Belphemur · November 11, 2021 07:44
diff --git a/http-wordpress-login-xmlrpc.yaml b/http-wordpress-login-xmlrpc.yaml
 type: leaky
 format: 2.0
 #debug: true
 name: belphemur/http-wordpress-login-xmlrpc
 description: "Detect attempt to access to wp-login and xmlrpc"
 filter: "evt.Meta.log_type == 'http_access-log' && (evt.Parsed.file_name == 'wp-login.php' || evt.Parsed.file_name == 'xmlrpc.php') && evt.Parsed.verb == 'POST'"
 groupby: "evt.Meta.source_ip"
 #distinct: evt.Parsed.request
 capacity: 4
 leakspeed: 2m
 blackhole: 5m
 labels:
  service: http
  type: bruteforce
  remediation: true
	type: leaky
	format: 2.0
	#debug: true
	name: belphemur/http-wordpress-login-xmlrpc
	description: "Detect attempt to access to wp-login and xmlrpc"
	filter: "evt.Meta.log_type == 'http_access-log' && (evt.Parsed.file_name == 'wp-login.php' \|\| evt.Parsed.file_name == 'xmlrpc.php') && evt.Parsed.verb == 'POST'"
	groupby: "evt.Meta.source_ip"
	#distinct: evt.Parsed.request
	capacity: 4
	leakspeed: 2m
	blackhole: 5m
	labels:
	service: http
	type: bruteforce
	remediation: true