From 9320bf246d8d647e076404743bd765a1578a97f0 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 29 Jan 2023 09:49:42 +0100
Subject: [PATCH 1/2] Order root rules folder

---
 rules/{ => web}/proxy/proxy_adv_ip_port_scanner_upd_check.yml     | 0
 rules/{ => web}/proxy/proxy_apt40.yml                             | 0
 rules/{ => web}/proxy/proxy_apt_domestic_kitten.yml               | 0
 rules/{ => web}/proxy/proxy_baby_shark.yml                        | 0
 rules/{ => web}/proxy/proxy_chafer_malware.yml                    | 0
 rules/{ => web}/proxy/proxy_cobalt_amazon.yml                     | 0
 rules/{ => web}/proxy/proxy_cobalt_malformed_uas.yml              | 0
 rules/{ => web}/proxy/proxy_cobalt_ocsp.yml                       | 0
 rules/{ => web}/proxy/proxy_cobalt_onedrive.yml                   | 0
 rules/{ => web}/proxy/proxy_download_susp_dyndns.yml              | 0
 rules/{ => web}/proxy/proxy_download_susp_tlds_blacklist.yml      | 0
 rules/{ => web}/proxy/proxy_download_susp_tlds_whitelist.yml      | 0
 rules/{ => web}/proxy/proxy_downloadcradle_webdav.yml             | 0
 rules/{ => web}/proxy/proxy_empire_ua_uri_combos.yml              | 0
 rules/{ => web}/proxy/proxy_empty_ua.yml                          | 0
 rules/{ => web}/proxy/proxy_exchange_owassrf_exploitation.yml     | 0
 rules/{ => web}/proxy/proxy_exchange_owassrf_poc_exploitation.yml | 0
 rules/{ => web}/proxy/proxy_ios_implant.yml                       | 0
 rules/{ => web}/proxy/proxy_java_class_download.yml               | 0
 rules/{ => web}/proxy/proxy_powershell_ua.yml                     | 0
 rules/{ => web}/proxy/proxy_pwndrop.yml                           | 0
 rules/{ => web}/proxy/proxy_raw_paste_service_access.yml          | 0
 rules/{ => web}/proxy/proxy_susp_flash_download_loc.yml           | 0
 rules/{ => web}/proxy/proxy_telegram_api.yml                      | 0
 rules/{ => web}/proxy/proxy_turla_comrat.yml                      | 0
 rules/{ => web}/proxy/proxy_ua_apt.yml                            | 0
 rules/{ => web}/proxy/proxy_ua_bitsadmin_susp_ip.yml              | 0
 rules/{ => web}/proxy/proxy_ua_bitsadmin_susp_tld.yml             | 0
 rules/{ => web}/proxy/proxy_ua_cryptominer.yml                    | 0
 rules/{ => web}/proxy/proxy_ua_frameworks.yml                     | 0
 rules/{ => web}/proxy/proxy_ua_hacktool.yml                       | 0
 rules/{ => web}/proxy/proxy_ua_malware.yml                        | 0
 rules/{ => web}/proxy/proxy_ua_rclone.yml                         | 0
 rules/{ => web}/proxy/proxy_ua_susp.yml                           | 0
 rules/{ => web}/proxy/proxy_ua_susp_base64.yml                    | 0
 rules/{ => web}/proxy/proxy_ursnif_malware_c2_url.yml             | 0
 rules/{ => web}/proxy/proxy_ursnif_malware_download_url.yml       | 0
 .../{ => webserver}/web_cve_2010_5278_exploitation_attempt.yml    | 0
 rules/web/{ => webserver}/web_cve_2014_6287_hfs_rce.yml           | 0
 .../web_cve_2018_13379_fortinet_preauth_read_exploit.yml          | 0
 rules/web/{ => webserver}/web_cve_2018_2894_weblogic_exploit.yml  | 0
 .../{ => webserver}/web_cve_2019_11510_pulsesecure_exploit.yml    | 0
 rules/web/{ => webserver}/web_cve_2019_19781_citrix_exploit.yml   | 0
 rules/web/{ => webserver}/web_cve_2019_3398_confluence.yml        | 0
 rules/web/{ => webserver}/web_cve_2020_0688_exchange_exploit.yml  | 0
 rules/web/{ => webserver}/web_cve_2020_0688_msexchange.yml        | 0
 .../web/{ => webserver}/web_cve_2020_10148_solarwinds_exploit.yml | 0
 rules/web/{ => webserver}/web_cve_2020_14882_weblogic_exploit.yml | 0
 .../web_cve_2020_28188_terramaster_rce_exploit.yml                | 0
 rules/web/{ => webserver}/web_cve_2020_3452_cisco_asa_ftd.yml     | 0
