From 63cea6f394fd2f148319fc45e9b3c47fcdf2591b Mon Sep 17 00:00:00 2001 From: bms8197 Date: Sat, 17 Jun 2023 19:37:25 +0300 Subject: [PATCH] daily autocommit --- .etckeeper | 1 + crowdsec/hub/.index.json | 187 ++++++++++++++++-- .../collections/crowdsecurity/http-cve.yaml | 1 + .../s01-parse/crowdsecurity/sshd-logs.yaml | 7 + .../scenarios/crowdsecurity/netgear_rce.yaml | 13 ++ crowdsec/scenarios/netgear_rce.yaml | 1 + csf/csf.deny | 64 +++--- csf/csf.ignore | 1 + 8 files changed, 230 insertions(+), 45 deletions(-) create mode 100644 crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml create mode 120000 crowdsec/scenarios/netgear_rce.yaml diff --git a/.etckeeper b/.etckeeper index 8eafa0b..4939c66 100755 --- a/.etckeeper +++ b/.etckeeper @@ -420,6 +420,7 @@ maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/http-sqli-probing.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/http-xss-probing.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/jira_cve-2021-26086.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/mysql-bf.yaml' +maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml' maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml' diff --git a/crowdsec/hub/.index.json b/crowdsec/hub/.index.json index 8138c4f..de3e80d 100644 --- a/crowdsec/hub/.index.json +++ b/crowdsec/hub/.index.json @@ -157,20 +157,25 @@ }, "LePresidente/jellyfin": { "path": "collections/LePresidente/jellyfin.yml", - "version": "0.1", + "version": "0.2", "versions": { "0.1": { "digest": "4aba23304b8de2d269e4223a64e418b23154461af1862ef6b67239033e1bef43", "deprecated": false + }, + "0.2": { + "digest": "fe7f6fd1f6dde5ca66020b1d8431784a27dbb9ff34bbd15f4222356eb713a80f", + "deprecated": false } }, "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbSmVsbHlmaW5dKGh0dHBzOi8vamVsbHlmaW4ub3JnKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gSmVsbHlmaW4gcGFyc2VyCiAtIEplbGx5ZmluIGJydXRlZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2plbGx5ZmluL2xvZ18qLmxvZwpsYWJlbHM6CiAgdHlwZTogamVsbHlmaW4KYGBgCgpGb3IgRG9ja2VyIGRpcmVjdGx5CmBgYHlhbWwKLS0tCnNvdXJjZTogZG9ja2VyCmNvbnRhaW5lcl9uYW1lOgogLSBqZWxseWZpbgojY29udGFpbmVyX2lkOgojIC0gODQzZWU5MmQyMzFiCmxhYmVsczoKICB0eXBlOiBqZWxseWZpbgpgYGAKCioqTm90ZToqKiBJZiB5b3UgYXJlIHVzaW5nIERvY2tlciBsb2dzIChkaXJlY3RseSBvciBzZW5kaW5nIHRoZW0gdG8gYSBzeXNsb2cgc2VydmVyKSwgdGhlIG91dHB1dCBmb3JtYXQgaXMgaW5jb3JyZWN0IGFuZCB3aWxsIG5vdCBtYXRjaC4gIApDcmVhdGUgYSBjb3B5IG9mIGBsb2dnaW5nLmRlZmF1bHQuanNvbmAgdG8gYGxvZ2dpbmcuanNvbmAgaW4gSmVsbHlmaW4gY29uZmlnIGRpcmVjdG9yeSAoaXQgd2lsbCBvdmVycmlkZSB0aGUgbG9nZ2luZy5kZWZhdWx0Lmpzb24pIGFuZCBjaGFuZ2UgdGhlIGNvbnNvbGUgb3V0cHV0IHRlbXBsYXRlIGxpa2UgdGhlIGZvbGxvd2luZyA6ICAKYGBgCi4uLgogICAgICAgICJXcml0ZVRvIjogWwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiTmFtZSI6ICJDb25zb2xlIiwKICAgICAgICAgICAgICAgICJBcmdzIjogewogICAgICAgICAgICAgICAgICAgICJvdXRwdXRUZW1wbGF0ZSI6ICJbe1RpbWVzdGFtcDp5eXl5LU1NLWRkIEhIOm1tOnNzLmZmZiB6enp9XSBbe0xldmVsOnUzfV0gW3tUaHJlYWRJZH1dIHtTb3VyY2VDb250ZXh0fToge01lc3NhZ2U6bGp9e05ld0xpbmV9e0V4Y2VwdGlvbn0iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCi4uLgpgYGA=", - "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9qZWxseWZpbi1sb2dzCnNjZW5hcmlvczoKICAtIExlUHJlc2lkZW50ZS9qZWxseWZpbi1iZgpkZXNjcmlwdGlvbjogIkplbGx5ZmluIHN1cHBvcnQgOiBwYXJzZXIgYW5kIGJydXRlLWZvcmNlIGRldGVjdGlvbiIKYXV0aG9yOiBMZVByZXNpZGVudGUKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gamVsbHlmaW4=", + "content": "cGFyc2VyczoKICAtIExlUHJlc2lkZW50ZS9qZWxseWZpbi1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L2plbGx5ZmluLXdoaXRlbGlzdApzY2VuYXJpb3M6CiAgLSBMZVByZXNpZGVudGUvamVsbHlmaW4tYmYKZGVzY3JpcHRpb246ICJKZWxseWZpbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogTGVQcmVzaWRlbnRlCnRhZ3M6CiAgLSBsaW51eAogIC0gYnJ1dGUtZm9yY2UKICAtIGplbGx5ZmluCg==", "description": "Jellyfin support : parser and brute-force detection", "author": "LePresidente", "labels": null, "parsers": [ - "LePresidente/jellyfin-logs" + "LePresidente/jellyfin-logs", + "crowdsecurity/jellyfin-whitelist" ], "scenarios": [ "LePresidente/jellyfin-bf" @@ -917,7 +922,7 @@ }, "crowdsecurity/http-cve": { "path": "collections/crowdsecurity/http-cve.yaml", - "version": "2.0", + "version": "2.1", "versions": { "0.1": { "digest": "30748e051a470c1bc91506ae63e8784cd054564f90ccc23eb655823fc30e3019", @@ -998,10 +1003,14 @@ "2.0": { "digest": "282fb0e5941d39b850f3199498fe282c69293c7f29892c80e16d28e4c452608d", "deprecated": false + }, + "2.1": { + "digest": "bf083cddb42468da403bdcba02efc6e287ef640512a0442f7b180dc091e1fb44", + "deprecated": false } }, - "long_description": "QSBjb2xsZWN0aW9uIG9mIGh0dHAgc3BlY2lmaWMgQ1ZFcyA6CgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtHTFBJIENWRS0yMDIyLTM1OTE0XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi0zNTkxNCkKIC0gW0ZvcnRpbmV0IENWRS0yMDIyLTQwNjg0XShodHRwczovL3d3dy5ob3Jpem9uMy5haS9mb3J0aW9zLWZvcnRpcHJveHktYW5kLWZvcnRpc3dpdGNobWFuYWdlci1hdXRoZW50aWNhdGlvbi1ieXBhc3MtdGVjaG5pY2FsLWRlZXAtZGl2ZS1jdmUtMjAyMi00MDY4NC8pCiAtIFtDb25mbHVlbmNlIENWRS0yMDIyLTI2MTM0XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTI2MTM0KQogLSBbVGV4dDRTaGVsbCBDVkUtMjAyMi00Mjg4OV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi00Mjg4OSkKIC0gW0dob3N0IENNUyBDVkUtMjAyMi00MTY5N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDE2OTcpCiAtIFtDYWN0aSBDVkUtMjAyMi00NjE2OV0oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDYxNjkpCiAtIFtDZW50b3MgV2ViIFBhbmVsIDcgQ1ZFLTIwMjItNDQ4NzddKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTQ0ODc3KQogLSBbVGVsZXJpayBVSSBDVkUtMjAxOS0xODkzNV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAxOS0xODkzNSkKCgo6d2FybmluZzogVGhpcyBjb2xsZWN0aW9uIGlzIF9ub3RfIGEgV0FGIGFuZCB0aGlzIGNvbGxlY3Rpb24gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCkFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgo=", - "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2ViCiAgLSBleHBsb2l0CiAgLSBjdmUKICAtIGh0dHAK", + "long_description": "QSBjb2xsZWN0aW9uIG9mIGh0dHAgc3BlY2lmaWMgQ1ZFcyA6CgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtHTFBJIENWRS0yMDIyLTM1OTE0XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi0zNTkxNCkKIC0gW0ZvcnRpbmV0IENWRS0yMDIyLTQwNjg0XShodHRwczovL3d3dy5ob3Jpem9uMy5haS9mb3J0aW9zLWZvcnRpcHJveHktYW5kLWZvcnRpc3dpdGNobWFuYWdlci1hdXRoZW50aWNhdGlvbi1ieXBhc3MtdGVjaG5pY2FsLWRlZXAtZGl2ZS1jdmUtMjAyMi00MDY4NC8pCiAtIFtDb25mbHVlbmNlIENWRS0yMDIyLTI2MTM0XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTI2MTM0KQogLSBbVGV4dDRTaGVsbCBDVkUtMjAyMi00Mjg4OV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi00Mjg4OSkKIC0gW0dob3N0IENNUyBDVkUtMjAyMi00MTY5N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDE2OTcpCiAtIFtDYWN0aSBDVkUtMjAyMi00NjE2OV0oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDYxNjkpCiAtIFtDZW50b3MgV2ViIFBhbmVsIDcgQ1ZFLTIwMjItNDQ4NzddKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTQ0ODc3KQogLSBbVGVsZXJpayBVSSBDVkUtMjAxOS0xODkzNV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAxOS0xODkzNSkKIC0gW05ldGdlYXIgREdOMTAwMCAvIERHTjIyMDAgUmVtb3RlIENvbW1hbmQgRXhlY3V0aW9uXShodHRwczovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yNTk3OCkKCgo6d2FybmluZzogVGhpcyBjb2xsZWN0aW9uIGlzIF9ub3RfIGEgV0FGIGFuZCB0aGlzIGNvbGxlY3Rpb24gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCkFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgo=", + "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2ViCiAgLSBleHBsb2l0CiAgLSBjdmUKICAtIGh0dHAK", "author": "crowdsecurity", "labels": null, "scenarios": [ @@ -1026,7 +1035,8 @@ "crowdsecurity/CVE-2022-41697", "crowdsecurity/CVE-2022-46169", "crowdsecurity/CVE-2022-44877", - "crowdsecurity/CVE-2019-18935" + "crowdsecurity/CVE-2019-18935", + "crowdsecurity/netgear_rce" ] }, "crowdsecurity/iis": { @@ -2033,6 +2043,32 @@ "hitech95/mail-generic-bf" ] }, + "inherent-io/keycloak": { + "path": "collections/inherent-io/keycloak.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "b57e28a782a618fd349ddba5deb1af5795dc75e72022b443de287ec98ec6daa0", + "deprecated": false + }, + "0.2": { + "digest": "f3ddcd12543d906393577d99474efffe23262d640dce5f7b405de93794cc6627", + "deprecated": false + } + }, + "long_description": "S2V5Y2xvYWsgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL2tleWNsb2FrL2tleWNsb2FrLmxvZwpsYWJlbHM6CiAgdHlwZToga2V5Y2xvYWsKYGBgCgpEaXJlY3RseSBtb25pdG9yaW5nIERvY2tlcgpgYGB5YW1sCi0tLQpzb3VyY2U6IGRvY2tlcgpjb250YWluZXJfbmFtZToKIC0ga2V5Y2xvYWsKI2NvbnRhaW5lcl9pZDoKIyAtIDg0M2VlOTJkMjMxYgpsYWJlbHM6CiAgdHlwZToga2V5Y2xvYWsKLS0tCg==", + "content": "cGFyc2VyczoKICAtIGluaGVyZW50LWlvL2tleWNsb2FrLWxvZ3MKc2NlbmFyaW9zOgogIC0gaW5oZXJlbnQtaW8va2V5Y2xvYWstYmYKICAtIGluaGVyZW50LWlvL2tleWNsb2FrLXNsb3ctYmYKZGVzY3JpcHRpb246ICJLZXljbG9hayBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogaW5oZXJlbnQtaW8KdGFnczoKICAtIGtleWNsb2FrCiAgLSBicnV0ZWZvcmNlCg==", + "description": "Keycloak support : parser and brute-force detection", + "author": "inherent-io", + "labels": null, + "parsers": [ + "inherent-io/keycloak-logs" + ], + "scenarios": [ + "inherent-io/keycloak-bf", + "inherent-io/keycloak-slow-bf" + ] + }, "jusabatier/apereo-cas": { "path": "collections/jusabatier/apereo-cas.yaml", "version": "0.1", @@ -2954,7 +2990,7 @@ "crowdsecurity/dovecot-logs": { "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml", "stage": "s01-parse", - "version": "0.7", + "version": "0.8", "versions": { "0.1": { "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42", @@ -2983,9 +3019,13 @@ "0.7": { "digest": "c9920defec4d26589457f01517eae8a3f6ba5fd5104ed3c17badbe5cf145dc64", "deprecated": false + }, + "0.8": { + "digest": "638a4596262469ddaff8d608921513f2e84cb5e822f67e902e0097812ff28ada", + "deprecated": false } }, - "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9OiB1c2VyPTwle0RBVEE6ZG92ZWNvdF91c2VyfT4uKiwgcmlwPSV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LCBsaXA9JXtJUDpkb3ZlY290X2xvY2FsX2lwfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJhdXRoLXdvcmtlclxcKCV7SU5UfVxcKTogJXtXT1JEOmRvdmVjb3RfdXNlcl9iYWNrZW5kfVxcKCV7REFUQTpkb3ZlY290X3VzZXJ9LCV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LD8le0RBVEF9XFwpOiAoJXtEQVRBfTogKT8le0RBVEE6ZG92ZWNvdF9sb2dpbl9tZXNzYWdlfSQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiYXV0aC13b3JrZXJcXCgle0lOVH1cXCk6IGNvbm4gdW5peDphdXRoLXdvcmtlciBcXChwaWQ9JXtJTlR9LHVpZD0le0lOVH1cXCk6IGF1dGgtd29ya2VyPCV7SU5UfT46ICV7V09SRDpkb3ZlY290X3VzZXJfYmFja2VuZH1cXCgle0RBVEE6ZG92ZWNvdF91c2VyfSwle0lQOmRvdmVjb3RfcmVtb3RlX2lwfSw/JXtEQVRBfVxcKTogKCV7REFUQX06ICk/JXtEQVRBOmRvdmVjb3RfbG9naW5fbWVzc2FnZX0kIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogImF1dGg6IHBhc3N3ZC1maWxlXFwoJXtEQVRBOmRvdmVjb3RfdXNlcn0sJXtJUDpkb3ZlY290X3JlbW90ZV9pcH1cXCk6ICgle0RBVEF9OiApPyV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9JCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGRvdmVjb3RfbG9ncwogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZG92ZWNvdF9yZW1vdGVfaXAiCiAgICAtIG1ldGE6IGRvdmVjb3RfbG9naW5fcmVzdWx0CiAgICAgIGV4cHJlc3Npb246ICJhbnkoWydBdXRoZW50aWNhdGlvbiBmYWlsdXJlJywgJ1Bhc3N3b3JkIG1pc21hdGNoJywgJ3Bhc3N3b3JkIG1pc21hdGNoJywgJ2F1dGggZmFpbGVkJywgJ3Vua25vd24gdXNlciddLCB7ZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX21lc3NhZ2UgY29udGFpbnMgI30pID8gJ2F1dGhfZmFpbGVkJyA6ICcnIgo=", + "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9OiB1c2VyPTwle0RBVEE6ZG92ZWNvdF91c2VyfT4uKiwgcmlwPSV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LCBsaXA9JXtJUDpkb3ZlY290X2xvY2FsX2lwfSIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJhdXRoLXdvcmtlclxcKCV7SU5UfVxcKTogJXtXT1JEOmRvdmVjb3RfdXNlcl9iYWNrZW5kfVxcKCV7REFUQTpkb3ZlY290X3VzZXJ9LCV7SVA6ZG92ZWNvdF9yZW1vdGVfaXB9LD8le0RBVEF9XFwpOiAoJXtEQVRBfTogKT8le0RBVEE6ZG92ZWNvdF9sb2dpbl9tZXNzYWdlfSQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAiYXV0aC13b3JrZXJcXCgle0lOVH1cXCk6IChJbmZvOiApP2Nvbm4gdW5peDphdXRoLXdvcmtlciBcXChwaWQ9JXtJTlR9LHVpZD0le0lOVH1cXCk6IGF1dGgtd29ya2VyPCV7SU5UfT46ICV7V09SRDpkb3ZlY290X3VzZXJfYmFja2VuZH1cXCgle0RBVEE6ZG92ZWNvdF91c2VyfSwle0lQOmRvdmVjb3RfcmVtb3RlX2lwfSw/JXtEQVRBfVxcKTogKCV7REFUQX06ICk/JXtEQVRBOmRvdmVjb3RfbG9naW5fbWVzc2FnZX0kIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogImF1dGg6IHBhc3N3ZC1maWxlXFwoJXtEQVRBOmRvdmVjb3RfdXNlcn0sJXtJUDpkb3ZlY290X3JlbW90ZV9pcH1cXCk6ICgle0RBVEF9OiApPyV7REFUQTpkb3ZlY290X2xvZ2luX21lc3NhZ2V9JCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGRvdmVjb3RfbG9ncwogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZG92ZWNvdF9yZW1vdGVfaXAiCiAgICAtIG1ldGE6IGRvdmVjb3RfbG9naW5fcmVzdWx0CiAgICAgIGV4cHJlc3Npb246ICJhbnkoWydBdXRoZW50aWNhdGlvbiBmYWlsdXJlJywgJ1Bhc3N3b3JkIG1pc21hdGNoJywgJ3Bhc3N3b3JkIG1pc21hdGNoJywgJ2F1dGggZmFpbGVkJywgJ3Vua25vd24gdXNlciddLCB7ZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX21lc3NhZ2UgY29udGFpbnMgI30pID8gJ2F1dGhfZmFpbGVkJyA6ICcnIgo=", "description": "Parse dovecot logs", "author": "crowdsecurity", "labels": null @@ -3082,7 +3122,7 @@ "crowdsecurity/exim-logs": { "path": "parsers/s01-parse/crowdsecurity/exim-logs.yaml", "stage": "s01-parse", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "507fd358283a08ff01d7fd2a19c5aec6e9be18e37008bcd470d4af8d71b94db2", @@ -3091,10 +3131,14 @@ "0.2": { "digest": "a953bad60f49d02a3bb0b3928d26f5184414eb8f7026fd62cec7b52081ce9cd2", "deprecated": false + }, + "0.3": { + "digest": "0a7b71758bb626381f1f540871b1d1f4e8d2af3c88d8466ed85aed94c9e912c6", + "deprecated": false } }, "long_description": "RXhpbSBsb2dzIHBhcnNlcgo=", - "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2V4aW0nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4aW0tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4aW0gbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgTk9fR1JFQVRFUjogJ1tePl0rJwogIE5PX0VORF9CUkFDS0VUOiAnW15cXV0rJwogIE5PX0VORF9QQVI6ICdbXlwpXSsnCiAgTk9TUEFDRTogJ1teIF0rJwogIERBVEVfVDogJ1swLTktXSsgWzAtOTpdKycKICBFWElNX0hFQURFUjogJyV7REFURV9UOmRhdGV9IGRvdmVjb3RfKGxvZ2lufHBsYWluKScKICBFWElNX0RBVEU6ICcoOj8le1lFQVJ9LSV7TU9OVEhOVU19LSV7TU9OVEhEQVl9ICV7VElNRX0pJwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fSEVBREVSfSBhdXRoZW50aWNhdG9yIGZhaWxlZCBmb3IgXChcWyV7Tk9fRU5EX0JSQUNLRVQ6dGFyZ2V0X2lwfVxdXCkgXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH06ICV7SU5UfSBJbmNvcnJlY3QgYXV0aGVudGljYXRpb24gZGF0YSBcKHNldF9pZD0le05PX0VORF9QQVI6dGFyZ2V0X3VzZXJ9XCknCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGV4aW1fZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9EQVRFfSBsb2dpbiBhdXRoZW50aWNhdG9yIGZhaWxlZCBmb3IgJXtOT1RTUEFDRTp0YXJnZXRfaXB9IFxbJXtJUDpzb3VyY2VfaXB9XVw6ICV7SU5UfSBJbmNvcnJlY3QgYXV0aGVudGljYXRpb24gZGF0YSBcKHNldF9pZD0oJXtVU0VSTkFNRTp0YXJnZXRfdXNlcn18JXtVU0VSTkFNRTp0YXJnZXRfdXNlcn1cQCV7VVJJSE9TVDpob3N0fSlcKScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogZXhpbV9mYWlsZWRfYXV0aAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX0hFQURFUn0gYXV0aGVudGljYXRvciBmYWlsZWQgZm9yIFwoJXtOT19FTkRfUEFSOnRhcmdldF9kbnN9XCkgXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH06ICV7SU5UfSBJbmNvcnJlY3QgYXV0aGVudGljYXRpb24gZGF0YSBcKHNldF9pZD0le05PX0VORF9QQVI6dGFyZ2V0X3VzZXJ9XCknCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGV4aW1fZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9IRUFERVJ9IGF1dGhlbnRpY2F0b3IgZmFpbGVkIGZvciAle05PU1BBQ0U6dGFyZ2V0X2Ruc30gXChcWyV7Tk9fRU5EX0JSQUNLRVQ6dGFyZ2V0X2lwfVxdXCkgXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH06ICV7SU5UfSBJbmNvcnJlY3QgYXV0aGVudGljYXRpb24gZGF0YSBcKHNldF9pZD0le05PX0VORF9QQVI6dGFyZ2V0X3VzZXJ9XCknCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGV4aW1fZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7REFURV9UOmRhdGV9IEg9JXtOT1NQQUNFOnNvdXJjZV9kbnN9IFxbJXtOT19FTkRfQlJBQ0tFVDpzb3VyY2VfaXB9XF06JXtJTlQ6c291cmNlX3BvcnR9IEY9PCV7Tk9fR1JFQVRFUjpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7Tk9fR1JFQVRFUjp0YXJnZXRfdXNlcn0+OiAiSnVua01haWwgcmVqZWN0ZWQgLSAle05PU1BBQ0V9IFxbJXtOT19FTkRfQlJBQ0tFVH1cXTole0lOVH0gaXMgaW4gYW4gUkJMOiAle05PX0RPVUJMRV9RVU9URTpyYmxfdXJsfSInCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgICAgICAgLSBtZXRhOiByYmxfdXJsCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJibF91cmwKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfZG5zCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfZG5zIgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9EQVRFfSBIPSV7Tk9UU1BBQ0U6c291cmNlX2Ruc30gXFsle0lQOnNvdXJjZV9pcH1cXSBYPSV7Tk9UU1BBQ0V9IENWPSV7V09SRH0gRj08JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle0VNQUlMQUREUkVTUzp0YXJnZXRfdXNlcn0+OiBFbWFpbCBibG9ja2VkIGJ5ICV7SE9TVE5BTUU6cmJsX3VybH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgICAgICAgLSBtZXRhOiByYmxfdXJsCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJibF91cmwKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfZG5zCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfZG5zIgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9EQVRFfSBIPSV7Tk9UU1BBQ0U6c291cmNlX2Ruc30gXFsle0lQOnNvdXJjZV9pcH1cXSBGPTwle0VNQUlMQUREUkVTUzpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7RU1BSUxBRERSRVNTOnRhcmdldF91c2VyfT46IEVtYWlsIGJsb2NrZWQgYnkgJXtIT1NUTkFNRTpyYmxfdXJsfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAgICAgICAtIG1ldGE6IHJibF91cmwKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmJsX3VybAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAgICAgICAtIG1ldGE6IHNvdXJjZV9kbnMKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9kbnMiCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtEQVRFX1Q6ZGF0ZX0gSD0le05PU1BBQ0U6c291cmNlX2Ruc30gXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH0gWD0le05PU1BBQ0U6dGxzX2NpcGhlcn0gQ1Y9JXtOT1NQQUNFfSBGPTwle05PX0dSRUFURVI6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle05PX0dSRUFURVI6dGFyZ2V0X3VzZXJ9PjogTm8gU3VjaCBVc2VyIEhlcmUnCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGV4aW1fZmFpbGVkX2F1dGgKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAgICAgICAtIG1ldGE6IHNvdXJjZV9kbnMKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9kbnMiCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtEQVRFX1Q6ZGF0ZX0gSD0le05PU1BBQ0U6c291cmNlX2Ruc30gXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH0gdGVtcG9yYXJpbHkgcmVqZWN0ZWQgY29ubmVjdGlvbiBpbiAiJXtOT19ET1VCTEVfUVVPVEU6YWNsfSIgQUNMOiAiSG9zdCBpcyByYXRlbGltaXRlZCBcKCV7Tk9fRU5EX1BBUjpyYXRlX2xpbWl0fVwpJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAgICAgICAtIG1ldGE6IHNvdXJjZV9kbnMKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9kbnMiCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtEQVRFX1Q6ZGF0ZX0gSD0le05PU1BBQ0U6c291cmNlX2Ruc30gXFsle05PX0VORF9CUkFDS0VUOnNvdXJjZV9pcH1cXTole0lOVDpzb3VyY2VfcG9ydH0gc2VuZGVyIHZlcmlmeSBmYWlsIGZvciA8JXtOT19HUkVBVEVSOnNvdXJjZV91c2VyfT46IFRoZSBtYWlsIHNlcnZlciBkb2VzIG5vdCByZWNvZ25pemUgJXtOT1NQQUNFfSBhcyBhIHZhbGlkIHNlbmRlci4nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRlCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfdXNlcgogICAgICAgIC0gbWV0YTogc291cmNlX2RucwogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2RucyIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0RBVEVfVDpkYXRlfSBIPSV7Tk9TUEFDRTpzb3VyY2VfZG5zfSBcWyV7Tk9fRU5EX0JSQUNLRVQ6c291cmNlX2lwfVxdOiV7SU5UOnNvdXJjZV9wb3J0fSBYPSV7Tk9TUEFDRTp0bHNfY2lwaGVyfSBDVj0le05PU1BBQ0V9IEY9PCV7Tk9fR1JFQVRFUjpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7Tk9fR1JFQVRFUjp0YXJnZXRfdXNlcn0+OiBTZW5kZXIgdmVyaWZ5IGZhaWxlZCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfZG5zCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfZG5zIgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7REFURV9UOmRhdGV9IEg9XCgle05PX0VORF9QQVI6c291cmNlX2Ruc31cKSBcWyV7Tk9fRU5EX0JSQUNLRVQ6c291cmNlX2lwfVxdOiV7SU5UOnNvdXJjZV9wb3J0fSBYPSV7Tk9TUEFDRTp0bHNfY2lwaGVyfSBDVj0le05PU1BBQ0V9IEY9PCV7Tk9fR1JFQVRFUjpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7Tk9fR1JFQVRFUjp0YXJnZXRfdXNlcn0+OiBTTVRQIEFVVEggaXMgcmVxdWlyZWQgZm9yIG1lc3NhZ2Ugc3VibWlzc2lvbiBvbiBwb3J0ICV7SU5UOnRhcmdldF9wb3J0fScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGUKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfZG5zCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfZG5zIgogICAgICAgIC0gbWV0YTogdGFyZ2V0X3BvcnQKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF9wb3J0IgpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGV4aW0KICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdGFyZ2V0X2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50YXJnZXRfaXAiCiAgLSBtZXRhOiB0YXJnZXRfZG5zCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50YXJnZXRfZG5zIgogIC0gbWV0YTogdXNlcm5hbWUKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnRhcmdldF91c2VyIg==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2V4aW0nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2V4aW0tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGV4aW0gbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgTk9fRU5EX0JSQUNLRVQ6ICdbXlxdXSsnCiAgTk9fRU5EX1BBUjogJ1teXCldKycKICBFWElNX0FVVEg6ICcoPzpkb3ZlY290Xyk/KD86bG9naW58cGxhaW4pJwogIEVYSU1fU09VUkNFOiAnKD86JXtIT1NUTkFNRTpzb3VyY2VfZG5zfSApPyg/OlwoJXtOT19FTkRfUEFSOnNvdXJjZV9oZWxvfVwpICk/XFsle0lQOnNvdXJjZV9pcH1cXScKICBFWElNX09QVF9EQVRFOiAnKDo/JXtFWElNX0RBVEU6ZGF0ZX0gKT8nCiAgRVhJTV9TT1VSQ0VfVExTOiAnSD0le0VYSU1fU09VUkNFfSg/Ojole1BPU0lOVDpzb3VyY2VfcG9ydH0pPyAoOj9YPSV7Tk9UU1BBQ0U6dGxzX2NpcGhlcn0gQ1Y9KDo/eWVzfG5vKSApPycKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9BVVRIOmV4aW1fYXV0aH0gYXV0aGVudGljYXRvciBmYWlsZWQgZm9yICV7RVhJTV9TT1VSQ0V9Oig/OiV7UE9TSU5UOnNvdXJjZV9wb3J0fTopPyA1MzUgSW5jb3JyZWN0IGF1dGhlbnRpY2F0aW9uIGRhdGEgXChzZXRfaWQ9JXtOT19FTkRfUEFSOnRhcmdldF91c2VyfVwpJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBleGltX2ZhaWxlZF9hdXRoCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9TT1VSQ0VfVExTfUY9PCV7RU1BSUxBRERSRVNTOnNvdXJjZV91c2VyfT4gcmVqZWN0ZWQgUkNQVCA8JXtFTUFJTEFERFJFU1M6dGFyZ2V0X3VzZXJ9PjogIkp1bmtNYWlsIHJlamVjdGVkIC0gJXtOT1RTUEFDRX0gXFsle05PX0VORF9CUkFDS0VUfVxdOiV7SU5UfSBpcyBpbiBhbiBSQkw6ICV7Tk9fRE9VQkxFX1FVT1RFOnJibF91cmx9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSBtZXRhOiByYmxfdXJsCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJibF91cmwKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnJXtFWElNX09QVF9EQVRFfSV7RVhJTV9TT1VSQ0VfVExTfUY9PCV7RU1BSUxBRERSRVNTOnNvdXJjZV91c2VyfT4gcmVqZWN0ZWQgUkNQVCA8JXtFTUFJTEFERFJFU1M6dGFyZ2V0X3VzZXJ9PjogRW1haWwgYmxvY2tlZCBieSAle0hPU1ROQU1FOnJibF91cmx9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAgICAgICAtIG1ldGE6IHJibF91cmwKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQucmJsX3VybAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9Rj08JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle0VNQUlMQUREUkVTUzp0YXJnZXRfdXNlcn0+OiBObyBTdWNoIFVzZXIgSGVyZScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogZXhpbV9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9dGVtcG9yYXJpbHkgcmVqZWN0ZWQgY29ubmVjdGlvbiBpbiAiJXtOT19ET1VCTEVfUVVPVEU6YWNsfSIgQUNMOiAiSG9zdCBpcyByYXRlbGltaXRlZCBcKCV7Tk9fRU5EX1BBUjpyYXRlX2xpbWl0fVwpJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9c2VuZGVyIHZlcmlmeSBmYWlsIGZvciA8JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PjogVGhlIG1haWwgc2VydmVyIGRvZXMgbm90IHJlY29nbml6ZSAle05PVFNQQUNFfSBhcyBhIHZhbGlkIHNlbmRlci4nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogICAgICAgIC0gbWV0YTogc291cmNlX3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlX3VzZXIKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcle0VYSU1fT1BUX0RBVEV9JXtFWElNX1NPVVJDRV9UTFN9Rj08JXtFTUFJTEFERFJFU1M6c291cmNlX3VzZXJ9PiByZWplY3RlZCBSQ1BUIDwle0VNQUlMQUREUkVTUzp0YXJnZXRfdXNlcn0+OiBTZW5kZXIgdmVyaWZ5IGZhaWxlZCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3BhbS1hdHRlbXB0CiAgICAgICAgLSBtZXRhOiBzb3VyY2VfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfdXNlcgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7RVhJTV9PUFRfREFURX0le0VYSU1fU09VUkNFX1RMU31GPTwle0VNQUlMQUREUkVTUzpzb3VyY2VfdXNlcn0+IHJlamVjdGVkIFJDUFQgPCV7RU1BSUxBRERSRVNTOnRhcmdldF91c2VyfT46IFNNVFAgQVVUSCBpcyByZXF1aXJlZCBmb3IgbWVzc2FnZSBzdWJtaXNzaW9uIG9uIHBvcnQgJXtQT1NJTlQ6dGFyZ2V0X3BvcnR9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAgICAgICAtIG1ldGE6IHNvdXJjZV91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV91c2VyCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfcG9ydAogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50YXJnZXRfcG9ydApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGV4aW0KICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZQogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnNvdXJjZV9pcAogIC0gbWV0YTogc291cmNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfZG5zCiAgLSBtZXRhOiBzb3VyY2VfaGVsbwogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5zb3VyY2VfaGVsbwogIC0gbWV0YTogdXNlcm5hbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGFyZ2V0X3VzZXIK", "description": "Parse exim logs", "author": "crowdsecurity", "labels": null @@ -3346,6 +3390,22 @@ "author": "crowdsecurity", "labels": null }, + "crowdsecurity/jellyfin-whitelist": { + "path": "parsers/s02-enrich/crowdsecurity/jellyfin-whitelist.yaml", + "stage": "s02-enrich", + "version": "0.1", + "versions": { + "0.1": { + "digest": "aa1cf7cfac48914a41ca95fea4d1aa3b885b27d5359b2ecd39c9a22d21d65c47", + "deprecated": false + } + }, + "long_description": "IyMgSmVsbHlmaW4gV2hpdGVsaXN0CgojIyMgUGxheWluZyB2aWRlb3MKV2hlbiBwbGF5aW5nIHZpZGVvcyBhIFBPU1QgcmVxdWVzdCBpcyBtYWRlIHRvIGBgL1Nlc3Npb25zL1BsYXlpbmcvUHJvZ3Jlc3NgYCwgSmVsbHlmaW4gd2lsbCByZXR1cm4gYSA0MDMuCg==", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9qZWxseWZpbi13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZXZlbnRzIGZyb20gamVsbHlmaW4iCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10iCndoaXRlbGlzdDoKICByZWFzb246ICJKZWxseWZpbiB3aGl0ZWxpc3QiCiAgZXhwcmVzc2lvbjoKICAgLSBldnQuTWV0YS5odHRwX3N0YXR1cyA9PSAnNDAzJyAmJiBldnQuTWV0YS5odHRwX3ZlcmIgPT0gJ1BPU1QnICYmIGV2dC5NZXRhLmh0dHBfcGF0aCBjb250YWlucyAiL1Nlc3Npb25zL1BsYXlpbmcvUHJvZ3Jlc3MiICMgV2hlbiBwbGF5aW5nIHZpZGVvcwo=", + "description": "Whitelist events from jellyfin", + "author": "crowdsecurity", + "labels": null + }, "crowdsecurity/k8s-audit": { "path": "parsers/s01-parse/crowdsecurity/k8s-audit.yaml", "stage": "s01-parse", @@ -3891,7 +3951,7 @@ "crowdsecurity/sshd-logs": { "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml", "stage": "s01-parse", - "version": "2.0", + "version": "2.1", "versions": { "0.1": { "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93", @@ -3972,10 +4032,14 @@ "2.0": { "digest": "85cc308adad1051bca9575f4adbda27a0f176bf3d3ffc8893e3657ad2a38bfd2", "deprecated": false + }, + "2.1": { + "digest": "5e7744b19993458adcca52ad039e8b0f64073c1c2f8bc6320f445c21daa79007", + "deprecated": false } }, "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==", - "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiBjbG9zZWQgYnkgKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKICAjZm9sbG93aW5nOiBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvMTIwMSAtIHNvbWUgc2Nhbm5lcnMgYmVoYXZlIGRpZmZlcmVudGx5IGFuZCB0cmlnZ2VyIHRoaXMgb25lCiAgU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVJfQUxUOiAnRGlzY29ubmVjdGVkIGZyb20gKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0RJU0NfUFJFQVVUSCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0JBRF9WRVJTSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfQkFOTkVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IGV4dHJhX2xvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9iYW5uZXIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1VTRVJfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOiAKICAgICAgbmFtZTogIlNTSERfQVVUSF9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiBzc2gKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfY2xpZW50X2lwIgo=", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NzaGQnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiMgVGhlIElQIGdyb2sgcGF0dGVybiB0aGF0IHNoaXBzIHdpdGggY3Jvd2RzZWMgaXMgYnVnZ3kgYW5kIGRvZXMgbm90IGNhcHR1cmUgdGhlIGxhc3QgZGlnaXQgb2YgYW4gSVAgaWYgaXQgaXMgdGhlIGxhc3QgdGhpbmcgaXQgbWF0Y2hlcywgYW5kIHRoZSBsYXN0IG9jdGV0IHN0YXJ0cyB3aXRoIGEgMgojIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy85MzgKICBJUHY0X1dPUktBUk9VTkQ6ICg/Oig/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPylcLil7M30oPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pCiAgSVBfV09SS0FST1VORDogKD86JXtJUFY2fXwle0lQdjRfV09SS0FST1VORH0pCiAgU1NIRF9BVVRIX0ZBSUw6ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IGF1dGhlbnRpY2F0aW9uIGZhaWx1cmU7IGxvZ25hbWU9IHVpZD0le05VTUJFUjp1aWR9PyBldWlkPSV7TlVNQkVSOmV1aWR9PyB0dHk9c3NoIHJ1c2VyPSByaG9zdD0le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCAle1NQQUNFfXVzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKICBTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRDogJ01hZ2ljIHZhbHVlIGNoZWNrIGZhaWxlZCBcKFxkK1wpIG9uIG9iZnVzY2F0ZWQgaGFuZHNoYWtlIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKycKICBTU0hEX0lOVkFMSURfVVNFUjogJ0ludmFsaWQgdXNlclxzKiV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiBjbG9zZWQgYnkgKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKICAjZm9sbG93aW5nOiBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvMTIwMSAtIHNvbWUgc2Nhbm5lcnMgYmVoYXZlIGRpZmZlcmVudGx5IGFuZCB0cmlnZ2VyIHRoaXMgb25lCiAgU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVJfQUxUOiAnRGlzY29ubmVjdGVkIGZyb20gKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKyBcW3ByZWF1dGhcXScKICBTU0hEX0JBRF9LRVlfTkVHT1RJQVRJT046ICdVbmFibGUgdG8gbmVnb3RpYXRlIHdpdGggJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKzogbm8gbWF0Y2hpbmcgKGhvc3Qga2V5IHR5cGV8a2V5IGV4Y2hhbmdlIG1ldGhvZCkgZm91bmQuJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSX0FMVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRElTQ19QUkVBVVRIIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQkFEX1ZFUlNJT04iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9JTlZBTElEX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9CQU5ORVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogZXh0cmFfbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2Jhbm5lcgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfVVNFUl9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6IAogICAgICBuYW1lOiAiU1NIRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazogCiAgICAgIG5hbWU6ICJTU0hEX01BR0lDX1ZBTFVFX0ZBSUxFRCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfS0VZX05FR09USUFUSU9OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2tleWV4Y2hhbmdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9jbGllbnRfaXAiCg==", "description": "Parse openSSH logs", "author": "crowdsecurity", "labels": null @@ -4448,6 +4512,22 @@ "author": "hitech95", "labels": null }, + "inherent-io/keycloak-logs": { + "path": "parsers/s01-parse/inherent-io/keycloak-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "82a556a0a3caba20dfc0d2cf5a6b794014cf0154dae388e979a249751673a5b2", + "deprecated": false + } + }, + "long_description": "WW91ciBvbmUgZml0cy1hbGwga2V5Y2xvYWsgcGFyc2VyIHdpdGggc3VwcG9ydCBmb3IgdGhlIG1vc3QgY29tbW9uIGtpbmQgb2YgZmFpbGVkIGF1dGhlbnRpY2F0aW9ucyBhbmQgZXJyb3JzLgo=", + "content": "ZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tleWNsb2FrJwpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGtleWNsb2FrIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVUSU1FOiAiWzAtOV0rLVswLTldKy1bMC05XSsgWzAtMl1bMC05XTpbMC01XVswLTldOlswLTVdWzAtOV0sWzAtOV17M30iCiAgTE9HX0xFVkVMOiAiKFdBUk58RVJST1J8SU5GTykiCgogIExPR0lOX0VSUk9SX0RBVEE6ICJyZWFsbUlkPSV7R1JFRURZREFUQTpyZWFsbUlkfSwgY2xpZW50SWQ9JXtHUkVFRFlEQVRBOmNsaWVudElkfSwgdXNlcklkPSV7R1JFRURZREFUQTp1c2VySWR9LCBpcEFkZHJlc3M9JXtHUkVFRFlEQVRBOmlwQWRkcmVzc30sIGVycm9yPSV7R1JFRURZREFUQTplcnJvcn0sIGF1dGhfbWV0aG9kPSV7R1JFRURZREFUQTphdXRoX21ldGhvZH0sIGF1dGhfdHlwZT0le0dSRUVEWURBVEE6YXV0aF90eXBlfSwgcmVkaXJlY3RfdXJpPSV7R1JFRURZREFUQTpyZWRpcmVjdF91cml9LCBjb2RlX2lkPSV7R1JFRURZREFUQTpjb2RlX2lkfSwgdXNlcm5hbWU9JXtHUkVFRFlEQVRBOnVzZXJuYW1lfSwgYXV0aFNlc3Npb25QYXJlbnRJZD0le0dSRUVEWURBVEE6YXV0aFNlc3Npb25QYXJlbnRJZH0sIGF1dGhTZXNzaW9uVGFiSWQ9JXtHUkVFRFlEQVRBOmF1dGhTZXNzaW9uVGFiSWR9IgogIExPR0lOX0VSUk9SOiAiXiV7REFURVRJTUU6ZGF0ZXRpbWV9ICV7TE9HX0xFVkVMOmxvZ19sZXZlbH0gWyBdKi4rIHR5cGVcXD1MT0dJTl9FUlJPUiwgJXtMT0dJTl9FUlJPUl9EQVRBfSQiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkxPR0lOX0VSUk9SIgogICAgICBhcHBseV9vbjogTGluZS5SYXcKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogTE9HSU5fRVJST1IKICAgICAgICAtIG1ldGE6IGVycm9yCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmVycm9yCiAgICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuaXBBZGRyZXNzCiAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQpzdGF0aWNzOgogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5kYXRldGltZQogIC0gbWV0YTogbG9nX2xldmVsCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmxvZ19sZXZlbAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgdmFsdWU6ICIyMDA2LTAxLTAyIDE1OjA0OjA1LDk5OTk5OTk5OSIK", + "description": "Parse keycloak logs", + "author": "inherent-io", + "labels": null + }, "jusabatier/apereo-cas-audit-logs": { "path": "parsers/s01-parse/jusabatier/apereo-cas-audit-logs.yaml", "stage": "s01-parse", @@ -4999,6 +5079,28 @@ "type": "bruteforce" } }, + "LePresidente/ssh-bad-keyexchange-bf": { + "path": "scenarios/LePresidente/ssh-bad-keyexchange-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "654f4cd2d1f53a60423647e3d8ec38cde2e27a7b8495c44204f001f5f5485430", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggS2V5IEV4Y2hhbmdlcyA6CgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IGlwCiAK", + "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBsZXByZXNpZGVudGUvc3NoLWJhZC1rZXlleGNoYW5nZS1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYmFkIGtleSBleGNoYW5nZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9iYWRfa2V5ZXhjaGFuZ2UnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwOi8vd2lraXBlZGlhLmNvbS9zc2gtYmYtaXMtYmFkCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBzc2gKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=", + "description": "Detect ssh bad key exchange", + "author": "LePresidente", + "references": [ + "http://wikipedia.com/ssh-bf-is-bad" + ], + "labels": { + "remediation": "true", + "service": "ssh", + "type": "bruteforce" + } + }, "MariuszKociubinski/bitwarden-bf": { "path": "scenarios/MariuszKociubinski/bitwarden-bf.yaml", "version": "0.1", @@ -7197,6 +7299,27 @@ "type": "scan" } }, + "crowdsecurity/netgear_rce": { + "path": "scenarios/crowdsecurity/netgear_rce.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "da6b213c4c31c81a22e52b573428cd78a76cb9c00f810d0835f7831f8f80eb5d", + "deprecated": false + } + }, + "long_description": "IyMgTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb24KCkRldGVjdHMgYXR0ZW1wdHMgb2YgZXhwbG9pdCBvZiBOZXRnZWFyIERHTjEwMDAgLyBER04yMjAwIFJlbW90ZSBDb21tYW5kIEV4ZWN1dGlvbi4KCgpSZWZlcmVuY2U6IGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4Cg==", + "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IE5ldGdlYXIgUkNFIERHTjEwMDAvREdOMjIwIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBMb3dlcihRdWVyeVVuZXNjYXBlKGV2dC5NZXRhLmh0dHBfcGF0aCkpIHN0YXJ0c1dpdGggVXBwZXIoJy9zZXR1cC5jZ2k/bmV4dF9maWxlPW5ldGdlYXIuY2ZnJnRvZG89c3lzY21kJmNtZD0nKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCnJlZmVyZW5jZXM6IAogIC0gImh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4IgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "Detect Netgear RCE DGN1000/DGN220 exploitation attempts", + "author": "crowdsecurity", + "references": [ + "https://www.exploit-db.com/exploits/25978" + ], + "labels": { + "remediation": "true", + "type": "exploit" + } + }, "crowdsecurity/nextcloud-bf": { "path": "scenarios/crowdsecurity/nextcloud-bf.yaml", "version": "0.2", @@ -7837,6 +7960,44 @@ "type": "bf" } }, + "inherent-io/keycloak-bf": { + "path": "scenarios/inherent-io/keycloak-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "e49641024ac18c51c5f562e9f1c4a60ec31e0ef0525f5754537bc7ac8a425ddb", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGZhaWxlZCBLZXljbG9hayBhdXRoZW50aWNhdGlvbnMgOgoKIC0gbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNSBvbiBzYW1lIHRhcmdldCB1c2VyCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgdW5pcXVlIGRpc3RpbmN0IHVzZXJzCg==", + "content": "dHlwZTogbGVha3kKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstYmYKZGVzY3JpcHRpb246ICJEZXRlY3Qga2V5Y2xvYWsgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5lcnJvciBpbiBbJ3VzZXJfbm90X2ZvdW5kJywgJ2ludmFsaWRfdXNlcl9jcmVkZW50aWFscyddCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IGtleWNsb2FrCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQotLS0KdHlwZTogbGVha3kKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstdXNlci1lbnVtLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGtleWNsb2FrIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmVycm9yIGluIFsndXNlcl9ub3RfZm91bmQnLCAnaW52YWxpZF91c2VyX2NyZWRlbnRpYWxzJ10KbGVha3NwZWVkOiAiMTBzIgpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5NZXRhLnVzZXJuYW1lCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IGtleWNsb2FrCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", + "description": "Detect keycloak bruteforce", + "author": "inherent-io", + "labels": { + "remediation": "true", + "service": "keycloak", + "type": "bruteforce" + } + }, + "inherent-io/keycloak-slow-bf": { + "path": "scenarios/inherent-io/keycloak-slow-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "14928e0df7050fa79b4e332f228afc71e287c2a67fefd2c77aab19de99fad70a", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGZhaWxlZCBLZXljbG9hayBhdXRoZW50aWNhdGlvbnMgOgoKIC0gbGVha3NwZWVkIG9mIDYwcywgY2FwYWNpdHkgb2YgMTAgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgNjBzLCBjYXBhY2l0eSBvZiAxMCB1bmlxdWUgZGlzdGluY3QgdXNlcnMK", + "content": "dHlwZTogbGVha3kKbmFtZTogaW5oZXJlbnQtaW8va2V5Y2xvYWstc2xvdy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBrZXljbG9hayBicnV0ZWZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5lcnJvciBpbiBbJ3VzZXJfbm90X2ZvdW5kJywgJ2ludmFsaWRfdXNlcl9jcmVkZW50aWFscyddIgpsZWFrc3BlZWQ6ICI2MHMiCmNhcGFjaXR5OiAxMApncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogc2VydmljZToga2V5Y2xvYWsKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQp0eXBlOiBsZWFreQpuYW1lOiBpbmhlcmVudC1pby9rZXljbG9hay11c2VyLWVudW0tc2xvdy1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBrZXljbG9hayB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEuZXJyb3IgaW4gWyd1c2VyX25vdF9mb3VuZCcsICdpbnZhbGlkX3VzZXJfY3JlZGVudGlhbHMnXSIKbGVha3NwZWVkOiAiNjBzIgpjYXBhY2l0eTogMTAKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuTWV0YS51c2VybmFtZQpibGFja2hvbGU6IDFtCnJlcHJvY2VzczogdHJ1ZQpsYWJlbHM6CiBzZXJ2aWNlOiBrZXljbG9hawogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUK", + "description": "Detect keycloak bruteforce", + "author": "inherent-io", + "labels": { + "remediation": "true", + "service": "keycloak", + "type": "bruteforce" + } + }, "jusabatier/apereo-cas-bf": { "path": "scenarios/jusabatier/apereo-cas-bf.yaml", "version": "0.1", diff --git a/crowdsec/hub/collections/crowdsecurity/http-cve.yaml b/crowdsec/hub/collections/crowdsecurity/http-cve.yaml index 33b3402..5b67f32 100644 --- a/crowdsec/hub/collections/crowdsecurity/http-cve.yaml +++ b/crowdsec/hub/collections/crowdsecurity/http-cve.yaml @@ -21,6 +21,7 @@ scenarios: - crowdsecurity/CVE-2022-46169 - crowdsecurity/CVE-2022-44877 - crowdsecurity/CVE-2019-18935 + - crowdsecurity/netgear_rce author: crowdsecurity tags: - web diff --git a/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml b/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml index 9b0e6bc..d000c67 100644 --- a/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml +++ b/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml @@ -15,6 +15,7 @@ pattern_syntax: SSHD_PREAUTH_AUTHENTICATING_USER: 'Connection closed by (authenticating|invalid) user %{USERNAME:sshd_invalid_user} %{IP_WORKAROUND:sshd_client_ip} port \d+ \[preauth\]' #following: https://github.com/crowdsecurity/crowdsec/issues/1201 - some scanners behave differently and trigger this one SSHD_PREAUTH_AUTHENTICATING_USER_ALT: 'Disconnected from (authenticating|invalid) user %{USERNAME:sshd_invalid_user} %{IP_WORKAROUND:sshd_client_ip} port \d+ \[preauth\]' + SSHD_BAD_KEY_NEGOTIATION: 'Unable to negotiate with %{IP_WORKAROUND:sshd_client_ip} port \d+: no matching (host key type|key exchange method) found.' nodes: - grok: name: "SSHD_FAIL" @@ -86,6 +87,12 @@ nodes: value: ssh_failed-auth - meta: target_user expression: "evt.Parsed.sshd_invalid_user" + - grok: + name: "SSHD_BAD_KEY_NEGOTIATION" + apply_on: message + statics: + - meta: log_type + value: ssh_bad_keyexchange statics: - meta: service value: ssh diff --git a/crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml b/crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml new file mode 100644 index 0000000..35bcd8d --- /dev/null +++ b/crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml @@ -0,0 +1,13 @@ +type: trigger +format: 2.0 +name: crowdsecurity/netgear_rce +description: "Detect Netgear RCE DGN1000/DGN220 exploitation attempts" +filter: | + evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Lower(QueryUnescape(evt.Meta.http_path)) startsWith Upper('/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=') +groupby: "evt.Meta.source_ip" +blackhole: 2m +references: + - "https://www.exploit-db.com/exploits/25978" +labels: + type: exploit + remediation: true diff --git a/crowdsec/scenarios/netgear_rce.yaml b/crowdsec/scenarios/netgear_rce.yaml new file mode 120000 index 0000000..4494193 --- /dev/null +++ b/crowdsec/scenarios/netgear_rce.yaml @@ -0,0 +1 @@ +/etc/crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml \ No newline at end of file diff --git a/csf/csf.deny b/csf/csf.deny index 868cf52..c42efd0 100644 --- a/csf/csf.deny +++ b/csf/csf.deny @@ -15,38 +15,6 @@ # tcp/udp|in/out|s/d=port,port,...|s/d=ip # # See readme.txt for more information regarding advanced port filtering -185.240.96.123 # lfd: (PERMBLOCK) 185.240.96.123 (PL/Poland/Warmia-Masuria/Mragowo/185-240-96-123.matcom.com.pl) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 11:16:59 2023 -89.44.137.55 # lfd: (PERMBLOCK) 89.44.137.55 (RO/Romania/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 11:17:04 2023 -37.53.72.211 # lfd: (PERMBLOCK) 37.53.72.211 (UA/Ukraine/Kyiv City/Kyiv/mail.tatneft-crimea.com.ua) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 12:14:59 2023 -152.89.47.9 # lfd: (PERMBLOCK) 152.89.47.9 (IR/Iran/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 12:20:10 2023 -159.65.171.230 # lfd: (PERMBLOCK) 159.65.171.230 (US/United States/New Jersey/Clifton/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 12:20:10 2023 -8.209.248.154 # lfd: (PERMBLOCK) 8.209.248.154 (JP/Japan/Tokyo/Tokyo/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 16:13:00 2023 -51.15.140.163 # lfd: (PERMBLOCK) 51.15.140.163 (FR/France/-/-/163-140-15-51.instances.scw.cloud) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 16:31:12 2023 -122.254.94.129 # lfd: (PERMBLOCK) 122.254.94.129 (MN/Mongolia/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 18:59:55 2023 -178.128.95.119 # lfd: (PERMBLOCK) 178.128.95.119 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 19:12:26 2023 -178.128.172.9 # lfd: (PERMBLOCK) 178.128.172.9 (GB/United Kingdom/England/London/lon0.hartserver.net) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 19:30:13 2023 -80.87.33.100 # lfd: (PERMBLOCK) 80.87.33.100 (PL/Poland/Greater Poland/Poznan/netlink.net.pl) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 23:57:37 2023 -160.251.12.200 # lfd: (PERMBLOCK) 160.251.12.200 (JP/Japan/-/-/v160-251-12-200.s5lx.static.cnode.io) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 23:57:37 2023 -89.205.4.67 # lfd: (PERMBLOCK) 89.205.4.67 (MK/North Macedonia/-/Naselba Caska/89.205.4.67.robi.com.mk) has had more than 2 temp blocks in the last 86400 secs - Sat Apr 1 23:58:32 2023 -47.250.45.104 # lfd: (PERMBLOCK) 47.250.45.104 (MY/Malaysia/Kuala Lumpur/Kuala Lumpur/-) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 02:08:44 2023 -202.53.175.36 # lfd: (PERMBLOCK) 202.53.175.36 (BD/Bangladesh/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 04:17:22 2023 -185.18.213.199 # lfd: (PERMBLOCK) 185.18.213.199 (IR/Iran/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 04:44:29 2023 -84.38.182.237 # lfd: (PERMBLOCK) 84.38.182.237 (RU/Russia/St.-Petersburg/St Petersburg/1984890564opaafl.sutici.email) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 09:24:19 2023 -188.166.231.245 # lfd: (PERMBLOCK) 188.166.231.245 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 13:24:40 2023 -92.255.165.123 # lfd: (PERMBLOCK) 92.255.165.123 (RU/Russia/Tyumen Oblast/Tyumen/92x255x165x123.static-customer.tmn.ertelecom.ru) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 13:37:41 2023 -195.58.6.45 # lfd: (PERMBLOCK) 195.58.6.45 (RU/Russia/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 14:26:51 2023 -41.59.100.34 # lfd: (PERMBLOCK) 41.59.100.34 (TZ/Tanzania/-/-/34.100.59-41.data-dsm.ttcldata.net) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 21:21:12 2023 -77.94.113.222 # lfd: (PERMBLOCK) 77.94.113.222 (RU/Russia/Bashkortostan Republic/Ufa/h77-94-113-222.static.bashtel.ru) has had more than 2 temp blocks in the last 86400 secs - Sun Apr 2 23:31:29 2023 -194.31.55.229 # lfd: (PERMBLOCK) 194.31.55.229 (LT/Lithuania/Vilnius City Municipality/Vilnius/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 02:45:26 2023 -176.108.177.42 # lfd: (PERMBLOCK) 176.108.177.42 (RU/Russia/Oryol oblast/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 02:58:47 2023 -188.166.240.30 # lfd: (PERMBLOCK) 188.166.240.30 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 03:15:29 2023 -185.216.116.113 # lfd: (PERMBLOCK) 185.216.116.113 (HK/Hong Kong/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 03:21:10 2023 -41.78.75.44 # lfd: (PERMBLOCK) 41.78.75.44 (SO/Somalia/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 05:34:57 2023 -81.0.57.187 # lfd: (PERMBLOCK) 81.0.57.187 (ES/Spain/Madrid/Madrid/static.187.57.0.81.ibercom.com) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 12:43:54 2023 -185.116.160.1 # lfd: (PERMBLOCK) 185.116.160.1 (IR/Iran/Tehran/Tehran/static.1.160.116.185.clients.irandns.com) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 14:27:08 2023 -95.106.174.126 # lfd: (PERMBLOCK) 95.106.174.126 (RU/Russia/Yaroslavl Oblast/Yaroslavl/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 16:23:38 2023 -213.27.189.252 # lfd: (PERMBLOCK) 213.27.189.252 (ES/Spain/Catalonia/Barcelona/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 17:12:27 2023 -206.189.140.37 # lfd: (PERMBLOCK) 206.189.140.37 (IN/India/Karnataka/Bengaluru/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 18:49:36 2023 157.230.254.228 # lfd: (PERMBLOCK) 157.230.254.228 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 18:53:06 2023 187.200.204.33 # lfd: (PERMBLOCK) 187.200.204.33 (MX/Mexico/México/Toluca/dsl-187-200-204-33-dyn.prod-infinitum.com.mx) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 18:57:41 2023 125.143.128.117 # lfd: (PERMBLOCK) 125.143.128.117 (KR/South Korea/Seoul/Seoul/-) has had more than 2 temp blocks in the last 86400 secs - Mon Apr 3 19:17:38 2023 @@ -1014,3 +982,35 @@ 107.172.63.36 # lfd: (PERMBLOCK) 107.172.63.36 (US/United States/-/-/reference-all.ecomweight.com) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 02:20:16 2023 143.198.147.146 # lfd: (PERMBLOCK) 143.198.147.146 (US/United States/California/Santa Clara/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 02:21:51 2023 105.246.136.46 # lfd: (PERMBLOCK) 105.246.136.46 (ZA/South Africa/Gauteng/Johannesburg/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 07:06:03 2023 +94.105.126.6 # lfd: (PERMBLOCK) 94.105.126.6 (BE/Belgium/Antwerp Province/Antwerp/94.105.126.6.dyn.edpnet.net) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 10:36:08 2023 +154.74.133.74 # lfd: (PERMBLOCK) 154.74.133.74 (TZ/Tanzania/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 10:44:34 2023 +147.139.33.144 # lfd: (PERMBLOCK) 147.139.33.144 (IN/India/Maharashtra/Mumbai/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 10:54:10 2023 +211.75.215.176 # lfd: (PERMBLOCK) 211.75.215.176 (TW/Taiwan/Taichung City/Taichung/211-75-215-176.hinet-ip.hinet.net) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 10:56:50 2023 +186.210.213.40 # lfd: (PERMBLOCK) 186.210.213.40 (BR/Brazil/Minas Gerais/Uberaba/186-210-213-40.xd-dynamic.algarnetsuper.com.br) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 12:20:23 2023 +194.163.152.42 # lfd: (PERMBLOCK) 194.163.152.42 (DE/Germany/North Rhine-Westphalia/Düsseldorf/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 12:51:56 2023 +189.112.0.11 # lfd: (PERMBLOCK) 189.112.0.11 (BR/Brazil/-/-/189-112-000-011.static.ctbctelecom.com.br) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 13:46:41 2023 +103.181.142.68 # lfd: (PERMBLOCK) 103.181.142.68 (ID/Indonesia/-/-/ip68.142.181.103.in-addr.arpa.unknwn.cloudhost.asia) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 20:19:54 2023 +95.165.89.212 # lfd: (PERMBLOCK) 95.165.89.212 (RU/Russia/Moscow/Moscow/95-165-89-212.dynamic.spd-mgts.ru) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 20:24:39 2023 +46.114.170.141 # lfd: (PERMBLOCK) 46.114.170.141 (DE/Germany/Free and Hanseatic City of Hamburg/Hamburg/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 20:27:19 2023 +95.24.7.250 # lfd: (PERMBLOCK) 95.24.7.250 (RU/Russia/Rostov Oblast/Rostov-on-Don/95-24-7-250.broadband.corbina.ru) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 20:31:30 2023 +49.212.132.147 # lfd: (PERMBLOCK) 49.212.132.147 (JP/Japan/Kanagawa/Hiyoshi/os3-320-49643.vs.sakura.ne.jp) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 21:09:08 2023 +43.153.213.168 # lfd: (PERMBLOCK) 43.153.213.168 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 22:18:28 2023 +178.128.21.211 # lfd: (PERMBLOCK) 178.128.21.211 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 22:27:14 2023 +47.250.38.240 # lfd: (PERMBLOCK) 47.250.38.240 (MY/Malaysia/Kuala Lumpur/Kuala Lumpur/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 23:25:34 2023 +193.105.6.24 # lfd: (PERMBLOCK) 193.105.6.24 (IR/Iran/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 23:30:54 2023 +47.108.78.29 # lfd: (PERMBLOCK) 47.108.78.29 (CN/China/Sichuan/Chengdu/-) has had more than 2 temp blocks in the last 86400 secs - Tue Jun 13 23:30:55 2023 +46.101.123.135 # lfd: (PERMBLOCK) 46.101.123.135 (DE/Germany/Hesse/Frankfurt am Main/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 02:08:14 2023 +37.152.180.60 # lfd: (PERMBLOCK) 37.152.180.60 (IR/Iran/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 02:30:51 2023 +8.222.220.160 # lfd: (PERMBLOCK) 8.222.220.160 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 02:30:52 2023 +185.242.235.76 # lfd: (PERMBLOCK) 185.242.235.76 (HK/Hong Kong/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 05:34:36 2023 +177.23.151.50 # lfd: (PERMBLOCK) 177.23.151.50 (BR/Brazil/Rio de Janeiro/Rio de Janeiro/corporativo.gigabit-ipv4-as262896-50-151-23-177.speedwebtelecom.com) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 05:34:37 2023 +188.166.211.7 # lfd: (PERMBLOCK) 188.166.211.7 (SG/Singapore/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 05:37:32 2023 +213.108.200.11 # lfd: (PERMBLOCK) 213.108.200.11 (RU/Russia/-/-/213-108-200-11.ms56.su) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 07:12:24 2023 +203.109.79.98 # lfd: (PERMBLOCK) 203.109.79.98 (IN/India/Gujarat/Surat/98-79-109-203.static.youbroadband.in) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 11:24:57 2023 +81.16.126.110 # lfd: (PERMBLOCK) 81.16.126.110 (IR/Iran/Tehran/Tehran/-) has had more than 2 temp blocks in the last 86400 secs - Wed Jun 14 17:55:58 2023 +46.101.168.243 # lfd: (PERMBLOCK) 46.101.168.243 (DE/Germany/Hesse/Frankfurt am Main/-) has had more than 2 temp blocks in the last 86400 secs - Thu Jun 15 00:11:34 2023 +47.243.143.78 # lfd: (PERMBLOCK) 47.243.143.78 (HK/Hong Kong/Central and Western District/Central/-) has had more than 2 temp blocks in the last 86400 secs - Thu Jun 15 00:11:35 2023 +79.106.12.211 # lfd: (PERMBLOCK) 79.106.12.211 (AL/Albania/Tirana/Tirana/-) has had more than 2 temp blocks in the last 86400 secs - Thu Jun 15 03:01:18 2023 +93.219.101.120 # lfd: (PERMBLOCK) 93.219.101.120 (DE/Germany/Baden-Wurttemberg/Geislingen an der Steige/-) has had more than 2 temp blocks in the last 86400 secs - Thu Jun 15 03:10:34 2023 +fe80::18b5:110b:55f:2940 # lfd: (PERMBLOCK) fe80::18b5:110b:55f:2940 (Unknown) has had more than 2 temp blocks in the last 86400 secs - Fri Jun 16 00:40:54 2023 +fe80::45e:3b4d:3a8f:184a # lfd: (PERMBLOCK) fe80::45e:3b4d:3a8f:184a (Unknown) has had more than 2 temp blocks in the last 86400 secs - Fri Jun 16 04:44:10 2023 diff --git a/csf/csf.ignore b/csf/csf.ignore index e6c9d61..553b23c 100644 --- a/csf/csf.ignore +++ b/csf/csf.ignore @@ -45,3 +45,4 @@ 94.68.45.238 188.25.145.26 +5.12.16.177