github.com/crowdsecurity/crowdsec@v1.6.1/pkg/apiserver/tests/alert_minibulk.json (about) 1 [ 2 { 3 "capacity": 5, 4 "decisions": null, 5 "events": [ 6 { 7 "meta": [ 8 { 9 "key": "ASNOrg", 10 "value": "OVH SAS" 11 }, 12 { 13 "key": "SourceRange", 14 "value": "91.121.72.0/21" 15 }, 16 { 17 "key": "target_user", 18 "value": "root" 19 }, 20 { 21 "key": "source_ip", 22 "value": "91.121.79.179" 23 }, 24 { 25 "key": "IsoCode", 26 "value": "FR" 27 }, 28 { 29 "key": "ASNNumber", 30 "value": "16276" 31 }, 32 { 33 "key": "service", 34 "value": "ssh" 35 }, 36 { 37 "key": "log_type", 38 "value": "ssh_failed-auth" 39 }, 40 { 41 "key": "IsInEU", 42 "value": "true" 43 } 44 ], 45 "timestamp": "2020-10-02T17:09:08Z" 46 }, 47 { 48 "meta": [ 49 { 50 "key": "source_ip", 51 "value": "91.121.79.179" 52 }, 53 { 54 "key": "IsoCode", 55 "value": "FR" 56 }, 57 { 58 "key": "log_type", 59 "value": "ssh_failed-auth" 60 }, 61 { 62 "key": "service", 63 "value": "ssh" 64 }, 65 { 66 "key": "IsInEU", 67 "value": "true" 68 }, 69 { 70 "key": "ASNNumber", 71 "value": "16276" 72 }, 73 { 74 "key": "ASNOrg", 75 "value": "OVH SAS" 76 }, 77 { 78 "key": "SourceRange", 79 "value": "91.121.72.0/21" 80 }, 81 { 82 "key": "target_user", 83 "value": "root" 84 } 85 ], 86 "timestamp": "2020-10-02T17:09:08Z" 87 }, 88 { 89 "meta": [ 90 { 91 "key": "target_user", 92 "value": "root" 93 }, 94 { 95 "key": "IsInEU", 96 "value": "true" 97 }, 98 { 99 "key": "ASNNumber", 100 "value": "16276" 101 }, 102 { 103 "key": "service", 104 "value": "ssh" 105 }, 106 { 107 "key": "log_type", 108 "value": "ssh_failed-auth" 109 }, 110 { 111 "key": "source_ip", 112 "value": "91.121.79.179" 113 }, 114 { 115 "key": "IsoCode", 116 "value": "FR" 117 }, 118 { 119 "key": "ASNOrg", 120 "value": "OVH SAS" 121 }, 122 { 123 "key": "SourceRange", 124 "value": "91.121.72.0/21" 125 } 126 ], 127 "timestamp": "2020-10-02T17:09:08Z" 128 }, 129 { 130 "meta": [ 131 { 132 "key": "ASNNumber", 133 "value": "16276" 134 }, 135 { 136 "key": "ASNOrg", 137 "value": "OVH SAS" 138 }, 139 { 140 "key": "service", 141 "value": "ssh" 142 }, 143 { 144 "key": "source_ip", 145 "value": "91.121.79.179" 146 }, 147 { 148 "key": "IsoCode", 149 "value": "FR" 150 }, 151 { 152 "key": "SourceRange", 153 "value": "91.121.72.0/21" 154 }, 155 { 156 "key": "target_user", 157 "value": "root" 158 }, 159 { 160 "key": "log_type", 161 "value": "ssh_failed-auth" 162 }, 163 { 164 "key": "IsInEU", 165 "value": "true" 166 } 167 ], 168 "timestamp": "2020-10-02T17:09:08Z" 169 }, 170 { 171 "meta": [ 172 { 173 "key": "SourceRange", 174 "value": "91.121.72.0/21" 175 }, 176 { 177 "key": "target_user", 178 "value": "root" 179 }, 180 { 181 "key": "service", 182 "value": "ssh" 183 }, 184 { 185 "key": "log_type", 186 "value": "ssh_failed-auth" 187 }, 188 { 189 "key": "source_ip", 190 "value": "91.121.79.179" 191 }, 192 { 193 "key": "IsoCode", 194 "value": "FR" 195 }, 196 { 197 "key": "IsInEU", 198 "value": "true" 199 }, 200 { 201 "key": "ASNNumber", 202 "value": "16276" 