-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
owncloud feature #1032
base: master
Are you sure you want to change the base?
owncloud feature #1032
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this file actually differ from the nextcloud whitelist?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's an error, no want to push this file
Owncloud whiteliste removed. |
@LaurenceJJones Hey Laurence, everything is going well or is there anything missing ? |
Do you have any test logs that we can ensure the parser and scenarios are working? You can paste them here and I can create the test suite for you. |
Yes i can paste logs here : {"reqId":"Y9uiebTXtcbqy5btKCdv","level":2,"time":"2024-04-25T15:41:12+00:00","remoteAddr":"10.10.1.1","user":"--","app":"core","method":"POST","url":"/login","message":"Login failed: 'test' (Remote IP: '10.10.1.1')"} |
Hey, Sorry for the lag @martyduniaud98 ! Are you able to share some log samples that are enough for us to trigger each scenario individually, please ? It is needed for us to create tests for both the parsers and the scenarios, so that we can merge it and make it available to everyone. Extra question : Are you using some specific whitelists? We are thinking of importing the existing nextcloud whitelist(s) into the collection. Thanks in advance and awesome work! |
Hey @buixor ! Thanks for your answer I paste you logs here : grok value : owncloud_failed_auth -> scenarios owncloud-bf/owncloud-bf_user_enum{"reqId":"aGFSFAUPlqEI0HXwdNdA","level":2,"time":"2024-06-25T09:15:04+00:00","remoteAddr":"10.10.33.1","user":"--","app":"core","method":"POST","url":"/login?user=admin","message":"Login failed: 'admin' (Remote IP: '10.10.33.1')"} grok value : owncloud_bruteforce_attempt -> scenario owncloud-bf{"reqId":"Wmx6aXgKqP8qpdTz02UA","level":3,"time":"2024-06-25T09:26:52+00:00","remoteAddr":"10.10.33.1","user":"--","app":"PHP","method":"GET","url":"/login?user=a","message":"Bruteforce attempt from "10.10.33.1" detected for action "login""} grok value : owncloud_domain_error -> scenario owncloud-bf_domain_error{"reqId":"3aeDzvo0rqQ6JZZzh04l","level":2,"time":"2024-06-25T11:03:35+00:00","remoteAddr":"192.168.123.30","user":"--","app":"core","method":"GET","url":"/","message":"Trusted domain error. "192.168.123.30" tried to access using "192.168.123.166:8000" as host."} Not tried to use specific whitelists I hope it's good now :D |
Hey @buixor, |
Add Owncloud logs collection with parsers and scenarios based on Nextcloud logs collection created by Håvard Moen and a1ad