bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

saving uncommitted changes in /etc prior to dnf run

Browse Source
This commit is contained in:
Bogdan Stoica
2023-11-16 14:08:19 +02:00
parent a6d2827810
commit 5583cdecd3
51 changed files with 774 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
crowdsec/hub/.index.json
View File

@@ -1009,7 +1009,7 @@
},
"crowdsecurity/http-cve": {
"path": "collections/crowdsecurity/http-cve.yaml",
"version": "2.3",
"version": "2.4",
"versions": {
"0.1": {
"digest": "30748e051a470c1bc91506ae63e8784cd054564f90ccc23eb655823fc30e3019",
@@ -1102,10 +1102,14 @@
"2.3": {
"digest": "00e148cb998efbf5668391f2971ec39ee3c2bcc8e0e6c952fe436709678abf72",
"deprecated": false
},
"2.4": {
"digest": "9a1288c042d53f81c16653efae7084bbb83e56cec8a6eade98c702e2febb8d4e",
"deprecated": false
}
},
"long_description": "CgpBIGNvbGxlY3Rpb24gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBzb21lIHNwZWNpZmljIGh0dHAgQ1ZFcy4KCldvcmtzIHdpdGggW2FwYWNoZTJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb2xsZWN0aW9ucy9hcGFjaGUyKSwgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpLCBbdHJhZWZpa10oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2NvbGxlY3Rpb25zL3RyYWVmaWspIGV0Yy4KCjp3YXJuaW5nOiBXaGlsZSB0aGlzIGNvbGxlY3Rpb24gaXMgZnJlcXVlbnRseSB1cGRhdGVkIHdpdGggdHJlbmRpbmcgQ1ZFcywgaXQgaXMgX25vdF8gYSBXQUYgYW5kIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtaaW1icmEgQ1ZFLTIwMjItMzcwNDJdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM3MDQyKQogLSBbTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyXShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTA4MikKIC0gW0dMUEkgQ1ZFLTIwMjItMzU5MTRdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM1OTE0KQogLSBbRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODRdKGh0dHBzOi8vd3d3Lmhvcml6b24zLmFpL2ZvcnRpb3MtZm9ydGlwcm94eS1hbmQtZm9ydGlzd2l0Y2htYW5hZ2VyLWF1dGhlbnRpY2F0aW9uLWJ5cGFzcy10ZWNobmljYWwtZGVlcC1kaXZlLWN2ZS0yMDIyLTQwNjg0LykKIC0gW0NvbmZsdWVuY2UgQ1ZFLTIwMjItMjYxMzRdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQpCiAtIFtUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5KQogLSBbR2hvc3QgQ01TIENWRS0yMDIyLTQxNjk3XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTY5NykKIC0gW0NhY3RpIENWRS0yMDIyLTQ2MTY5XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00NjE2OSkKIC0gW0NlbnRvcyBXZWIgUGFuZWwgNyBDVkUtMjAyMi00NDg3N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDQ4NzcpCiAtIFtUZWxlcmlrIFVJIENWRS0yMDE5LTE4OTM1XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDE5LTE4OTM1KQogLSBbTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb25dKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4KQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxNV0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vc2VjdXJpdHkvY3ZlLTIwMjMtMjI1MTUtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1zZXJ2ZXItMTI5NTY4MjI3Ni5odG1sKQoKCgoKCg==",
"content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CmF1dGhvcjogY3Jvd2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUgZXhwbG9pdGF0aW9uIGluIGh0dHAgbG9ncyIKdGFnczoKICAtIHdlYgogIC0gZXhwbG9pdAogIC0gY3ZlCiAgLSBodHRwCg==",
