nahakubuilder/honeydany
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change detection rules default to alert only

Browse Source
This commit is contained in:
BlobTheBuilder
2025-09-28 15:32:12 +01:00
parent 1c1818b29c
commit f81b0f3c28
2 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.db
BIN
View File
Binary file not shown.
app/dashboard/threat_analysis.go
+6 -6
View File
@@ -143,9 +143,9 @@ func (ta *ThreatAnalyzer) insertDefaultRules() error {
Description: "Detect SSH brute force attempts",
Service: "ssh",
Condition: "auth_attempts",
Threshold: 10,
Threshold: 5,
TimeWindow: 60, // 1 hour
Action: "block",
Action: "alert",
Enabled: true,
},
{
@@ -163,9 +163,9 @@ func (ta *ThreatAnalyzer) insertDefaultRules() error {
Description: "Detect port scanning across multiple services",
Service: "*",
Condition: "service_diversity",
Threshold: 5, // 5 different services
Threshold: 3, // 3 different services
TimeWindow: 15, // 15 minutes
Action: "block",
Action: "alert",
Enabled: true,
},
{
@@ -173,9 +173,9 @@ func (ta *ThreatAnalyzer) insertDefaultRules() error {
Description: "Detect FTP brute force attempts",
Service: "ftp",
Condition: "auth_attempts",
Threshold: 15,
Threshold: 5,
TimeWindow: 60,
Action: "block",
Action: "alert",
Enabled: true,
},
}