bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
f7af00565c7b8164993623a945b099ae1121d667
zira-etc/crowdsec/hub/scenarios/crowdsecurity/http-sensitive-files.yaml
bms8197 f7af00565c committing changes in /etc made by "-bash" 
Package changes:
2023-06-12 09:31:52 +03:00

20 lines
631 B
YAML
Raw Blame History

type: leaky
format: 2.0
#debug: true
name: crowdsecurity/http-sensitive-files
description: "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)"
filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("sensitive_data.txt"), { evt.Parsed.request endsWith #})'
groupby: "evt.Meta.source_ip"
distinct: evt.Parsed.request
data:
- source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt
dest_file: sensitive_data.txt
type: string
capacity: 4
leakspeed: 5s
blackhole: 5m
labels:
service: http
type: discovery
remediation: true
Reference in New Issue View Git Blame Copy Permalink