"long_description": "CgpBIGNvbGxlY3Rpb24gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBzb21lIHNwZWNpZmljIGh0dHAgQ1ZFcy4KCldvcmtzIHdpdGggW2FwYWNoZTJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb2xsZWN0aW9ucy9hcGFjaGUyKSwgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpLCBbdHJhZWZpa10oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2NvbGxlY3Rpb25zL3RyYWVmaWspIGV0Yy4KCjp3YXJuaW5nOiBXaGlsZSB0aGlzIGNvbGxlY3Rpb24gaXMgZnJlcXVlbnRseSB1cGRhdGVkIHdpdGggdHJlbmRpbmcgQ1ZFcywgaXQgaXMgX25vdF8gYSBXQUYgYW5kIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtaaW1icmEgQ1ZFLTIwMjItMzcwNDJdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM3MDQyKQogLSBbTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyXShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTA4MikKIC0gW0dMUEkgQ1ZFLTIwMjItMzU5MTRdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM1OTE0KQogLSBbRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODRdKGh0dHBzOi8vd3d3Lmhvcml6b24zLmFpL2ZvcnRpb3MtZm9ydGlwcm94eS1hbmQtZm9ydGlzd2l0Y2htYW5hZ2VyLWF1dGhlbnRpY2F0aW9uLWJ5cGFzcy10ZWNobmljYWwtZGVlcC1kaXZlLWN2ZS0yMDIyLTQwNjg0LykKIC0gW0NvbmZsdWVuY2UgQ1ZFLTIwMjItMjYxMzRdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQpCiAtIFtUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5KQogLSBbR2hvc3QgQ01TIENWRS0yMDIyLTQxNjk3XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTY5NykKIC0gW0NhY3RpIENWRS0yMDIyLTQ2MTY5XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00NjE2OSkKIC0gW0NlbnRvcyBXZWIgUGFuZWwgNyBDVkUtMjAyMi00NDg3N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDQ4NzcpCiAtIFtUZWxlcmlrIFVJIENWRS0yMDE5LTE4OTM1XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDE5LTE4OTM1KQogLSBbTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb25dKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4KQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxNV0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vc2VjdXJpdHkvY3ZlLTIwMjMtMjI1MTUtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1zZXJ2ZXItMTI5NTY4MjI3Ni5odG1sKQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxOF0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vcGFnZXMvdmlld3BhZ2UuYWN0aW9uP3BhZ2VJZD0xMzExNDczOTA3KQoKCgoKCg==",
"content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE4CmF1dGhvcjogY3Jvd2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUgZXhwbG9pdGF0aW9uIGluIGh0dHAgbG9ncyIKdGFnczoKICAtIHdlYgogIC0gZXhwbG9pdAogIC0gY3ZlCiAgLSBodHRwCg==",
"description": "Detect CVE exploitation in http logs",
"author": "crowdsecurity",
"labels": null,
@@ -1133,7 +1137,8 @@
"crowdsecurity/CVE-2022-44877",
"crowdsecurity/CVE-2019-18935",
"crowdsecurity/netgear_rce",
"crowdsecurity/CVE-2023-22515"
"crowdsecurity/CVE-2023-22515",
"crowdsecurity/CVE-2023-22518"
]
},
"crowdsecurity/http-dos": {
@@ -1638,6 +1643,52 @@
"crowdsecurity/palo-alto-threat"
]
},
"crowdsecurity/pfsense": {
"path": "collections/crowdsecurity/pfsense.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "b0e0d8b751b34cc9d63268169a51849182039aa17ea78093a80da9d302756b97",
"deprecated": false
},
"0.2": {
"digest": "cc77813340e5e49379dcae520d2da5b2d5b9451eca6cbe7f5a68b6f9ad302d75",
"deprecated": false
}
},
"long_description": "IyMgcGZTZW5zZSBjb2xsZWN0aW9uCgpUaGlzIHBmU2Vuc2UgY29sbGVjdGlvbiBzdXBwb3J0cyA6CiAtIHNzaCBwYXJzZXJzICYgYnJ1dGVmb3JjZSBkZXRlY3Rpb24KIC0gd2ViIGF1dGhlbnRpY2F0aW9uIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiAtIHBvcnQgc2NhbiBkZXRlY3Rpb24K",
"content": "Y29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2ZyZWVic2QKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWkKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngKICAtIGZpcmV3YWxsc2VydmljZXMvcGYKZGVzY3JpcHRpb246ICJjb3JlIHBmc2Vuc2Ugc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCg==",
"description": "core pfsense support",
