-creation": { "name": "crowdsecurity/k8s-audit-privileged-pod-creation", @@ -3566,7 +3771,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/k8s-audit-service-account-access-denied": { "name": "crowdsecurity/k8s-audit-service-account-access-denied", @@ -3582,7 +3788,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "k8s" + "service": "k8s", + "public": true }, "crowdsecurity/kasm-bruteforce": { "name": "crowdsecurity/kasm-bruteforce", @@ -3597,7 +3804,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "kasm" + "service": "kasm", + "public": true }, "crowdsecurity/litespeed-admin-bf": { "name": "crowdsecurity/litespeed-admin-bf", @@ -3612,7 +3820,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "litespeed" + "service": "litespeed", + "public": true }, "crowdsecurity/mariadb-bf": { "name": "crowdsecurity/mariadb-bf", @@ -3627,7 +3836,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mariadb" + "service": "mariadb", + "public": true }, "crowdsecurity/modsecurity": { "name": "crowdsecurity/modsecurity", @@ -3643,7 +3853,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/mssql-bf": { "name": "crowdsecurity/mssql-bf", @@ -3658,7 +3869,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mssql" + "service": "mssql", + "public": true }, "crowdsecurity/mysql-bf": { "name": "crowdsecurity/mysql-bf", @@ -3673,7 +3885,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mysql" + "service": "mysql", + "public": true }, "crowdsecurity/naxsi-exploit-vpatch": { "name": "crowdsecurity/naxsi-exploit-vpatch", @@ -3689,7 +3902,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/netgear_rce": { "name": "crowdsecurity/netgear_rce", @@ -3705,7 +3919,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "netgear" + "service": "netgear", + "public": true }, "crowdsecurity/nextcloud-bf": { "name": "crowdsecurity/nextcloud-bf", @@ -3720,7 +3935,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "nextcloud" + "service": "nextcloud", + "public": true }, "crowdsecurity/nextcloud-bf_user_enum": { "name": "crowdsecurity/nextcloud-bf_user_enum", @@ -3735,7 +3951,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "nextcloud" + "service": "nextcloud", + "public": true }, "crowdsecurity/nextcloud-bf_domain_error": { "name": "crowdsecurity/nextcloud-bf_domain_error", @@ -3750,7 +3967,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "nextcloud" + "service": "nextcloud", + "public": true }, "crowdsecurity/nginx-req-limit-exceeded": { "name": "crowdsecurity/nginx-req-limit-exceeded", @@ -3765,7 +3983,8 @@ "confidence": 2, "spoofable": 2, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/odoo-bf": { "name": "crowdsecurity/odoo-bf", @@ -3780,7 +3999,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "odoo" + "service": "odoo", + "public": true }, "crowdsecurity/odoo_user-enum": { "name": "crowdsecurity/odoo_user-enum", @@ -3795,7 +4015,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "odoo" + "service": "odoo", + "public": true }, "crowdsecurity/opnsense-gui-bf": { "name": "crowdsecurity/opnsense-gui-bf", @@ -3810,7 +4031,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "opnsense" + "service": "opnsense", + "public": true }, "crowdsecurity/pfsense-gui-bf": { "name": "crowdsecurity/pfsense-gui-bf", @@ -3825,7 +4047,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pfsense" + "service": "pfsense", + "public": true }, "crowdsecurity/pgsql-bf": { "name": "crowdsecurity/pgsql-bf", @@ -3840,7 +4063,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pgsql" + "service": "pgsql", + "public": true }, "crowdsecurity/pgsql-user-enum": { "name": "crowdsecurity/pgsql-user-enum", @@ -3856,7 +4080,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pgsql" + "service": "pgsql", + "public": true }, "crowdsecurity/proftpd-bf": { "name": "crowdsecurity/proftpd-bf", @@ -3871,7 +4096,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "proftpd" + "service": "proftpd", + "public": true }, "crowdsecurity/proftpd-bf_user-enum": { "name": "crowdsecurity/proftpd-bf_user-enum", @@ -3887,7 +4113,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "proftpd" + "service": "proftpd", + "public": true }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "name": "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", @@ -3903,6 +4130,7 @@ "spoofable": 0, "cti": true, "service": "pulse-secure", + "public": true, "cves": [ "CVE-2019-11510" ] @@ -3920,7 +4148,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "smb" + "service": "smb", + "public": true }, "crowdsecurity/spring4shell_cve-2022-22965": { "name": "crowdsecurity/spring4shell_cve-2022-22965", @@ -3936,6 +4165,7 @@ "spoofable": 0, "cti": true, "service": "spring", + "public": true, "cves": [ "CVE-2022-22965" ] @@ -3953,7 +4183,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "crowdsecurity/ssh-bf_user-enum": { "name": "crowdsecurity/ssh-bf_user-enum", @@ -3968,7 +4199,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "crowdsecurity/ssh-cve-2024-6387": { "name": "crowdsecurity/ssh-cve-2024-6387", @@ -3984,6 +4216,7 @@ "spoofable": 0, "cti": false, "service": "ssh", + "public": false, "cves": [ "CVE-2024-6387" ] @@ -4001,7 +4234,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "crowdsecurity/ssh-slow-bf_user-enum": { "name": "crowdsecurity/ssh-slow-bf_user-enum", @@ -4016,7 +4250,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ssh" + "service": "ssh", + "public": true }, "crowdsecurity/suricata-major-severity": { "name": "crowdsecurity/suricata-major-severity", @@ -4032,7 +4267,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "suricata" + "service": "suricata", + "public": true }, "crowdsecurity/suricata-high-medium-severity": { "name": "crowdsecurity/suricata-high-medium-severity", @@ -4048,7 +4284,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "suricata" + "service": "suricata", + "public": true }, "crowdsecurity/synology-dsm-bf": { "name": "crowdsecurity/synology-dsm-bf", @@ -4063,7 +4300,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "synology_dsm" + "service": "synology_dsm", + "public": true }, "crowdsecurity/teamspeak3-bf": { "name": "crowdsecurity/teamspeak3-bf", @@ -4078,7 +4316,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "teamspeak3" + "service": "teamspeak3", + "public": true }, "crowdsecurity/teleport-bf": { "name": "crowdsecurity/teleport-bf", @@ -4091,7 +4330,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "teleport" + "service": "teleport", + "public": true }, "crowdsecurity/teleport-slow-bf": { "name": "crowdsecurity/teleport-slow-bf", @@ -4104,7 +4344,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "teleport" + "service": "teleport", + "public": true }, "crowdsecurity/telnet-bf": { "name": "crowdsecurity/telnet-bf", @@ -4119,7 +4360,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "telnet" + "service": "telnet", + "public": true }, "crowdsecurity/thehive-bf": { "name": "crowdsecurity/thehive-bf", @@ -4134,7 +4376,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/thinkphp-cve-2018-20062": { "name": "crowdsecurity/thinkphp-cve-2018-20062", @@ -4151,6 +4394,7 @@ "spoofable": 0, "cti": true, "service": "thinkphp", + "public": true, "cves": [ "CVE-2018-20062" ] @@ -4170,6 +4414,7 @@ "spoofable": 0, "cti": true, "service": "vmware", + "public": true, "cves": [ "CVE-2022-22954" ] @@ -4189,6 +4434,7 @@ "spoofable": 0, "cti": true, "service": "vmware", + "public": true, "cves": [ "CVE-2021-0027" ] @@ -4206,7 +4452,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "vsftpd" + "service": "vsftpd", + "public": true }, "crowdsecurity/CVE-2022-30190-msdt": { "name": "crowdsecurity/CVE-2022-30190-msdt", @@ -4223,6 +4470,7 @@ "spoofable": 0, "cti": true, "service": "windows", + "public": true, "cves": [ "CVE-2022-30190" ] @@ -4240,7 +4488,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "windows" + "service": "windows", + "public": true }, "crowdsecurity/wireguard-auth": { "name": "crowdsecurity/wireguard-auth", @@ -4255,7 +4504,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "wireguard" + "service": "wireguard", + "public": true }, "darkclip/charon-ipsec-bf": { "name": "darkclip/charon-ipsec-bf", @@ -4270,7 +4520,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "charon_ipsec" + "service": "charon_ipsec", + "public": true }, "firewallservices/lemonldap-ng-bf": { "name": "firewallservices/lemonldap-ng-bf", @@ -4285,7 +4536,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ldap" + "service": "ldap", + "public": true }, "firewallservices/lemonldap-ng-user-enum": { "name": "firewallservices/lemonldap-ng-user-enum", @@ -4301,7 +4553,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ldap" + "service": "ldap", + "public": true }, "firewallservices/pf-scan-multi_ports": { "name": "firewallservices/pf-scan-multi_ports", @@ -4318,7 +4571,8 @@ "confidence": 1, "spoofable": 3, "cti": true, - "service": "tcp" + "service": "tcp", + "public": true }, "firewallservices/zimbra-bf": { "name": "firewallservices/zimbra-bf", @@ -4333,7 +4587,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "zimbra" + "service": "zimbra", + "public": true }, "firewallservices/zimbra-user-enum": { "name": "firewallservices/zimbra-user-enum", @@ -4349,7 +4604,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "zimbra" + "service": "zimbra", + "public": true }, "firix/authentik-bf": { "name": "firix/authentik-bf", @@ -4364,7 +4620,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authentik" + "service": "authentik", + "public": true }, "firix/authentik-bf_user-enum": { "name": "firix/authentik-bf_user-enum", @@ -4380,7 +4637,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "authentik" + "service": "authentik", + "public": true }, "fulljackz/proxmox-bf": { "name": "fulljackz/proxmox-bf", @@ -4395,7 +4653,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "vm-management" + "service": "vm-management", + "public": true }, "fulljackz/proxmox-bf-user-enum": { "name": "fulljackz/proxmox-bf-user-enum", @@ -4411,7 +4670,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "vm-management" + "service": "vm-management", + "public": true }, "fulljackz/pureftpd-bf": { "name": "fulljackz/pureftpd-bf", @@ -4426,7 +4686,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "ftp" + "service": "ftp", + "public": true }, "gauth-fr/immich-bf": { "name": "gauth-fr/immich-bf", @@ -4441,7 +4702,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "immich" + "service": "immich", + "public": true }, "gauth-fr/immich-bf_user-enum": { "name": "gauth-fr/immich-bf_user-enum", @@ -4456,7 +4718,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "immich" + "service": "immich", + "public": true }, "hitech95/email-generic-bf": { "name": "hitech95/email-generic-bf", @@ -4471,7 +4734,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pop3/imap" + "service": "pop3/imap", + "public": true }, "hitech95/email-user-bf": { "name": "hitech95/email-user-bf", @@ -4487,7 +4751,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pop3/imap" + "service": "pop3/imap", + "public": true }, "inherent-io/keycloak-bf": { "name": "inherent-io/keycloak-bf", @@ -4502,7 +4767,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "keycloak" + "service": "keycloak", + "public": true }, "inherent-io/keycloak-user-enum-bf": { "name": "inherent-io/keycloak-user-enum-bf", @@ -4517,7 +4783,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "keycloak" + "service": "keycloak", + "public": true }, "inherent-io/keycloak-slow-bf": { "name": "inherent-io/keycloak-slow-bf", @@ -4532,7 +4799,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "keycloak" + "service": "keycloak", + "public": true }, "inherent-io/keycloak-user-enum-slow-bf": { "name": "inherent-io/keycloak-user-enum-slow-bf", @@ -4547,7 +4815,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "keycloak" + "service": "keycloak", + "public": true }, "jbowdre/miniflux-bf": { "name": "jbowdre/miniflux-bf", @@ -4562,7 +4831,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "miniflux" + "service": "miniflux", + "public": true }, "jbowdre/miniflux-bf_user-enum": { "name": "jbowdre/miniflux-bf_user-enum", @@ -4577,7 +4847,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "miniflux" + "service": "miniflux", + "public": true }, "jusabatier/apereo-cas-bf": { "name": "jusabatier/apereo-cas-bf", @@ -4592,7 +4863,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "jusabatier/apereo-cas-bf_user-enum": { "name": "jusabatier/apereo-cas-bf_user-enum", @@ -4608,7 +4880,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "jusabatier/cas-slow-bf": { "name": "jusabatier/cas-slow-bf", @@ -4623,7 +4896,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "jusabatier/cas-slow-bf_user-enum": { "name": "jusabatier/cas-slow-bf_user-enum", @@ -4639,7 +4913,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "jusabatier/apereo-cas-slow-bf": { "name": "jusabatier/apereo-cas-slow-bf", @@ -4655,7 +4930,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "jusabatier/apereo-cas-slow-bf_user-enum": { "name": "jusabatier/apereo-cas-slow-bf_user-enum", @@ -4671,7 +4947,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "lourys/pterodactyl-wings-bf": { "name": "lourys/pterodactyl-wings-bf", @@ -4686,7 +4963,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "pterodactyl" + "service": "pterodactyl", + "public": true }, "ltsich/http-w00tw00t": { "name": "ltsich/http-w00tw00t", @@ -4701,7 +4979,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "mstilkerich/bind9-refused": { "name": "mstilkerich/bind9-refused", @@ -4716,7 +4995,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "domain" + "service": "domain", + "public": true }, "mwinters-stuff/mailu-admin-bf": { "name": "mwinters-stuff/mailu-admin-bf", @@ -4731,7 +5011,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-bot-protection": { "name": "openappsec/openappsec-bot-protection", @@ -4747,7 +5028,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-cross-site-redirect": { "name": "openappsec/openappsec-cross-site-redirect", @@ -4762,7 +5044,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-csrf": { "name": "openappsec/openappsec-csrf", @@ -4777,7 +5060,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-error-disclosure": { "name": "openappsec/openappsec-error-disclosure", @@ -4793,7 +5077,8 @@ "confidence": 1, "spoofable": 1, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-error-limit": { "name": "openappsec/openappsec-error-limit", @@ -4809,7 +5094,8 @@ "confidence": 1, "spoofable": 1, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-evasion-techniques": { "name": "openappsec/openappsec-evasion-techniques", @@ -4825,7 +5111,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-general": { "name": "openappsec/openappsec-general", @@ -4841,7 +5128,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-http-limit-violation": { "name": "openappsec/openappsec-http-limit-violation", @@ -4857,7 +5145,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-http-method-violation": { "name": "openappsec/openappsec-http-method-violation", @@ -4873,7 +5162,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-ldap-injection": { "name": "openappsec/openappsec-ldap-injection", @@ -4889,7 +5179,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-open-redirect": { "name": "openappsec/openappsec-open-redirect", @@ -4905,7 +5196,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-path-traversal": { "name": "openappsec/openappsec-path-traversal", @@ -4921,7 +5213,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-probing": { "name": "openappsec/openappsec-probing", @@ -4937,7 +5230,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-rce": { "name": "openappsec/openappsec-rce", @@ -4953,7 +5247,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-request-rate-limit": { "name": "openappsec/openappsec-request-rate-limit", @@ -4968,7 +5263,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-schema-validation": { "name": "openappsec/openappsec-schema-validation", @@ -4983,7 +5279,8 @@ "confidence": 1, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-sql-injection": { "name": "openappsec/openappsec-sql-injection", @@ -4999,7 +5296,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-url-instead-of-file": { "name": "openappsec/openappsec-url-instead-of-file", @@ -5015,7 +5313,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-xss": { "name": "openappsec/openappsec-xss", @@ -5032,7 +5331,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "openappsec/openappsec-xxe": { "name": "openappsec/openappsec-xxe", @@ -5048,7 +5348,8 @@ "confidence": 2, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "schiz0phr3ne/prowlarr-bf": { "name": "schiz0phr3ne/prowlarr-bf", @@ -5063,7 +5364,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "prowlarr" + "service": "prowlarr", + "public": true }, "schiz0phr3ne/prowlarr-bf_user-enum": { "name": "schiz0phr3ne/prowlarr-bf_user-enum", @@ -5079,7 +5381,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "prowlarr" + "service": "prowlarr", + "public": true }, "schiz0phr3ne/radarr-bf": { "name": "schiz0phr3ne/radarr-bf", @@ -5094,7 +5397,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "radarr" + "service": "radarr", + "public": true }, "schiz0phr3ne/radarr-bf_user-enum": { "name": "schiz0phr3ne/radarr-bf_user-enum", @@ -5110,7 +5414,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "radarr" + "service": "radarr", + "public": true }, "schiz0phr3ne/sonarr-bf": { "name": "schiz0phr3ne/sonarr-bf", @@ -5125,7 +5430,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sonarr" + "service": "sonarr", + "public": true }, "schiz0phr3ne/sonarr-bf_user-enum": { "name": "schiz0phr3ne/sonarr-bf_user-enum", @@ -5141,7 +5447,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sonarr" + "service": "sonarr", + "public": true }, "thespad/sshesame-bf": { "name": "thespad/sshesame-bf", @@ -5156,7 +5463,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sshesame" + "service": "sshesame", + "public": true }, "thespad/sshesame-cmd": { "name": "thespad/sshesame-cmd", @@ -5171,7 +5479,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sshesame" + "service": "sshesame", + "public": true }, "thespad/sshesame-input": { "name": "thespad/sshesame-input", @@ -5186,7 +5495,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sshesame" + "service": "sshesame", + "public": true }, "timokoessler/gitlab-bf": { "name": "timokoessler/gitlab-bf", @@ -5201,7 +5511,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "gitlab" + "service": "gitlab", + "public": true }, "timokoessler/gitlab-bf_user-enum": { "name": "timokoessler/gitlab-bf_user-enum", @@ -5217,7 +5528,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "gitlab" + "service": "gitlab", + "public": true }, "timokoessler/mongodb-bf": { "name": "timokoessler/mongodb-bf", @@ -5232,7 +5544,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mongodb" + "service": "mongodb", + "public": true }, "timokoessler/mongodb-bf_user-enum": { "name": "timokoessler/mongodb-bf_user-enum", @@ -5248,7 +5561,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mongodb" + "service": "mongodb", + "public": true }, "timokoessler/mongodb-bf_auth-db-enum": { "name": "timokoessler/mongodb-bf_auth-db-enum", @@ -5264,7 +5578,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "mongodb" + "service": "mongodb", + "public": true }, "timokoessler/uptime-kuma-bf": { "name": "timokoessler/uptime-kuma-bf", @@ -5279,7 +5594,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "uptime-kuma" + "service": "uptime-kuma", + "public": true }, "timokoessler/uptime-kuma-bf_user-enum": { "name": "timokoessler/uptime-kuma-bf_user-enum", @@ -5295,7 +5611,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "uptime-kuma" + "service": "uptime-kuma", + "public": true }, "xs539/bookstack-bf": { "name": "xs539/bookstack-bf", @@ -5310,7 +5627,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "bookstack" + "service": "bookstack", + "public": true }, "xs539/bookstack-bf_user-enum": { "name": "xs539/bookstack-bf_user-enum", @@ -5325,7 +5643,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "bookstack" + "service": "bookstack", + "public": true }, "xs539/joplin-server-bf": { "name": "xs539/joplin-server-bf", @@ -5340,7 +5659,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "joplin" + "service": "joplin", + "public": true }, "xs539/joplin-server-bf_user-enum": { "name": "xs539/joplin-server-bf_user-enum", @@ -5355,6 +5675,7 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "joplin" + "service": "joplin", + "public": true } } \ No newline at end of file From 2628eb31bd60689cba26cdc23c7ea14af9c973b2 Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Fri, 5 Jul 2024 13:52:10 +0200 Subject: [PATCH 08/10] update tests --- .tests/ssh-timeout/scenario.assert | 248 ++++++++++++++++++++++++++++- .tests/ssh-timeout/ssh-timeout.log | 47 +++++- 2 files changed, 287 insertions(+), 8 deletions(-) diff --git a/.tests/ssh-timeout/scenario.assert b/.tests/ssh-timeout/scenario.assert index a744e18fed4..65dc9d478e1 100644 --- a/.tests/ssh-timeout/scenario.assert +++ b/.tests/ssh-timeout/scenario.assert @@ -32,9 +32,128 @@ results[0].Overflow.Alert.Events[3].GetMeta("machine") == "instance-20240401-233 results[0].Overflow.Alert.Events[3].GetMeta("service") == "ssh" results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "192.168.9.213" results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[4].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[4].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[4].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[5].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[5].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[5].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[6].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[6].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[6].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[6].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[6].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[6].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[6].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[7].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[7].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[7].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[7].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[7].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[7].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[7].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[8].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[8].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[8].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[8].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[8].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[8].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[8].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[9].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[9].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[9].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[9].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[9].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[9].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[9].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[10].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[10].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[10].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[10].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[10].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[10].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[10].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[11].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[11].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[11].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[11].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[11].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[11].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[11].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[12].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[12].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[12].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[12].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[12].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[12].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[12].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[13].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[13].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[13].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[13].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[13].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[13].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[13].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[14].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[14].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[14].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[14].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[14].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[14].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[14].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[15].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[15].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[15].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[15].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[15].