Florian Roth
828484d7c6
rule: confluence exploit CVE-2019-3398
2020-05-26 12:09:41 +02:00
neu5ron
b575df8cd7
use the taxonomy for http response which is sc-status
2020-03-14 15:02:33 -04:00
neu5ron
4cd99e71bf
use the taxonomy which states to use c-uri
instead of c-uri-path
2020-03-14 15:02:06 -04:00
neu5ron
d212d43acf
spelling
2020-03-14 14:58:25 -04:00
Florian Roth
15a400ac51
fix: fixing bug in rule
2020-02-29 15:51:00 +01:00
Florian Roth
fa6458b70f
rule: two rules to detect CVE-2020-0688 exploitation
2020-02-29 15:45:45 +01:00
Remco Hofman
4f45e14a56
Match on c-uri instead of c-uri-path
2020-02-27 13:23:25 +01:00
Remco Hofman
ff35eb0052
Title capitalization
2020-02-27 12:56:56 +01:00
Remco Hofman
72e34d2aa5
CVE 2020-0688 Exploit attempt rule
2020-02-27 12:51:10 +01:00
Florian Roth
d42e87edd7
fix: fixed casing and long rule titles
2020-01-30 17:26:09 +01:00
Florian Roth
efd3af0812
fix: fixed missing date fields in other files
2020-01-30 15:32:39 +01:00
2d4d
e35ebcc185
complete_cve_2019-19781
2020-01-15 21:59:33 +01:00
Florian Roth
5ef64e4e99
rule: changes at Shitrix rule
2020-01-13 20:15:08 +01:00
2d4d
364e859a6b
add newbm.pl
2020-01-12 00:29:10 +01:00
Florian Roth
a29c832b6a
rule: updated netscaler rule
2020-01-07 14:42:16 +01:00
Florian Roth
c9a75a8371
fix: shortened path in Citrix Netscaler rule
2020-01-07 13:00:28 +01:00
2d4d
35fbdd1248
add rule for Citrix Netscaler CVE-2019-19781
2020-01-03 01:48:29 +01:00
2d4d
b98e57603e
add rule for Citrix Netscaler CVE-2019-19781
2020-01-03 00:34:52 +01:00
Florian Roth
fdc32889a7
rule: PulseSecure CVE-2019-11510 attack
2019-11-18 15:33:58 +01:00
Thomas Patzke
0592cbb67a
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
James Ahearn
eae7e3ab10
Web Source Code Enumeration via .git
2019-06-08 22:40:28 -04:00
Florian Roth
8c4b21f063
Rule: Apache threading errors
2019-01-22 08:49:10 +01:00
Thomas Patzke
81515b530c
ATT&CK tagging QA
2018-09-20 12:44:44 +02:00
megan201296
525326d15f
Fix typo
2018-09-06 20:20:11 -05:00
Florian Roth
1134051fba
Update web_cve_2018_2894_weblogic_exploit.yml
...
Ah, we could do it this way *.js*
2018-07-23 06:19:25 -06:00
Florian Roth
03a64cca74
Update web_cve_2018_2894_weblogic_exploit.yml
...
We try to avoid false positives
2018-07-23 06:18:38 -06:00
MATTHEW CARR
dfb77e936d
Update web_cve_2018_2894_weblogic_exploit.yml
...
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
2018-07-23 07:41:47 +02:00
Florian Roth
0f1b440b91
Rule: widened the CVE-2018-2894 WebLogic rule
...
https://twitter.com/lo_security/status/1021148314308358144
2018-07-22 20:36:10 -06:00
Florian Roth
ffb0cf5ed5
Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop
2018-07-22 15:09:45 -06:00
SherifEldeeb
48441962cc
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7
Change "reference" to "references" to match new schema
2018-01-28 02:12:19 +03:00
Thomas Patzke
9adaf4c411
Cleanup
2017-12-07 16:21:02 +01:00
Björn Kimminich
8a8387c43e
SQL Injection error message patterns
...
Rule file that detects error messages from different DB providers that would occur during SQL Injection probing
2017-11-27 22:52:17 +01:00
Thomas Patzke
6b8a5aea4a
Added vhost field to web rules
2017-09-17 00:20:17 +02:00
Thomas Patzke
986c9ff9b7
Added field names to first rules
2017-09-12 23:54:04 +02:00
Thomas Patzke
5c465129bd
Fixed rules
...
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
2017-09-11 00:35:52 +02:00
Thomas Patzke
7ba62b791c
Application security rules
...
* reorganization into separate folder
* adding category
* minor tweaks
2017-08-12 00:43:10 +02:00
Thomas Patzke
1d3b8e58bd
Fixed description
2017-08-06 23:22:31 +02:00
Thomas Patzke
0795d14b41
Spring framework security exceptions rule
2017-08-06 23:21:53 +02:00
Thomas Patzke
f0e6c28e8b
Added Ruby on Rails security-related exceptions rule
2017-08-06 22:57:52 +02:00
Thomas Patzke
98f99cebc0
Added author attribute
2017-08-05 23:56:13 +02:00
Thomas Patzke
f58c1b768b
Django security errors
2017-08-05 00:56:05 +02:00
Florian Roth
9fd375c130
Bugfix: Added time frame to correlation rule
2017-03-12 17:11:29 +01:00
Florian Roth
2e0632b05f
Rule: Linux: buffer overflows
2017-03-01 08:38:33 +01:00
Florian Roth
9c8ed4c0b1
Apache segmentation fault rule
2017-02-28 17:53:06 +01:00
Thomas Patzke
fdbadb8e6e
Rule fix
...
Fixed condition in webshell keyowrd rule.
2017-02-22 22:42:35 +01:00
Florian Roth
cd6e24c5ff
Added "logsource" sections and new rule
2017-02-19 00:31:59 +01:00
Florian Roth
18fd63f6b7
Levels to low, medium, high, critical
2017-02-16 18:06:22 +01:00
Thomas Patzke
88270fcf2d
Rule review and cleanup
...
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
OR linkage would cause wrong result.
2017-02-15 23:53:08 +01:00
Florian Roth
04ea201817
New rules and cleanup
2017-02-12 15:50:39 +01:00
Florian Roth
a2adb1ddb5
Renamed rule files, new rules
2017-02-10 19:17:02 +01:00
Florian Roth
1307a45fd5
Moved rules to a separate directory
2017-02-07 00:44:40 +01:00