"author": "crowdsecurity",
"labels": null,
"collections": [
"crowdsecurity/freebsd",
"crowdsecurity/pfsense-gui",
"crowdsecurity/nginx",
"firewallservices/pf"
]
},
"crowdsecurity/pfsense-gui": {
"path": "collections/crowdsecurity/pfsense-gui.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "5e3c9d329eb515265634bcb8684180c2df2d01431273b6d1a9123e972109f408",
"deprecated": false
}
},
"long_description": "IyMgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gY29sbGVjdGlvbgoKU3VwcG9ydCB0byBkZXRlY3QgYnJ1dGVmb3JjZSBvbiB0aGUgcGZTZW5zZSB3ZWIgcG9ydGFsCg==",
"content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bmc2Vuc2UtZ3VpLWJmCmRlc2NyaXB0aW9uOiAicGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gc3VwcG9ydCIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBmcmVlYnNkCiAgLSBwZnNlbnNlCiAgLSBicnV0ZWZvcmNlCiAgLSBzY2FuCg==",
"description": "pfSense web authentication support",
"author": "crowdsecurity",
"labels": null,
"parsers": [
"crowdsecurity/pfsense-gui-logs"
],
"scenarios": [
"crowdsecurity/pfsense-gui-bf"
]
},
"crowdsecurity/pgsql": {
"path": "collections/crowdsecurity/pgsql.yaml",
"version": "0.1",
@@ -3949,7 +4000,7 @@
"crowdsecurity/mssql-logs": {
"path": "parsers/s01-parse/crowdsecurity/mssql-logs.yaml",
"stage": "s01-parse",
"version": "0.2",
"version": "0.3",
"versions": {
"0.1": {
"digest": "9c99578104a9158ada41bb8dd920575a83d494e6f6e2d166eb5773fb4d7023b1",
@@ -3958,10 +4009,14 @@
"0.2": {
"digest": "2c39d0c3f1cf4124d5e3cc113c733b2ef220522d01706b5434382240de10b147",
"deprecated": false
},
"0.3": {
"digest": "b9dc0a3b53d5e1ad6eeae3e1beb04d01afe62111e80d5871b77caee2e7172cfd",
"deprecated": false
}
},
"long_description": "UGFyc2VyIGZvciBNU1NRTCBMb2dzIHZpYSB3aW5ldmVudGxvZyBPUiBNU1NRTCBsb2dzIGZvciBbQXp1cmUtRWRnZS1TcWxdKGh0dHBzOi8vaHViLmRvY2tlci5jb20vXy9taWNyb3NvZnQtYXp1cmUtc3FsLWVkZ2UpIHZpYSBkb2NrZXIKCmBgYHlhbWwKLS0tCnNvdXJjZTogd2luZXZlbnRsb2cKZXZlbnRfY2hhbm5lbDogQXBwbGljYXRpb24KZXZlbnRfaWRzOgogLSAxODQ1NgpldmVudF9sZXZlbDogaW5mb3JtYXRpb24KbGFiZWxzOgogdHlwZTogbXNzcWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9pZDoKIC0gPERvY2tlciBDb250YWluZXIgSUQ+ICNBenVyZS1FZGdlLVNxbCBjb250YWluZXIgSUQKY29udGFpbmVyX25hbWVfcmVnZXhwOgogLSAuKm1zc3FsKgpsYWJlbHM6CiAgdHlwZTogbXNzcWwKYGBgCg==",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIGV2dC5QYXJzZWQuU291cmNlID09ICdNU1NRTFNFUlZFUicgJiYgZXZ0LlBhcnNlZC5FdmVudElEID09ICcxODQ1NiciCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIlJlYXNvbjogQ291bGQgbm90IGZpbmQgYSBsb2dpbiBtYXRjaGluZyB0aGUgbmFtZSBwcm92aWRlZFxcLiIKICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVsyXSIpCiAgICBub2RlczoKICAgICAgLSBncm9rOgogICAgICAgICAgcGF0dGVybjogIlxcW0NMSUVOVDogJXtJUDpzb3VyY2VfaXB9XFxdIgogICAgICAgICAgZXhwcmVzc2lvbjogWE1MR2V0Tm9kZVZhbHVlKGV2dC5MaW5lLlJhdywgIi9FdmVudC9FdmVudERhdGFbMV0vRGF0YVszXSIpCiAgICAgICAgICBzdGF0aWNzOgogICAgICAgICAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICB2YWx1ZTogYmFkX3VzZXIKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXNzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHVzZXIKICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMV0iKQotLS0Kb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtdGV4dC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgbXNzcWwgbG9ncyIKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtc3NxbCciCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX0gTG9nb24uKkxvZ2luIGZhaWxlZCBmb3IgdXNlciAnJXtOT1REUVVPVEU6dXNlcn0nLiBSZWFzb246ICV7R1JFRURZREFUQTpyZWFzb25fbWVzc2FnZX0uIFxcW0NMSUVOVDogJXtJUE9SSE9TVDpzb3VyY2VfaXB9XFxdIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBub2RlczoKICAgICAgLSBmaWx0ZXI6ICJldnQuUGFyc2VkLnJlYXNvbl9tZXNzYWdlID09ICdQYXNzd29yZCBkaWQgbm90IG1hdGNoIHRoYXQgZm9yIHRoZSBsb2dpbiBwcm92aWRlZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgICAgICB2YWx1ZTogYmFkX3Bhc3N3b3JkCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5yZWFzb25fbWVzc2FnZSA9PSAnQ291bGQgbm90IGZpbmQgYSBsb2dpbiBtYXRjaGluZyB0aGUgbmFtZSBwcm92aWRlZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgICAgICB2YWx1ZTogYmFkX3VzZXIKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogbXNzcWwKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IG1zc3FsX2ZhaWxlZF9hdXRoCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGF0ZSArICcgJyArIGV2dC5QYXJzZWQudGltZSI=",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXNzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQuQ2hhbm5lbCA9PSAnQXBwbGljYXRpb24nICYmIChldnQuUGFyc2VkLlNvdXJjZSA9PSAnTVNTUUxTRVJWRVInIHx8IGV2dC5QYXJzZWQuU291cmNlIHN0YXJ0c1dpdGggJ01TU1FMJCcpICYmIGV2dC5QYXJzZWQuRXZlbnRJRCA9PSAnMTg0NTYnIgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IFBhc3N3b3JkIGRpZCBub3QgbWF0Y2ggdGhhdCBmb3IgdGhlIGxvZ2luIHByb3ZpZGVkXFwuIgogICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzJdIikKICAgIG5vZGVzOgogICAgICAtIGdyb2s6CiAgICAgICAgICBwYXR0ZXJuOiAiXFxbQ0xJRU5UOiAle0lQOnNvdXJjZV9pcH1cXF0iCiAgICAgICAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzNdIikKICAgICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaXAKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogc3VidHlwZQogICAgICAgIHZhbHVlOiBiYWRfcGFzc3dvcmQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJSZWFzb246IENvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWRcXC4iCiAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbMl0iKQogICAgbm9kZXM6CiAgICAgIC0gZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICJcXFtDTElFTlQ6ICV7SVA6c291cmNlX2lwfVxcXSIKICAgICAgICAgIGV4cHJlc3Npb246IFhNTEdldE5vZGVWYWx1ZShldnQuTGluZS5SYXcsICIvRXZlbnQvRXZlbnREYXRhWzFdL0RhdGFbM10iKQogICAgICAgICAgc3RhdGljczoKICAgICAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBzdWJ0eXBlCiAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1zc3FsX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiB1c2VyCiAgICBleHByZXNzaW9uOiBYTUxHZXROb2RlVmFsdWUoZXZ0LkxpbmUuUmF3LCAiL0V2ZW50L0V2ZW50RGF0YVsxXS9EYXRhWzFdIikKLS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpuYW1lOiBjcm93ZHNlY3VyaXR5L21zc3FsLXRleHQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG1zc3FsIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXNzcWwnIgpwYXR0ZXJuX3N5bnRheDoKICBEQVRFX1lNRDogIiV7WUVBUjp5ZWFyfS0le01PTlRITlVNOm1vbnRofS0le01PTlRIREFZOmRheX0iCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9IExvZ29uLipMb2dpbiBmYWlsZWQgZm9yIHVzZXIgJyV7Tk9URFFVT1RFOnVzZXJ9Jy4gUmVhc29uOiAle0dSRUVEWURBVEE6cmVhc29uX21lc3NhZ2V9LiBcXFtDTElFTlQ6ICV7SVBPUkhPU1Q6c291cmNlX2lwfVxcXSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5yZWFzb25fbWVzc2FnZSA9PSAnUGFzc3dvcmQgZGlkIG5vdCBtYXRjaCB0aGF0IGZvciB0aGUgbG9naW4gcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF9wYXNzd29yZAogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQucmVhc29uX21lc3NhZ2UgPT0gJ0NvdWxkIG5vdCBmaW5kIGEgbG9naW4gbWF0Y2hpbmcgdGhlIG5hbWUgcHJvdmlkZWQnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IHN1YnR5cGUKICAgICAgICAgICAgdmFsdWU6IGJhZF91c2VyCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IG1zc3FsCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBtc3NxbF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUi",