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[15].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[15].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[16].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[16].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[16].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[16].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[16].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[16].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[16].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[17].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[17].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[17].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[17].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[17].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[17].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[17].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[18].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[18].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[18].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[18].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[18].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[18].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[18].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[19].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[19].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[19].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[19].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[19].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[19].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[19].GetMeta("timestamp") == "2024-07-02T11:32:16Z" +results[0].Overflow.Alert.Events[20].GetMeta("datasource_path") == "ssh-timeout.log" +results[0].Overflow.Alert.Events[20].GetMeta("datasource_type") == "file" +results[0].Overflow.Alert.Events[20].GetMeta("log_type") == "ssh_dispatch_fatal" +results[0].Overflow.Alert.Events[20].GetMeta("machine") == "instance-20240401-2335" +results[0].Overflow.Alert.Events[20].GetMeta("service") == "ssh" +results[0].Overflow.Alert.Events[20].GetMeta("source_ip") == "192.168.9.213" +results[0].Overflow.Alert.Events[20].GetMeta("timestamp") == "2024-07-02T11:32:16Z" results[0].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-cve-2024-6387" results[0].Overflow.Alert.Remediation == true -results[0].Overflow.Alert.GetEventsCount() == 4 +results[0].Overflow.Alert.GetEventsCount() == 21 "192.168.9.212" in results[1].Overflow.GetSources() results[1].Overflow.Sources["192.168.9.212"].IP == "192.168.9.212" results[1].Overflow.Sources["192.168.9.212"].Range == "" @@ -53,21 +172,140 @@ results[1].Overflow.Alert.Events[1].GetMeta("log_type") == "ssh_auth_timeout" results[1].Overflow.Alert.Events[1].GetMeta("machine") == "usbkey" results[1].Overflow.Alert.Events[1].GetMeta("service") == "ssh" results[1].Overflow.Alert.Events[1].GetMeta("source_ip") == "192.168.9.212" -results[1].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-01T09:31:26Z" +results[1].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-01T09:30:56Z" results[1].Overflow.Alert.Events[2].GetMeta("datasource_path") == "ssh-timeout.log" results[1].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file" results[1].Overflow.Alert.Events[2].GetMeta("log_type") == "ssh_auth_timeout" results[1].Overflow.Alert.Events[2].GetMeta("machine") == "usbkey" results[1].Overflow.Alert.Events[2].GetMeta("service") == "ssh" results[1].Overflow.Alert.Events[2].GetMeta("source_ip") == "192.168.9.212" -results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-01T09:31:56Z" +results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-01T09:30:56Z" results[1].Overflow.Alert.Events[3].GetMeta("datasource_path") == "ssh-timeout.log" results[1].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file" results[1].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_auth_timeout" results[1].Overflow.Alert.Events[3].GetMeta("machine") == "usbkey" results[1].Overflow.Alert.Events[3].GetMeta("service") == "ssh" results[1].Overflow.Alert.Events[3].GetMeta("source_ip") == "192.168.9.212" -results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-01T09:32:26Z" +results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[4].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[4].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[4].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[4].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[4].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[5].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[5].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[5].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[5].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[5].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[6].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[6].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[6].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[6].