github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cticlient/tests/fire-page2.json (about) 1 { 2 "_links": { 3 "first": { 4 "href": "https://cti.api.crowdsec.net/v2/fire" 5 }, 6 "self": { 7 "href": "https://cti.api.crowdsec.net/v2/fire?page=2&limit=3" 8 }, 9 "prev": { 10 "href": "https://cti.api.crowdsec.net/v2/fire?page=1&limit=3" 11 }, 12 "next": { 13 "href": "https://cti.api.crowdsec.net/v2/fire?page=3&limit=3" 14 } 15 }, 16 "items": [ 17 { 18 "ip_range_score": 0, 19 "ip": "4.2.3.4", 20 "ip_range": "4.2.0.0/16", 21 "as_name": "Chxxoup", 22 "as_num": 4812, 23 "location": { 24 "country": "CN", 25 "city": null, 26 "latitude": 34.7732, 27 "longitude": 113.722 28 }, 29 "reverse_dns": "xxxweqwwe.com.cn", 30 "behaviors": [ 31 { 32 "name": "smb:bruteforce", 33 "label": "SMB Bruteforce", 34 "description": "IP has been reported for performing brute force on samba services." 35 }, 36 { 37 "name": "windows:bruteforce", 38 "label": "SMB/RDP bruteforce", 39 "description": "IP has been reported for performing brute force on Windows (samba, remote desktop) services." 40 } 41 ], 42 "history": { 43 "first_seen": "2022-11-25T04:15:00+00:00", 44 "last_seen": "2022-11-25T13:30:00+00:00", 45 "full_age": 9, 46 "days_age": 1 47 }, 48 "classifications": { 49 "false_positives": [], 50 "classifications": [ 51 { 52 "name": "proxy:vpn", 53 "label": "VPN", 54 "description": "IP exposes a VPN service or is being flagged as one." 55 } 56 ] 57 }, 58 "attack_details": [ 59 { 60 "name": "crowdsecurity/smb-bf", 61 "label": "Samba Bruteforce", 62 "description": "Detect smb brute force", 63 "references": [] 64 }, 65 { 66 "name": "crowdsecurity/windows-bf", 67 "label": "SMB/RDP brute force", 68 "description": "Detect samba/remote-desktop user brute force", 69 "references": [] 70 } 71 ], 72 "state": "validated", 73 "expiration": "2022-12-14T16:17:24.865000", 74 "target_countries": { 75 "FR": 100 76 }, 77 "background_noise_score": 6, 78 "scores": { 79 "overall": { 80 "aggressiveness": 2, 81 "threat": 4, 82 "trust": 5, 83 "anomaly": 1, 84 "total": 4 85 }, 86 "last_day": { 87 "aggressiveness": 0, 88 "threat": 0, 89 "trust": 0, 90 "anomaly": 1, 91 "total": 0 92 }, 93 "last_week": { 94 "aggressiveness": 0, 95 "threat": 0, 96 "trust": 0, 97 "anomaly": 1, 98 "total": 0 99 }, 100 "last_month": { 101 "aggressiveness": 2, 102 "threat": 4, 103 "trust": 5, 104 "anomaly": 1, 105 "total": 4 106 } 107 }, 108 "references": [] 109 }, 110 { 111 "ip_range_score": 2, 112 "ip": "5.2.3.4", 113 "ip_range": "5.2.3.0/24", 114 "as_name": "Turxxri A.s.", 115 "as_num": 16135, 116 "location": { 117 "country": "TR", 118 "city": "Istanbul", 119 "latitude": 41.0551, 120 "longitude": 28.9347 121 }, 122 "reverse_dns": null, 123 "behaviors": [ 124 { 125 "name": "ssh:bruteforce", 126 "label": "SSH Bruteforce", 127 "description": "IP has been reported for performing brute force on ssh services." 128 }, 129 { 130 "name": "tcp:scan", 131 "label": "TCP Scan", 132 "description": "IP has been reported for performing TCP port scanning." 133 } 134 ], 135 "history": { 136 "first_seen": "2022-08-26T02:00:00+00:00", 137 "last_seen": "2022-11-18T09:45:00+00:00", 138 "full_age": 100, 139 "days_age": 85 140 }, 141 "classifications": { 142 "false_positives": [], 143 "classifications": [ 144 { 145 "name": "profile:insecure_services", 146 "label": "Dangerous Services Exposed", 147 "description": "IP exposes dangerous services (vnc, telnet, rdp), possibly due to a misconfiguration or because it's a honeypot." 