You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
{% if cs_trusted_countries | length > 0 %}
|
|
|
|
|
name: trusted_countries_ip_remediation
|
|
|
|
|
filters:
|
|
|
|
|
- Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.Source.Cn in ["{{ cs_trusted_countries | join('","') }}"]
|
|
|
|
|
decisions:
|
|
|
|
|
- type: ban
|
|
|
|
|
duration: {{ cs_ban_trusted_duration }}
|
|
|
|
|
on_success: break
|
|
|
|
|
---
|
|
|
|
|
name: trusted_countries_range_remediation
|
|
|
|
|
filters:
|
|
|
|
|
- Alert.Remediation == true && Alert.GetScope() == "Range" && Alert.Source.Cn in ["{{ cs_trusted_countries | join('","') }}"]
|
|
|
|
|
decisions:
|
|
|
|
|
- type: ban
|
|
|
|
|
duration: {{ cs_ban_trusted_duration }}
|
|
|
|
|
on_success: break
|
|
|
|
|
---
|
|
|
|
|
{% endif %}
|
|
|
|
|
name: default_ip_remediation
|
|
|
|
|
filters:
|
|
|
|
|
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
|
|
|
|
decisions:
|
|
|
|
|
- type: ban
|
|
|
|
|
duration: {{ cs_ban_duration }}
|
|
|
|
|
on_success: break
|
|
|
|
|
---
|
|
|
|
|
name: default_range_remediation
|
|
|
|
|
filters:
|
|
|
|
|
- Alert.Remediation == true && Alert.GetScope() == "Range"
|
|
|
|
|
decisions:
|
|
|
|
|
- type: ban
|
|
|
|
|
duration: {{ cs_ban_duration }}
|
|
|
|
|
on_success: break
|
