valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix List values must be strings or numbers (46)

Browse Source
This commit is contained in:
frack113 2021-08-29 08:57:25 +02:00
parent 4c414b2e8b
commit 718b44c38a
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rules/web/web_fortinet_cve_2021_22123_exploit.yml
View File

@ -6,6 +6,7 @@ references:
- https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection - https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection
author: Bhabesh Raj, Florian Roth author: Bhabesh Raj, Florian Roth
date: 2021/08/19 date: 2021/08/19
modified: 2021/08/29
tags: tags:
- attack.initial_access - attack.initial_access
- attack.t1190 - attack.t1190
@ -13,15 +14,12 @@ logsource:
category: webserver category: webserver
detection: detection:
selection: selection:
c-uri|contains: c-uri|contains: '/api/v2.0/user/remoteserver.saml'
- '/api/v2.0/user/remoteserver.saml' cs-method: POST
cs-method:
- POST
filter1: filter1:
cs-referer|contains: '/root/user/remote-user/saml-user/' cs-referer|contains: '/root/user/remote-user/saml-user/'
filter2: filter2:
cs-referer: cs-referer: null
- null
condition: selection and not filter1 and not filter2 condition: selection and not filter1 and not filter2
fields: fields:
- client_ip - client_ip