# mysql bruteforce
type: leaky
#debug: true
name: crowdsecurity/mysql-bf
description: "Detect mysql bruteforce"
filter: evt.Meta.log_type == 'mysql_failed_auth'
leakspeed: "10s"
capacity: 5
groupby: evt.Meta.source_ip
blackhole: 5m
labels:
  remediation: true
  confidence: 3
  spoofable: 0
  classification:
    - attack.T1110
  behavior: "database:bruteforce"
  label: "MySQL Bruteforce"
  service: mysql