valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix List values must be strings or numbers (46)

Browse Source
This commit is contained in:
frack113 2021-08-29 08:57:25 +02:00
parent 4c414b2e8b
commit 718b44c38a
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rules/web/web_fortinet_cve_2021_22123_exploit.yml
View File

@ -6,6 +6,7 @@ references:
- https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection
author: Bhabesh Raj, Florian Roth
date: 2021/08/19
modified: 2021/08/29
tags:
- attack.initial_access
- attack.t1190
@ -13,15 +14,12 @@ logsource:
category: webserver
detection:
selection:
c-uri|contains:
- '/api/v2.0/user/remoteserver.saml'
cs-method:
- POST
c-uri|contains: '/api/v2.0/user/remoteserver.saml'
cs-method: POST
filter1:
cs-referer|contains: '/root/user/remote-user/saml-user/'
filter2:
cs-referer:
- null
cs-referer: null
condition: selection and not filter1 and not filter2
fields:
- client_ip