wip: manually run action on forked repo

crowdsecurity · Jun 11, 2024 · 499b646 · 499b646
1 parent 737d0df
commit 499b646
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/.index.json b/.index.json
@@ -4108,6 +4108,27 @@
     "crowdsecurity/opnsense-gui-bf"
    ]
   },
+  "crowdsecurity/owncloud": {
+   "path": "collections/crowdsecurity/owncloud.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "8fa74eed3cc1cdcc272c9557b3103c0fc5c5b6d6fff8215ad534a8460263be67",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbT3duY2xvdWRdKGh0dHBzOi8vb3duY2xvdWQuY29tKSBpbnN0YW5jZSBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gT3duY2xvdWQgcGFyc2VyCiAtIE93bmNsb3VkIGJydXRlZm9yY2UsIGVudW1lcmF0aW9uIGFuZCB0cnVzdGVkIGRvbWFpbiBkZXRlY3Rpb24KCj4gQ29udHJpYnV0ZWQgYnkgZVNoYXJkIC0gYmFzZWQgb24gTmV4dGNsb3VkIGNvbGxlY3Rpb24gSMOldmFyZCBNb2VuIGFuZCBhMWFkCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKCiBFeGFtcGxlIGFjcXVpc2l0aW9uIGZvciB0aGlzIGNvbGxlY3Rpb24gOgoKYGBgeWFtbAotLS0KZmlsZW5hbWVzOgogLSAvdmFyL3d3dy9vd25jbG91ZC9kYXRhL293bmNsb3VkLmxvZwpsYWJlbHM6CiAgdHlwZTogT3duY2xvdWQKYGBgCgpgYGB5YW1sCi0tLQpzb3VyY2U6IGpvdXJuYWxjdGwKam91cm5hbGN0bF9maWx0ZXI6CiAgLSAiU1lTTE9HX0lERU5USUZJRVI9T3duY2xvdWQiCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCi0gVXNlIHRoZSBmaWxlbmFtZSB2ZXJzaW9uIGlmIHlvdSBoYXZlIHRoZSBkZWZhdWx0IHNldHRpbmdzIG9mIGxvZ2dpbmcgdG8gZmlsZQotIFVzZSB0aGUgam91cm5hbGN0bCB2ZXJzaW9uIGlmIHlvdSBhcmUgc2VuZGluZyBsb2dzIHRvIHN5c2xvZyBvciBzeXN0ZW1kIGFuZCByZWFkIHRoZSBsb2dzIGZyb20gam91cm5hbGQK",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvb3duY2xvdWQtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L293bmNsb3VkLWJmCmRlc2NyaXB0aW9uOiAiT3duY2xvdWQgc3VwcG9ydCA6IHBhcnNlciBhbmQgYnJ1dGUtZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZWZvcmNlCiAgLSBvd25jbG91ZAo=",
+   "description": "Owncloud support : parser and brute-force detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/owncloud-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/owncloud-bf"
+   ]
+  },
   "crowdsecurity/palo-alto": {
    "path": "collections/crowdsecurity/palo-alto.yaml",
    "version": "0.2",
@@ -7185,6 +7206,22 @@
    "author": "crowdsecurity",
    "labels": null
   },
+  "crowdsecurity/owncloud-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/owncloud-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "83973e365882ccac7942fd25a3357f54a9ca9d5dc4e428a8e05ca2491457473b",
+     "deprecated": false
+    }
+   },
+   "long_description": "UGFyc2VyIGZvciBbT3duY2xvdWRdKGh0dHBzOi8vb3duY2xvdWQuY29tLykgbG9ncwoKSWYgeW91IGhhdmUgdGhlIGRlZmF1bHQgc2V0dGluZ3Mgb2YgbG9nZ2luZyB0byBmaWxlLCB5b3UgbmVlZCB0byBhZGQgaW4gYWNxdWlzaXRpb24gKGNoYW5nZSBmaWxlbmFtZSB0byB5b3VyIGxvZyBmaWxlIGxvY2F0aW9uKToKCmBgYHlhbWwKLS0tCmZpbGVuYW1lczoKIC0gL3Zhci93d3cvb3duY2xvdWQvZGF0YS9vd25jbG91ZC5sb2cKbGFiZWxzOgogIHR5cGU6IE93bmNsb3VkCmBgYAoKSWYgeW91IGFyZSBzZW5kaW5nIGxvZ3MgdG8gc3lzbG9nIG9yIHN5c3RlbWQgYW5kIHJlYWQgZnJvbSBqb3VybmFsZCwgYWRkOgpgYGB5YW1sCi0tLQpzb3VyY2U6IGpvdXJuYWxjdGwKam91cm5hbGN0bF9maWx0ZXI6CiAgLSAiU1lTTE9HX0lERU5USUZJRVI9T3duY2xvdWQiCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCg==",
+   "content": "LS0tCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmaWx0ZXI6ICJVcHBlcihldnQuUGFyc2VkLnByb2dyYW0pID09ICdPV05DTE9VRCciCm5hbWU6IG93bmNsb3VkLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBvd25jbG91ZCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBPV05DTE9VRF9VU0VSOiAnW2EtekEtWjAtOVwuXEBcLVwrXyVdKycKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnTG9naW4gZmFpbGVkOiAnJyV7T1dOQ0xPVURfVVNFUjp0YXJnZXRfdXNlcn0nJyBcKFJlbW90ZSBJUDogJycle0lQOnNvdXJjZV9pcH0nJ1wpJwogICAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJtZXNzYWdlIikKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50YXJnZXRfdXNlciIKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBvd25jbG91ZF9mYWlsZWRfYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ0JydXRlZm9yY2UgYXR0ZW1wdCBmcm9tIFxcPyIle0lQOnNvdXJjZV9pcH1cXD8iIGRldGVjdGVkIGZvciBhY3Rpb24gXFw/IiV7REFUQTphY3Rpb259XFw/IicKