LaurenceJJones/chrome-ua-lt-100.yaml

## chrome-ua-lt-100.yaml
type: leaky
format: 2.0
#debug: true
name: example/chrome-under-100
description: "Detect bad user-agents of chrome under version 100"
filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] && evt.Parsed.http_user_agent matches "Chrome\\/[0-9][0-9]?\\."'
capacity: 1
leakspeed: 1m
groupby: "evt.Meta.source_ip"
blackhole: 2m
labels:
  type: scan
  remediation: true
	type: leaky
	format: 2.0
	#debug: true
	name: example/chrome-under-100
	description: "Detect bad user-agents of chrome under version 100"
	filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] && evt.Parsed.http_user_agent matches "Chrome\\/[0-9][0-9]?\\."'
	capacity: 1
	leakspeed: 1m
	groupby: "evt.Meta.source_ip"
	blackhole: 2m
	labels:
	type: scan
	remediation: true