valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
04ea201817
SigmaHQ/rules/web/web_multiple_suspicious_resp_codes_single_source.yml
Florian Roth a2adb1ddb5 Renamed rule files, new rules
2017-02-10 19:17:02 +01:00

18 lines
493 B
YAML
Raw Blame History

title: Multiple suspicious Response Codes caused by Single Client
description: Detects possible exploitation activity or bugs in a web application
detection:
selection:
- log:
- access.log
- error.log
response:
- 400
- 401
- 403
- 500
condition: selection | count() by clientip > 10
falsepositives:
- Unstable application
- Application that misuses the response codes
level: 40
Reference in New Issue View Git Blame Copy Permalink