valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
77930b5173
SigmaHQ/rules/web/web_multiple_suspicious_resp_codes_single_source.yml
Thomas Patzke 88270fcf2d Rule review and cleanup 
* removed unnecessary one element lists from definitions
* converted some lists of one element maps to maps because the resulting
  OR linkage would cause wrong result.
2017-02-15 23:53:08 +01:00

18 lines
469 B
YAML
Raw Blame History

title: Multiple suspicious Response Codes caused by Single Client
description: Detects possible exploitation activity or bugs in a web application
detection:
selection:
log:
- access.log
- error.log
response:
- 400
- 401
- 403
- 500
condition: selection | count() by clientip > 10
falsepositives:
- Unstable application
- Application that misuses the response codes
level: 40
Reference in New Issue View Git Blame Copy Permalink