saving uncommitted changes in /etc prior to dnf run

crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22518.yaml

@@ -0,0 +1,21 @@
+type: trigger
+#debug: true
+name: crowdsecurity/CVE-2023-22518
+description: "Detect CVE-2023-22518 exploits"
+filter: |
+  Upper(evt.Meta.http_path) contains Upper('/json/setup-restore.action') &&
+  Upper(evt.Parsed.verb) == 'POST'
+blackhole: 1m
+groupby: "evt.Meta.source_ip"
+labels:
+  type: exploit
+  remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2023-22518
+  spoofable: 0
+  confidence: 1
+  behavior: "http:exploit"
+  label: "Atlassian Confluence Server CVE-2023-22518"
+  service: Atlassian Confluence

crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml

@@ -38,4 +38,4 @@ labels:
   classification:
     - attack.T1589
   behavior: "ssh:bruteforce"
-  label: "SSH Bruteforce"
+  label: "SSH User Enumeration"

crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml

@@ -18,7 +18,7 @@ labels:
   classification:
     - attack.T1110
   behavior: "ssh:bruteforce"
-  label: "SSH Bruteforce"
+  label: "SSH Slow Bruteforce"
 ---
 # ssh user-enum
 type: leaky
@@ -38,4 +38,4 @@ labels:
   classification:
     - attack.T1110
   behavior: "ssh:bruteforce"
-  label: "SSH Bruteforce"
+  label: "SSH Slow User Enumeration"