aykhans/my-self-host-services
1
0
Fork 0
mirror of https://github.com/aykhans/my-self-host-services.git synced 2026-05-29 15:35:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add crowdsec

Browse Source
This commit is contained in:
Aykhan Shahsuvarov
2026-05-10 00:07:06 +04:00
parent 54e3854c0d
commit e11b03ebaf
20 changed files with 376 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crowdsec/scenarios/stalwart-auth-bruteforce.yaml
+13
View File
@@ -0,0 +1,13 @@
type: leaky
name: aykhans/stalwart-auth-bruteforce
description: Detect SMTP/IMAP/POP3 authentication brute force on Stalwart
filter: |
evt.Parsed.event_type == "auth.failed"
groupby: evt.Meta.source_ip
capacity: 3
leakspeed: 10m
blackhole: 1h
labels:
type: bruteforce
service: stalwart
remediation: true
crowdsec/scenarios/stalwart-smtp-bruteforce.yaml
+17
View File
@@ -0,0 +1,17 @@
type: leaky
name: stalwart/smtp-bruteforce
description: Detect SMTP bruteforce and scanners on Stalwart logs
filter: |
evt.Parsed.event_type in [
"smtp.invalid-ehlo",
"smtp.auth-not-allowed",
"smtp.auth-mechanism-not-supported"
]
groupby: evt.Meta.source_ip
capacity: 5
leakspeed: 10m
blackhole: 1h
labels:
type: attack
service: smtp
remediation: true