Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/policy/protocols/ftp/detect-bruteforcing.bro.rst
Jon Siwek 7e9d48f532 Remove broxygen Sphinx integration 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
2018-12-18 10:15:22 -06:00

53 lines
2 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
policy/protocols/ftp/detect-bruteforcing.bro
============================================
.. bro:namespace:: FTP
FTP brute-forcing detector, triggering when too many rejected usernames or
failed passwords have occurred from a single address.
:Namespace: FTP
:Imports: :doc:`base/frameworks/sumstats </scripts/base/frameworks/sumstats/index>`, :doc:`base/protocols/ftp </scripts/base/protocols/ftp/index>`, :doc:`base/utils/time.bro </scripts/base/utils/time.bro>`
Summary
~~~~~~~
Redefinable Options
###################
======================================================================================= ==================================================================
:bro:id:`FTP::bruteforce_measurement_interval`: :bro:type:`interval` :bro:attr:`&redef` The time period in which the threshold needs to be crossed before
being reset.
:bro:id:`FTP::bruteforce_threshold`: :bro:type:`double` :bro:attr:`&redef` How many rejected usernames or passwords are required before being
considered to be bruteforcing.
======================================================================================= ==================================================================
Redefinitions
#############
========================================== =
:bro:type:`Notice::Type`: :bro:type:`enum`
========================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: FTP::bruteforce_measurement_interval
:Type: :bro:type:`interval`
:Attributes: :bro:attr:`&redef`
:Default: ``15.0 mins``
The time period in which the threshold needs to be crossed before
being reset.
.. bro:id:: FTP::bruteforce_threshold
:Type: :bro:type:`double`
:Attributes: :bro:attr:`&redef`
:Default: ``20.0``
How many rejected usernames or passwords are required before being
considered to be bruteforcing.
Reference in a new issue View git blame Copy permalink