rules/application/appframework_django_exceptions.yml

title: Django Framework Exceptions
id: fd435618-981e-4a7c-81f8-f78ce480d616
status: stable
description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
author: Thomas Patzke
date: 2017/08/05
modified: 2020/09/01
references:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
logsource:
    category: application
    product: django
detection:
    keywords:
        - SuspiciousOperation
        # Subclasses of SuspiciousOperation
        - DisallowedHost
        - DisallowedModelAdminLookup
        - DisallowedModelAdminToField
        - DisallowedRedirect
        - InvalidSessionKey
        - RequestDataTooBig
        - SuspiciousFileOperation
        - SuspiciousMultipartForm
        - SuspiciousSession
        - TooManyFieldsSent
        # Further security-related exceptions
        - PermissionDenied
    condition: keywords
falsepositives:
    - Application bugs
    - Penetration testing
level: medium
tags:
    - attack.initial_access
    - attack.t1190
fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00			`title: Django Framework Exceptions`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`id: fd435618-981e-4a7c-81f8-f78ce480d616`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`status: stable`
Fixed description 2017-08-06 23:22:31 +02:00			`description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts`
Added author attribute 2017-08-05 23:56:13 +02:00			`author: Thomas Patzke`
fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00			`date: 2017/08/05`
att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:47 +00:00			`modified: 2020/09/01`
Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00			`references:`
Django security errors 2017-08-05 00:56:05 +02:00			`- https://docs.djangoproject.com/en/1.11/ref/exceptions/`
			`- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security`
			`logsource:`
Application security rules 2017-08-12 00:43:10 +02:00			`category: application`
Django security errors 2017-08-05 00:56:05 +02:00			`product: django`
			`detection:`
			`keywords:`
			`- SuspiciousOperation`
			`# Subclasses of SuspiciousOperation`
			`- DisallowedHost`
			`- DisallowedModelAdminLookup`
			`- DisallowedModelAdminToField`
			`- DisallowedRedirect`
			`- InvalidSessionKey`
			`- RequestDataTooBig`
			`- SuspiciousFileOperation`
			`- SuspiciousMultipartForm`
			`- SuspiciousSession`
			`- TooManyFieldsSent`
			`# Further security-related exceptions`
			`- PermissionDenied`
			`condition: keywords`
			`falsepositives:`
			`- Application bugs`
			`- Penetration testing`
			`level: medium`
Fixed my git issue 2020-09-13 22:03:04 -06:00			`tags:`
			`- attack.initial_access`
			`- attack.t1190`