mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-06 09:25:17 +00:00
fix List values must be strings or numbers (46)
This commit is contained in:
parent
4c414b2e8b
commit
718b44c38a
@ -6,6 +6,7 @@ references:
|
|||||||
- https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection
|
- https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection
|
||||||
author: Bhabesh Raj, Florian Roth
|
author: Bhabesh Raj, Florian Roth
|
||||||
date: 2021/08/19
|
date: 2021/08/19
|
||||||
|
modified: 2021/08/29
|
||||||
tags:
|
tags:
|
||||||
- attack.initial_access
|
- attack.initial_access
|
||||||
- attack.t1190
|
- attack.t1190
|
||||||
@ -13,15 +14,12 @@ logsource:
|
|||||||
category: webserver
|
category: webserver
|
||||||
detection:
|
detection:
|
||||||
selection:
|
selection:
|
||||||
c-uri|contains:
|
c-uri|contains: '/api/v2.0/user/remoteserver.saml'
|
||||||
- '/api/v2.0/user/remoteserver.saml'
|
cs-method: POST
|
||||||
cs-method:
|
|
||||||
- POST
|
|
||||||
filter1:
|
filter1:
|
||||||
cs-referer|contains: '/root/user/remote-user/saml-user/'
|
cs-referer|contains: '/root/user/remote-user/saml-user/'
|
||||||
filter2:
|
filter2:
|
||||||
cs-referer:
|
cs-referer: null
|
||||||
- null
|
|
||||||
condition: selection and not filter1 and not filter2
|
condition: selection and not filter1 and not filter2
|
||||||
fields:
|
fields:
|
||||||
- client_ip
|
- client_ip
|
||||||
|
Loading…
Reference in New Issue
Block a user