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[6].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[6].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[6].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[7].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[7].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[7].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[7].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[7].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[7].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[7].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[8].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[8].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[8].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[8].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[8].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[8].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[8].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[9].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[9].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[9].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[9].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[9].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[9].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[9].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[10].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[10].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[10].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[10].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[10].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[10].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[10].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[11].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[11].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[11].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[11].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[11].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[11].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[11].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[12].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[12].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[12].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[12].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[12].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[12].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[12].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[13].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[13].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[13].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[13].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[13].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[13].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[13].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[14].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[14].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[14].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[14].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[14].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[14].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[14].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[15].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[15].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[15].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[15].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[15].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[15].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[15].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[16].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[16].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[16].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[16].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[16].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[16].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[16].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[17].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[17].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[17].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[17].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[17].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[17].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[17].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[18].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[18].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[18].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[18].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[18].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[18].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[18].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[19].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[19].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[19].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[19].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[19].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[19].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[19].GetMeta("timestamp") == "2024-07-01T09:30:56Z" +results[1].Overflow.Alert.Events[20].GetMeta("datasource_path") == "ssh-timeout.log" +results[1].Overflow.Alert.Events[20].GetMeta("datasource_type") == "file" +results[1].Overflow.Alert.Events[20].GetMeta("log_type") == "ssh_auth_timeout" +results[1].Overflow.Alert.Events[20].GetMeta("machine") == "usbkey" +results[1].Overflow.Alert.Events[20].GetMeta("service") == "ssh" +results[1].Overflow.Alert.Events[20].GetMeta("source_ip") == "192.168.9.212" +results[1].Overflow.Alert.Events[20].GetMeta("timestamp") == "2024-07-01T09:30:56Z" results[1].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-cve-2024-6387" results[1].Overflow.Alert.Remediation == true -results[1].Overflow.Alert.GetEventsCount() == 4 +results[1].Overflow.Alert.GetEventsCount() == 21 \ No newline at end of file diff --git a/.tests/ssh-timeout/ssh-timeout.log b/.tests/ssh-timeout/ssh-timeout.log index 2e6d90109a4..4709491d09d 100644 --- a/.tests/ssh-timeout/ssh-timeout.log +++ b/.tests/ssh-timeout/ssh-timeout.log @@ -1,8 +1,49 @@ Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 -Jul 1 09:31:26 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 -Jul 1 09:31:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 -Jul 1 09:32:26 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 1 09:30:56 usbkey sshd[8807]: fatal: Timeout before authentication for 192.168.9.212 port 47056 +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] +Jul 2 11:32:16 instance-20240401-2335 sshd[309785]: ssh_dispatch_run_fatal: Connection from 192.168.9.213 port 48680: message authentication code incorrect [preauth] \ No newline at end of file From dec3c02184076e24b095f625b85c16dc68d29a12 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 5 Jul 2024 11:52:46 +0000 Subject: [PATCH 09/10] Update index --- .index.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.index.json b/.index.json index b1a883451c5..960f3fcbc55 100644 --- a/.index.json +++ b/.index.json @@ -13950,7 +13950,7 @@ }, "crowdsecurity/ssh-cve-2024-6387": { "path": "scenarios/crowdsecurity/ssh-cve-2024-6387.yaml", - "version": "0.3", + "version": "0.4", "versions": { "0.1": { "digest": "1a36e33f8743790c5544faa999aa8dd062f6e2b696e16232d3a3f28576119503", @@ -13963,10 +13963,14 @@ "0.3": { "digest": "2b56281d406b8cb679e9d095c4cb929b6846e04d2d6b99548114b0773825e828", "deprecated": false + }, + "0.4": { + "digest": "50fa70704ddd6f87546a2d31ccbe22c8b046462355a0d0c7c37ae4230c85b071", + "deprecated": false } }, "long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBvZiBDVkUtMjAyNC02Mzg3CiA=", - "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfYXV0aF90aW1lb3V0JyIKbGVha3NwZWVkOiAiMnMiCmNhcGFjaXR5OiAyMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjdGk6IGZhbHNlCiAgcHVibGljOiBmYWxzZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDI0LTYzODcKICBsYWJlbDogIlNTSCBDVkUtMjAyNC02Mzg3IgogIGJlaGF2aW9yOiAic3NoOmV4cGxvaXQiCiAgcmVtZWRpYXRpb246IHRydWUK", + "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1jdmUtMjAyNC02Mzg3CmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0IG9mIENWRS0yMDI0LTYzODciCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnc3NoX2F1dGhfdGltZW91dCcsICdzc2hfZGlzcGF0Y2hfZmF0YWwnXSIKbGVha3NwZWVkOiAiMnMiCmNhcGFjaXR5OiAyMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjdGk6IGZhbHNlCiAgcHVibGljOiBmYWxzZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDI0LTYzODcKICBsYWJlbDogIlNTSCBDVkUtMjAyNC02Mzg3IgogIGJlaGF2aW9yOiAic3NoOmV4cGxvaXQiCiAgcmVtZWRpYXRpb246IHRydWUK", "description": "Detect exploitation attempt of CVE-2024-6387", "author": "crowdsecurity", "labels": { From dfa19a3c74f3c5552ad8a964ecccd8cd13ff0e22 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 31 Jul 2024 09:08:02 +0000 Subject: [PATCH 10/10] Update taxonomy --- taxonomy/scenarios.json | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index 155962a3f81..082fbc123ac 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -875,6 +875,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2023-47218" ], @@ -1211,6 +1212,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-32113" ], @@ -1233,6 +1235,7 @@ "spoofable": 0, "cti": true, "service": "http", + "public": true, "cves": [ "CVE-2024-3272" ], @@ -1336,7 +1339,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "http" + "service": "http", + "public": true }, "crowdsecurity/vpatch-laravel-debug-mode": { "name": "crowdsecurity/vpatch-laravel-debug-mode", @@ -4230,7 +4234,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sabnzbd" + "service": "sabnzbd", + "public": true }, "crowdsecurity/sabnzbd-slow-bf": { "name": "crowdsecurity/sabnzbd-slow-bf", @@ -4245,7 +4250,8 @@ "confidence": 3, "spoofable": 0, "cti": true, - "service": "sabnzbd" + "service": "sabnzbd", + "public": true }, "crowdsecurity/smb-bf": { "name": "crowdsecurity/smb-bf",