148 }, 149 { 150 "name": "profile:many_services", 151 "label": "Many Services Exposed", 152 "description": "IP exposes many open port, possibly due to a misconfiguration or because it's a honeypot." 153 } 154 ] 155 }, 156 "attack_details": [ 157 { 158 "name": "crowdsecurity/ssh-slow-bf", 159 "label": "Slow SSH Bruteforce", 160 "description": "Detect slow ssh brute force", 161 "references": [] 162 }, 163 { 164 "name": "crowdsecurity/ssh-bf", 165 "label": "SSH Bruteforce", 166 "description": "Detect ssh brute force", 167 "references": [] 168 }, 169 { 170 "name": "crowdsecurity/iptables-scan-multi_ports", 171 "label": "Port Scanner", 172 "description": "Detect tcp port scan", 173 "references": [] 174 } 175 ], 176 "state": "validated", 177 "expiration": "2022-12-12T15:16:33.246000", 178 "target_countries": { 179 "FR": 21, 180 "HK": 19, 181 "US": 19, 182 "DE": 11, 183 "AU": 7, 184 "GB": 4, 185 "RU": 4, 186 "BR": 4, 187 "CA": 4, 188 "VE": 2 189 }, 190 "background_noise_score": 4, 191 "scores": { 192 "overall": { 193 "aggressiveness": 2, 194 "threat": 3, 195 "trust": 2, 196 "anomaly": 3, 197 "total": 3 198 }, 199 "last_day": { 200 "aggressiveness": 0, 201 "threat": 0, 202 "trust": 0, 203 "anomaly": 3, 204 "total": 0 205 }, 206 "last_week": { 207 "aggressiveness": 0, 208 "threat": 0, 209 "trust": 0, 210 "anomaly": 3, 211 "total": 0 212 }, 213 "last_month": { 214 "aggressiveness": 1, 215 "threat": 3, 216 "trust": 1, 217 "anomaly": 3, 218 "total": 2 219 } 220 }, 221 "references": [] 222 }, 223 { 224 "ip_range_score": 5, 225 "ip": "6.2.3.4", 226 "ip_range": "6.2.0.0/17", 227 "as_name": "SMILESERV", 228 "as_num": 38700, 229 "location": { 230 "country": "KR", 231 "city": null, 232 "latitude": 37.5112, 233 "longitude": 126.9741 234 }, 235 "reverse_dns": null, 236 "behaviors": [ 237 { 238 "name": "ssh:bruteforce", 239 "label": "SSH Bruteforce", 240 "description": "IP has been reported for performing brute force on ssh services." 241 } 242 ], 243 "history": { 244 "first_seen": "2022-09-20T15:30:00+00:00", 245 "last_seen": "2022-11-25T11:30:00+00:00", 246 "full_age": 74, 247 "days_age": 66 248 }, 249 "classifications": { 250 "false_positives": [], 251 "classifications": [] 252 }, 253 "attack_details": [ 254 { 255 "name": "crowdsecurity/ssh-slow-bf", 256 "label": "Slow SSH Bruteforce", 257 "description": "Detect slow ssh brute force", 258 "references": [] 259 }, 260 { 261 "name": "crowdsecurity/ssh-bf", 262 "label": "SSH Bruteforce", 263 "description": "Detect ssh brute force", 264 "references": [] 265 } 266 ], 267 "state": "validated", 268 "expiration": "2022-12-14T16:19:30.654000", 269 "target_countries": { 270 "FR": 32, 271 "US": 21, 272 "DE": 17, 273 "NL": 5, 274 "FI": 5, 275 "RU": 3, 276 "GB": 3, 277 "SI": 2, 278 "RO": 2, 279 "HK": 2 280 }, 281 "background_noise_score": 4, 282 "scores": { 283 "overall": { 284 "aggressiveness": 4, 285 "threat": 4, 286 "trust": 5, 287 "anomaly": 1, 288 "total": 4 289 }, 290 "last_day": { 291 "aggressiveness": 0, 292 "threat": 0, 293 "trust": 0, 294 "anomaly": 1, 295 "total": 0 296 }, 297 "last_week": { 298 "aggressiveness": 0, 299 "threat": 0, 300 "trust": 0, 301 "anomaly": 1, 302 "total": 0 303 }, 304 "last_month": { 305 "aggressiveness": 3, 306 "threat": 4, 307 "trust": 1, 308 "anomaly": 1, 309 "total": 3 310 } 311 }, 312 "references": [] 313 } 314 ] 315 }