203 }, 204 { 205 "key": "ASNOrg", 206 "value": "OVH SAS" 207 } 208 ], 209 "timestamp": "2020-10-02T17:09:08Z" 210 }, 211 { 212 "meta": [ 213 { 214 "key": "log_type", 215 "value": "ssh_failed-auth" 216 }, 217 { 218 "key": "source_ip", 219 "value": "91.121.79.179" 220 }, 221 { 222 "key": "ASNNumber", 223 "value": "16276" 224 }, 225 { 226 "key": "ASNOrg", 227 "value": "OVH SAS" 228 }, 229 { 230 "key": "SourceRange", 231 "value": "91.121.72.0/21" 232 }, 233 { 234 "key": "target_user", 235 "value": "root" 236 }, 237 { 238 "key": "service", 239 "value": "ssh" 240 }, 241 { 242 "key": "IsoCode", 243 "value": "FR" 244 }, 245 { 246 "key": "IsInEU", 247 "value": "true" 248 } 249 ], 250 "timestamp": "2020-10-02T17:09:08Z" 251 } 252 ], 253 "events_count": 6, 254 "labels": null, 255 "leakspeed": "10s", 256 "message": "Ip 91.121.79.179 performed crowdsecurity/ssh-bf (6 events over 46.375699ms) at 2020-10-26 12:52:58.200237122 +0100 CET m=+8.191478202", 257 "remediation": true, 258 "scenario": "crowdsecurity/ssh-bf", 259 "scenario_hash": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", 260 "scenario_version": "0.1", 261 "simulated": false, 262 "source": { 263 "as_name": "OVH SAS", 264 "cn": "FR", 265 "ip": "91.121.79.179", 266 "latitude": 50.646, 267 "longitude": 3.0758, 268 "range": "91.121.72.0/21", 269 "scope": "Ip", 270 "value": "91.121.79.179" 271 }, 272 "start_at": "2020-10-26T12:52:58.153861334+01:00", 273 "stop_at": "2020-10-26T12:52:58.200236582+01:00" 274 }, 275 { 276 "capacity": 5, 277 "decisions": null, 278 "events": [ 279 { 280 "meta": [ 281 { 282 "key": "ASNOrg", 283 "value": "OVH SAS" 284 }, 285 { 286 "key": "SourceRange", 287 "value": "91.121.72.0/21" 288 }, 289 { 290 "key": "target_user", 291 "value": "root" 292 }, 293 { 294 "key": "source_ip", 295 "value": "91.121.79.178" 296 }, 297 { 298 "key": "IsoCode", 299 "value": "FR" 300 }, 301 { 302 "key": "ASNNumber", 303 "value": "16276" 304 }, 305 { 306 "key": "service", 307 "value": "ssh" 308 }, 309 { 310 "key": "log_type", 311 "value": "ssh_failed-auth" 312 }, 313 { 314 "key": "IsInEU", 315 "value": "true" 316 } 317 ], 318 "timestamp": "2020-10-02T17:09:08Z" 319 }, 320 { 321 "meta": [ 322 { 323 "key": "source_ip", 324 "value": "91.121.79.178" 325 }, 326 { 327 "key": "IsoCode", 328 "value": "FR" 329 }, 330 { 331 "key": "log_type", 332 "value": "ssh_failed-auth" 333 }, 334 { 335 "key": "service", 336 "value": "ssh" 337 }, 338 { 339 "key": "IsInEU", 340 "value": "true" 341 }, 342 { 343 "key": "ASNNumber", 344 "value": "16276" 345 }, 346 { 347 "key": "ASNOrg", 348 "value": "OVH SAS" 349 }, 350 { 351 "key": "SourceRange", 352 "value": "91.121.72.0/21" 353 }, 354 { 355 "key": "target_user", 356 "value": "root" 357 } 358 ], 359 "timestamp": "2020-10-02T17:09:08Z" 360 }, 361 { 362 "meta": [ 363 { 364 "key": "target_user", 365 "value": "root" 366 }, 367 { 368 "key": "IsInEU", 369 "value": "true" 370 }, 371 { 372 "key": "ASNNumber", 373 "value": "16276" 374 }, 375 { 376 "key": "service", 