"description": "Parse mssql logs",
"author": "crowdsecurity",
"labels": null
@@ -4233,6 +4288,22 @@
"author": "crowdsecurity",
"labels": null
},
"crowdsecurity/pfsense-gui-logs": {
"path": "parsers/s01-parse/crowdsecurity/pfsense-gui-logs.yaml",
"stage": "s01-parse",
"version": "0.1",
"versions": {
"0.1": {
"digest": "0e759d86c5244f6593c6ba58f18d59ad1fac1fe9cc2f127053f229d4851f57f4",
"deprecated": false
}
},
"long_description": "IyMgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gcGFyc2VyCgpBIHBhcnNlciBmb3IgcGZTZW5zZSB3ZWIgYXV0aGVudGljYXRpb24gKGZhaWxlZCkgbG9ncy4KVGhvc2UgbG9ncyBhcmUgdXN1YWxseSBwcmVzZW50IGluIGAvdmFyL2xvZy9hdXRoLmxvZ2AuCgo=",
"content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncGhwLWZwbSciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHBmU2Vuc2Ugd2ViIGF1dGggbG9ncyIKZ3JvazogCiAgcGF0dGVybjogIi9pbmRleC5waHA6IHdlYkNvbmZpZ3VyYXRvciBhdXRoZW50aWNhdGlvbiBlcnJvciBmb3IgdXNlciAnJXtVU0VSTkFNRTp1c2VybmFtZX0nIGZyb206ICV7SVBPUkhPU1Q6c291cmNlX2lwfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IHBmc2Vuc2UtZ3VpCiAgLSBtZXRhOiB1c2VybmFtZQogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlcm5hbWUiCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX2lwCiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IHBmc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoCg==",
"description": "Parse pfSense web auth logs",
"author": "crowdsecurity",
"labels": null
},
"crowdsecurity/pgsql-logs": {
"path": "parsers/s01-parse/crowdsecurity/pgsql-logs.yaml",
"stage": "s01-parse",
@@ -6641,6 +6712,38 @@
"type": "exploit"
}
},
"crowdsecurity/CVE-2023-22518": {
"path": "scenarios/crowdsecurity/CVE-2023-22518.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "f597bf30acce708e51d463f358b5ed5840133b907df8ab8a8358565b0e506a85",
"deprecated": false
},
"0.2": {
"digest": "e1634f917d0008561fee2191e0988eecf4629941275e74246836f03d790d0b3b",
"deprecated": false
}
},
"long_description": "IyMgQ1ZFLTIwMjMtMjI1MTgKClRyaWdnZXIgZXhwbG9pdHMgb2YgQ1ZFLTIwMjMtMjI1MTggQXRsYXNzaWFuIENvbmZsdWVuY2UgU2VydmVyIEltcHJvcGVyIEF1dGhvcml6YXRpb24gdGhhdCBsZWFkcyB0byBBdXRoZW50aWNhdGlvbiBCeXBhc3MKCgpSZWZlcmVuY2VzOiAKKiBodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMy0yMjUxOAoqIGh0dHBzOi8vYmxvZy5wcm9qZWN0ZGlzY292ZXJ5LmlvL2F0bGFzc2lhbi1jb25mbHVlbmNlLWF1dGgtYnlwYXNzLw==",
"content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9DVkUtMjAyMy0yMjUxOApkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMy0yMjUxOCBleHBsb2l0cyIKZmlsdGVyOiB8CiAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyBVcHBlcignL2pzb24vc2V0dXAtcmVzdG9yZS5hY3Rpb24nKSAmJgogIFVwcGVyKGV2dC5QYXJzZWQudmVyYikgPT0gJ1BPU1QnCmJsYWNraG9sZTogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGN2ZS5DVkUtMjAyMy0yMjUxOAogIHNwb29mYWJsZTogMAogIGNvbmZpZGVuY2U6IDEKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkF0bGFzc2lhbiBDb25mbHVlbmNlIFNlcnZlciBDVkUtMjAyMy0yMjUxOCIKICBzZXJ2aWNlOiBBdGxhc3NpYW4gQ29uZmx1ZW5jZQ==",
"description": "Detect CVE-2023-22518 exploits",
"author": "crowdsecurity",
"labels": {
"behavior": "http:exploit",
"classification": [
"attack.T1595",
"attack.T1190",
"cve.CVE-2023-22518"
],
"confidence": 1,
"label": "Atlassian Confluence Server CVE-2023-22518",
"remediation": true,
"service": "Atlassian Confluence",
"spoofable": 0,
"type": "exploit"
}
},
"crowdsecurity/CVE-2023-23397": {
"path": "scenarios/crowdsecurity/CVE-2023-23397.yaml",
"version": "0.2",
@@ -9651,7 +9754,7 @@
