github.com/crowdsecurity/crowdsec@v1.6.1/pkg/leakybucket/tests/simple-leaky-ovflwfilter/bucket.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/leakybucket/tests/simple-leaky-ovflwfilter/bucket.yaml (about)

     1  # ssh bruteforce
     2  type: leaky
     3  debug: true
     4  name: test/filter-discard
     5  description: "ko"
     6  filter: "evt.Line.Labels.type =='testlog'"
     7  leakspeed: "10s"
     8  capacity: 1
     9  overflow_filter: any(queue.Queue, { Atof(.Meta.specvalue) > 3})
    10  #overflow_filter: Atof()
    11  groupby: evt.Meta.source_ip
    12  labels:
    13   type: overflow_1
    14  ---
    15  # ssh bruteforce
    16  type: leaky
    17  debug: true
    18  name: test/filter-ok
    19  description: "ok"
    20  filter: "evt.Line.Labels.type =='testlog'"
    21  leakspeed: "10s"
    22  capacity: 1
    23  overflow_filter: any(queue.Queue, { Atof(.Meta.specvalue) > 1})
    24  #overflow_filter: Atof()
    25  groupby: evt.Meta.source_ip
    26  labels:
    27   type: overflow_2