SigmaHQ/rules/application/appframework_spring_exceptions.yml

24 lines
674 B
YAML
Raw Normal View History

title: Spring framework exceptions
description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
author: Thomas Patzke
references:
- https://docs.spring.io/spring-security/site/docs/current/apidocs/overview-tree.html
logsource:
category: application
product: spring
detection:
keywords:
- AccessDeniedException
- CsrfException
- InvalidCsrfTokenException
- MissingCsrfTokenException
- CookieTheftException
- InvalidCookieException
- RequestRejectedException
condition: keywords
falsepositives:
- Application bugs
- Penetration testing
level: medium