},
"crowdsecurity/opnsense-gui-bf": {
"path": "scenarios/crowdsecurity/opnsense-gui-bf.yaml",
"version": "0.2",
"version": "0.3",
"versions": {
"0.1": {
"digest": "15f0d4f03f1e18a8cd5d95467a13e86ebfd717354f53ba02b4d165e6537965bf",
@@ -9660,10 +9763,14 @@
"0.2": {
"digest": "c1031635c18c69203a1e251d25da8f309182ed04221142e94e3a2ff1d8533af3",
"deprecated": false
},
"0.3": {
"digest": "5f06456ab0875a8245a6863775ccfe215f3d8a38da562dbcb9de97756aea188a",
"deprecated": false
}
},
"long_description": "IyMgT1BOU2Vuc2Ugd2ViIHBvcnRhbCBicnV0ZWZvcmNlIGRldGVjdGlvbgoKRGV0ZWN0cyBicnV0ZWZvcmNlIGF0dGVtcHRzIG9uIHRoZSBPUE5TZW5zZSB3ZWIgcG9ydGFsIDoKIC0gbW9yZSB0aGFuIDUgYXR0ZW1wdHMKIC0gMTAgc2Vjb25kcyBiZXR3ZWVuIGVhY2gKCgo=",
"content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLXdlYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT3Buc2Vuc2UgR1VJIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3Buc2Vuc2UK",
"content": "IyBvcG5zZW5zZSB3ZWIgYXV0aCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L29wbnNlbnNlLWd1aS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBicnV0ZWZvcmNlIG9uIG9wbnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ29wbnNlbnNlLWd1aS1mYWlsZWQtYXV0aCcKbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiT1BOc2Vuc2UgR1VJIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3Buc2Vuc2UK",
"description": "Detect bruteforce on opnsense web interface",
"author": "crowdsecurity",
"labels": {
@@ -9672,7 +9779,7 @@
"attack.T1110"
],
"confidence": 3,
"label": "Opnsense GUI Bruteforce",
"label": "OPNsense GUI Bruteforce",
"remediation": true,
"service": "opnsense",
"spoofable": 0
@@ -9695,6 +9802,35 @@
"remediation": true
}
},
"crowdsecurity/pfsense-gui-bf": {
"path": "scenarios/crowdsecurity/pfsense-gui-bf.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "b23ed9edafd3b8cea053d4286abfc2513d53c54904e7348b4fc1bf24e9e3a77d",
"deprecated": false
},
"0.2": {
"digest": "07019c43c3bbd31e077d12c85aea855332e6891db2605bae00a481dacf17826f",
"deprecated": false
}
},
"long_description": "IyMgcGZTZW5zZSB3ZWIgcG9ydGFsIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgpEZXRlY3RzIGJydXRlZm9yY2UgYXR0ZW1wdHMgb24gdGhlIHBmU2Vuc2Ugd2ViIHBvcnRhbCA6CiAtIG1vcmUgdGhhbiA1IGF0dGVtcHRzCiAtIDEwIHNlY29uZHMgYmV0d2VlbiBlYWNoCgoK",
"content": "IyBwZnNlbnNlIHdlYiBhdXRoIGJydXRlZm9yY2UKdHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvcGZzZW5zZS1ndWktYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgYnJ1dGVmb3JjZSBvbiBwZnNlbnNlIHdlYiBpbnRlcmZhY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3Bmc2Vuc2UtZ3VpLWZhaWxlZC1hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJwZlNlbnNlIEdVSSBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IHBmc2Vuc2UK",
"description": "Detect bruteforce on pfsense web interface",
"author": "crowdsecurity",
"labels": {
"behavior": "http:bruteforce",
"classification": [
"attack.T1110"
],
"confidence": 3,
"label": "pfSense GUI Bruteforce",
"remediation": true,
"service": "pfsense",
"spoofable": 0
}
},
"crowdsecurity/pgsql-bf": {
"path": "scenarios/crowdsecurity/pgsql-bf.yaml",
"version": "0.2",
@@ -9943,7 +10079,7 @@
},
"crowdsecurity/ssh-bf": {
"path": "scenarios/crowdsecurity/ssh-bf.yaml",
"version": "0.2",
"version": "0.3",
"versions": {
"0.1": {
"digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f",
@@ -9952,10 +10088,14 @@
"0.2": {
"digest": "94b1d6f04e9119ea1adb7fc70017fd108cede97bddbaf50b0b2bebdcc887ea28",
"deprecated": false
},
"0.3": {