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAibWVzc2FnZSIpCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGFjdGlvbgogICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmFjdGlvbiIKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBvd25jbG91ZF9icnV0ZWZvcmNlX2F0dGVtcHQKCiN7InJlcUlkIjoiY2RrTHJ1MjRWTzBRVldpdUFxbXkiLCJsZXZlbCI6MiwidGltZSI6IjIwMjQtMDQtMThUMTE6MDQ6MTkrMDA6MDAiLCJyZW1vdGVBZGRyIjoiMTAuMTAuMS4xIiwidXNlciI6Ii0tIiwiYXBwIjoiY29yZSIsIm1ldGhvZCI6IlBPU1QiLCJ1cmwiOiJcL2xvZ2luP3VzZXI9YWRtaW4iLCJtZXNzYWdlIjoiTG9naW4gZmFpbGVkOiAnYWRtaW4nIChSZW1vdGUgSVA6ICcxMC4xMC4xLjEnKSJ9CgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ1RydXN0ZWQgZG9tYWluIGVycm9yLiBcXCIle0lQOnNvdXJjZV9pcH1cXCIuKicKICAgICAgZXhwcmVzc2lvbjogSnNvbkV4dHJhY3QoZXZ0LlBhcnNlZC5tZXNzYWdlLCAibWVzc2FnZSIpCiAgICBzdGF0aWNzOgogICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgdmFsdWU6IG93bmNsb3VkX2RvbWFpbl9lcnJvcgoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBvd25jbG91ZAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBKc29uRXh0cmFjdChldnQuUGFyc2VkLm1lc3NhZ2UsICJ0aW1lIikK",
+   "description": "Parse owncloud logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
   "crowdsecurity/palo-alto-threat-log": {
    "path": "parsers/s01-parse/crowdsecurity/palo-alto-threat-log.yaml",
    "stage": "s01-parse",
@@ -13524,6 +13561,31 @@
     "spoofable": 0
    }
   },
+  "crowdsecurity/owncloud-bf": {
+   "path": "scenarios/crowdsecurity/owncloud-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "dfadf7181a507834b8e1ae11481d9b1f60ad199fdac9c09f9eb6220bfb42772c",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIFtPd25jbG91ZF0oaHR0cHM6Ly9vd25jbG91ZC5jb20pIGluc3RhbmNlLgoKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IG9uIHNhbWUgdGFyZ2V0IHVzZXIKIC0gbGVha3NwZWVkIG9mIDFtLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogLSBsZWFrc3BlZWQgb2YgMW0sIGNhcGFjaXR5IG9mIDUgb24gdHJ1c3QgZG9tYWluIGVycm9yCg==",
+   "content": "LS0tCnR5cGU6IGxlYWt5Cm5hbWU6IG93bmNsb3VkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IE93bmNsb3VkIGJydXRlZm9yY2UiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnb3duY2xvdWRfZmFpbGVkX2F1dGgnLCAnb3duY2xvdWRfYnJ1dGVmb3JjZV9hdHRlbXB0J10iCmxlYWtzcGVlZDogIjFtIgpjYXBhY2l0eTogNQojIGlmIHdlIGhhdmUgYnJ1dGVmb3JjZSBwcm90ZWN0aW9uIGVuYWJsZWQgaW4gb3duY2xvdWQsIHRoZSBzYW1lIGxvZ2luIGF0dGVtcHQKIyBjYW4gbG9nICMgYm90aCBsb2dpbiBmYWlsdXJlIGFuZCBicnV0ZWZvcmNlIGF0dGVtcHQgYXQgdGhlIHNhbWUgdGltZSwgc28KIyBrZWVwIHRoZW0gaW4gc2VwZXJhdGUgYnVja2V0cwpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAgKyAnLS0nICsgZXZ0Lk1ldGEubG9nX3R5cGUKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIk93bkNsb3VkIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3duY2xvdWQKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IG93bmNsb3VkLWJmX3VzZXJfZW51bQpkZXNjcmlwdGlvbjogIkRldGVjdCBPd25jbG91ZCB1c2VyIGVudW0gYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ293bmNsb3VkX2ZhaWxlZF9hdXRoJyIKbGVha3NwZWVkOiAiMW0iCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKYmxhY2tob2xlOiA1bQpyZXByb2Nlc3M6IHRydWUKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIk93bkNsb3VkIEJydXRlZm9yY2UiCiAgc2VydmljZTogb3duY2xvdWQKLS0tCnR5cGU6IGxlYWt5Cm5hbWU6IG93bmNsb3VkLWJmX2RvbWFpbl9lcnJvcgpkZXNjcmlwdGlvbjogIkRldGVjdCBPd25jbG91ZCBkb21haW4gZXJyb3IiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdvd25jbG91ZF9kb21haW5fZXJyb3InIgpsZWFrc3BlZWQ6ICIxbSIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTEwCiAgYmVoYXZpb3I6ICJodHRwOmJydXRlZm9yY2UiCiAgbGFiZWw6ICJPd25DbG91ZCBCcnV0ZWZvcmNlIgogIHNlcnZpY2U6IG93bmNsb3VkCg==",
+   "description": "Detect Owncloud bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "behavior": "http:bruteforce",
+    "classification": [
+     "attack.T1110"
+    ],
+    "confidence": 3,
+    "label": "OwnCloud Bruteforce",
+    "remediation": true,
+    "service": "owncloud",
+    "spoofable": 0
+   }
+  },
   "crowdsecurity/palo-alto-threat": {
    "path": "scenarios/crowdsecurity/palo-alto-threat.yaml",
    "version": "0.1",