[
    {
        "id": "block-scanners",
        "phase": 1,
        "pattern": "(?i)(nikto|sqlmap|nmap|acunetix|nessus|openvas|wpscan|dirbuster|burpsuite|owasp zap|netsparker|appscan|arachni|skipfish|gobuster|wfuzz|hydra|metasploit|nessus|openvas|qualys|zap|w3af|openwebspider|netsparker|appspider|rapid7|nessus|qualys|nuclei|zgrab|vega|gospider|gxspider|whatweb|xspider|joomscan|uniscan|blindelephant)",
        "targets": [
            "HEADERS:User-Agent"
        ],
        "severity": "CRITICAL",
        "action": "block",
        "score": 10,
        "description": "Block traffic from known vulnerability scanners and penetration testing tools. Includes more scanners."
    },
    {
        "id": "block-crawlers",
        "phase": 1,
        "pattern": "(meta-externalagent)",
        "targets": [
            "HEADERS:User-Agent"
        ],
        "severity": "CRITICAL",
        "action": "block",
        "score": 10,
        "description": "Block traffic from web scrapers and crawlers."
    }
]