"digest": "242f36684d66bbae3044e576b7cfffef62d5323465f3f74f87923167c6d93356",
"deprecated": false
}
},
"long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==",
"content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiU1NIIEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBzc2ggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNTSCBCcnV0ZWZvcmNlIgo=",
"content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGxhYmVsOiAiU1NIIEJydXRlZm9yY2UiCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICByZW1lZGlhdGlvbjogdHJ1ZQotLS0KIyBzc2ggdXNlci1lbnVtCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoLWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDEwcwpjYXBhY2l0eTogNQpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTg5CiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNTSCBVc2VyIEVudW1lcmF0aW9uIgo=",
"description": "Detect ssh bruteforce",
"author": "crowdsecurity",
"references": [
@@ -9975,7 +10115,7 @@
},
"crowdsecurity/ssh-slow-bf": {
"path": "scenarios/crowdsecurity/ssh-slow-bf.yaml",
"version": "0.3",
"version": "0.4",
"versions": {
"0.1": {
"digest": "1b910bf7af59dab8dfbba8a735aafb3e4871d1237b29d56f53d7c0eece0381cf",
@@ -9988,10 +10128,14 @@
"0.3": {
"digest": "313b1dc11a05f8beb6718cdeefe79866122eca26394efe2b814d5d2e15c28f4d",
"deprecated": false
},
"0.4": {
"digest": "892f9a153c4dafb5392ba40d70616e88896571be8f4cc00996e7f5e8277c869e",
"deprecated": false
}
},
"long_description": "RGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UgYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiA2MHMsIGNhcGFjaXR5IG9mIDEwIG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCiAK",
"content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogInNzaDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiU1NIIEJydXRlZm9yY2UiCi0tLQojIHNzaCB1c2VyLWVudW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9zc2gtc2xvdy1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc2xvdyBzc2ggdXNlciBlbnVtIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCcKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS50YXJnZXRfdXNlcgpsZWFrc3BlZWQ6IDYwcwpjYXBhY2l0eTogMTAKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCiAgcmVtZWRpYXRpb246IHRydWUKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAic3NoOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJTU0ggQnJ1dGVmb3JjZSIK",
"content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IHNsb3cgc3NoIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnIgpsZWFrc3BlZWQ6ICI2MHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHNlcnZpY2U6IHNzaAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogInNzaDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiU1NIIFNsb3cgQnJ1dGVmb3JjZSIKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1zbG93LWJmX3VzZXItZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBzbG93IHNzaCB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc3NoX2ZhaWxlZC1hdXRoJwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnRhcmdldF91c2VyCmxlYWtzcGVlZDogNjBzCmNhcGFjaXR5OiAxMApibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiBzc2gKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJzc2g6YnJ1dGVmb3JjZSIKICBsYWJlbDogIlNTSCBTbG93IFVzZXIgRW51bWVyYXRpb24iCg==",
"description": "Detect slow ssh bruteforce",
"author": "crowdsecurity",
"references": [
@@ -10003,7 +10147,7 @@
"attack.T1110"
],
"confidence": 3,
"label": "SSH Bruteforce",
"label": "SSH Slow Bruteforce",
"remediation": true,
"service": "ssh",
"spoofable": 0