377 "value": "ssh" 378 }, 379 { 380 "key": "log_type", 381 "value": "ssh_failed-auth" 382 }, 383 { 384 "key": "source_ip", 385 "value": "91.121.79.178" 386 }, 387 { 388 "key": "IsoCode", 389 "value": "FR" 390 }, 391 { 392 "key": "ASNOrg", 393 "value": "OVH SAS" 394 }, 395 { 396 "key": "SourceRange", 397 "value": "91.121.72.0/21" 398 } 399 ], 400 "timestamp": "2020-10-02T17:09:08Z" 401 }, 402 { 403 "meta": [ 404 { 405 "key": "ASNNumber", 406 "value": "16276" 407 }, 408 { 409 "key": "ASNOrg", 410 "value": "OVH SAS" 411 }, 412 { 413 "key": "service", 414 "value": "ssh" 415 }, 416 { 417 "key": "source_ip", 418 "value": "91.121.79.178" 419 }, 420 { 421 "key": "IsoCode", 422 "value": "FR" 423 }, 424 { 425 "key": "SourceRange", 426 "value": "91.121.72.0/21" 427 }, 428 { 429 "key": "target_user", 430 "value": "root" 431 }, 432 { 433 "key": "log_type", 434 "value": "ssh_failed-auth" 435 }, 436 { 437 "key": "IsInEU", 438 "value": "true" 439 } 440 ], 441 "timestamp": "2020-10-02T17:09:08Z" 442 }, 443 { 444 "meta": [ 445 { 446 "key": "SourceRange", 447 "value": "91.121.72.0/21" 448 }, 449 { 450 "key": "target_user", 451 "value": "root" 452 }, 453 { 454 "key": "service", 455 "value": "ssh" 456 }, 457 { 458 "key": "log_type", 459 "value": "ssh_failed-auth" 460 }, 461 { 462 "key": "source_ip", 463 "value": "91.121.79.178" 464 }, 465 { 466 "key": "IsoCode", 467 "value": "FR" 468 }, 469 { 470 "key": "IsInEU", 471 "value": "true" 472 }, 473 { 474 "key": "ASNNumber", 475 "value": "16276" 476 }, 477 { 478 "key": "ASNOrg", 479 "value": "OVH SAS" 480 } 481 ], 482 "timestamp": "2020-10-02T17:09:08Z" 483 }, 484 { 485 "meta": [ 486 { 487 "key": "log_type", 488 "value": "ssh_failed-auth" 489 }, 490 { 491 "key": "source_ip", 492 "value": "91.121.79.178" 493 }, 494 { 495 "key": "ASNNumber", 496 "value": "16276" 497 }, 498 { 499 "key": "ASNOrg", 500 "value": "OVH SAS" 501 }, 502 { 503 "key": "SourceRange", 504 "value": "91.121.72.0/21" 505 }, 506 { 507 "key": "target_user", 508 "value": "root" 509 }, 510 { 511 "key": "service", 512 "value": "ssh" 513 }, 514 { 515 "key": "IsoCode", 516 "value": "FR" 517 }, 518 { 519 "key": "IsInEU", 520 "value": "true" 521 } 522 ], 523 "timestamp": "2020-10-02T17:09:08Z" 524 } 525 ], 526 "events_count": 6, 527 "labels": null, 528 "leakspeed": "10s", 529 "message": "Ip 91.121.79.178 performed crowdsecurity/ssh-bf (6 events over 46.375699ms) at 2020-10-26 12:52:58.200237122 +0100 CET m=+8.191478202", 530 "remediation": true, 531 "scenario": "crowdsecurity/ssh-bf", 532 "scenario_hash": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", 533 "scenario_version": "0.1", 534 "simulated": false, 535 "source": { 536 "as_name": "OVH SAS", 537 "cn": "FR", 538 "ip": "91.121.79.178", 539 "latitude": 50.646, 540 "longitude": 3.0758, 541 "range": "91.121.72.0/21", 542 "scope": "Ip", 543 "value": "91.121.79.178" 544 }, 545 "start_at": "2020-10-26T12:52:58.153861334+01:00", 546 "stop_at": "2020-10-26T12:52:58.200236582+01:00" 547 } 548 ]