1
crowdsec/hub/collections/crowdsecurity/http-cve.yaml
View File

@@ -23,6 +23,7 @@ scenarios:
- crowdsecurity/CVE-2019-18935
- crowdsecurity/netgear_rce
- crowdsecurity/CVE-2023-22515
- crowdsecurity/CVE-2023-22518
author: crowdsecurity
description: "Detect CVE exploitation in http logs"
tags:

21
crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22518.yaml Normal file
View File

@@ -0,0 +1,21 @@
type: trigger
#debug: true
name: crowdsecurity/CVE-2023-22518
description: "Detect CVE-2023-22518 exploits"
filter: |
Upper(evt.Meta.http_path) contains Upper('/json/setup-restore.action') &&
Upper(evt.Parsed.verb) == 'POST'
blackhole: 1m
groupby: "evt.Meta.source_ip"
labels:
type: exploit
remediation: true
classification:
- attack.T1595
- attack.T1190
- cve.CVE-2023-22518
spoofable: 0
confidence: 1
behavior: "http:exploit"
label: "Atlassian Confluence Server CVE-2023-22518"
service: Atlassian Confluence

2
crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml
View File

@@ -38,4 +38,4 @@ labels:
classification:
- attack.T1589
behavior: "ssh:bruteforce"
label: "SSH Bruteforce"
label: "SSH User Enumeration"

4
crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml
View File

@@ -18,7 +18,7 @@ labels:
classification:
- attack.T1110
behavior: "ssh:bruteforce"
label: "SSH Bruteforce"
label: "SSH Slow Bruteforce"
---
# ssh user-enum
type: leaky
@@ -38,4 +38,4 @@ labels:
classification:
- attack.T1110
behavior: "ssh:bruteforce"
label: "SSH Bruteforce"
label: "SSH Slow User Enumeration"

14
crowdsec/notifications/email.yaml
View File

@@ -15,12 +15,14 @@ timeout: 20s # Time to wait for response from the plugin before conside
# The following template receives a list of models.Alert objects
# The output goes in the email message body
format: |
<html><body>
{{range . -}}
{{$alert := . -}}
{{range .Decisions -}}
<html><body><p><a href=https://www.whois.com/whois/{{.Value}}>{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p> <p><a href=https://app.crowdsec.net/cti/{{.Value}}>CrowdSec CTI</a></p></body></html>
<p><a href="https://www.whois.com/whois/{{.Value}}">{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p> <p><a href="https://app.crowdsec.net/cti/{{.Value}}">CrowdSec CTI</a></p>
{{end -}}
{{end -}}
</body></html>
smtp_host: # example: smtp.gmail.com
smtp_username: # Replace with your actual username
@@ -35,7 +37,15 @@ receiver_emails:
# - email2@gmail.com
# One of "ssltls", "starttls", "none"
encryption_type: ssltls
encryption_type: "ssltls"
# If you need to set the HELO hostname:
# helo_host: "localhost"
# If the email server is hitting the default timeouts (10 seconds), you can increase them here
#
# connect_timeout: 10s
# send_timeout: 10s
---

1
crowdsec/scenarios/CVE-2023-22518.yaml Symbolic link
View File

@@ -0,0 +1 @@
/etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22518.yaml