 rules/web/{ => webserver}/web_cve_2020_5902_f5_bigip.yml          | 0
 .../web/{ => webserver}/web_cve_2020_8193_8195_citrix_exploit.yml | 0
 .../web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml     | 0
 .../{ => webserver}/web_cve_2021_2109_weblogic_rce_exploit.yml    | 0
 .../web_cve_2021_21972_vsphere_unauth_rce_exploit.yml             | 0
 .../web_cve_2021_21978_vmware_view_planner_exploit.yml            | 0
 .../web/{ => webserver}/web_cve_2021_22005_vmware_file_upload.yml | 0
 rules/web/{ => webserver}/web_cve_2021_22123_fortinet_exploit.yml | 0
 .../web_cve_2021_22893_pulse_secure_rce_exploit.yml               | 0
 .../{ => webserver}/web_cve_2021_26084_confluence_rce_exploit.yml | 0
 rules/web/{ => webserver}/web_cve_2021_26814_wzuh_rce.yml         | 0
 rules/web/{ => webserver}/web_cve_2021_26858_iis_rce.yml          | 0
 .../{ => webserver}/web_cve_2021_27905_apache_solr_exploit.yml    | 0
 rules/web/{ => webserver}/web_cve_2021_28480_exchange_exploit.yml | 0
 .../{ => webserver}/web_cve_2021_33766_msexchange_proxytoken.yml  | 0
 rules/web/{ => webserver}/web_cve_2021_40539_adselfservice.yml    | 0
 .../web_cve_2021_40539_manageengine_adselfservice_exploit.yml     | 0
 .../{ => webserver}/web_cve_2021_41773_apache_path_traversal.yml  | 0
 .../{ => webserver}/web_cve_2021_42237_sitecore_report_ashx.yml   | 0
 rules/web/{ => webserver}/web_cve_2021_43798_grafana.yml          | 0
 rules/web/{ => webserver}/web_cve_2021_44228_log4j.yml            | 0
 rules/web/{ => webserver}/web_cve_2021_44228_log4j_fields.yml     | 0
 rules/web/{ => webserver}/web_cve_2022_27925_exploit.yml          | 0
 rules/web/{ => webserver}/web_cve_2022_31656_auth_bypass.yml      | 0
 rules/web/{ => webserver}/web_cve_2022_31659_vmware_rce.yml       | 0
 .../web_cve_2022_33891_spark_shell_command_injection.yml          | 0
 .../web_cve_2022_36804_atlassian_bitbucket_command_injection.yml  | 0
 .../{ => webserver}/web_cve_2022_44877_exploitation_attempt.yml   | 0
 .../web_cve_2022_46169_cacti_exploitation_attempt.yml             | 0
 rules/web/{ => webserver}/web_exchange_exploitation_hafnium.yml   | 0
 rules/web/{ => webserver}/web_exchange_owassrf_exploitation.yml   | 0
 .../web/{ => webserver}/web_exchange_owassrf_poc_exploitation.yml | 0
 rules/web/{ => webserver}/web_exchange_proxyshell.yml             | 0
 rules/web/{ => webserver}/web_exchange_proxyshell_successful.yml  | 0
 rules/web/{ => webserver}/web_iis_tilt_shortname_scan.yml         | 0
 rules/web/{ => webserver}/web_java_payload_in_access_logs.yml     | 0
 rules/web/{ => webserver}/web_jndi_exploit.yml                    | 0
 .../web_multiple_susp_resp_codes_single_source.yml                | 0
 rules/web/{ => webserver}/web_nginx_core_dump.yml                 | 0
 .../{ => webserver}/web_path_traversal_exploitation_attempt.yml   | 0
 rules/web/{ => webserver}/web_solarwinds_supernova_webshell.yml   | 0
 rules/web/{ => webserver}/web_sonicwall_jarrewrite_exploit.yml    | 0
 rules/web/{ => webserver}/web_source_code_enumeration.yml         | 0
 rules/web/{ => webserver}/web_sql_injection_in_access_logs.yml    | 0
 rules/web/{ => webserver}/web_ssti_in_access_logs.yml             | 0
 rules/web/{ => webserver}/web_susp_useragents.yml                 | 0
 rules/web/{ => webserver}/web_susp_windows_path_uri.yml           | 0
 rules/web/{ => webserver}/web_unc2546_dewmode_php_webshell.yml    | 0
 rules/web/{ => webserver}/web_webshell_regeorg.yml                | 0
 rules/web/{ => webserver}/web_win_webshells_in_access_logs.yml    | 0
 rules/web/{ => webserver}/web_xss_in_access_logs.yml              | 0
 101 files changed, 0 insertions(+), 0 deletions(-)
 rename rules/{ => web}/proxy/proxy_adv_ip_port_scanner_upd_check.yml (100%)
 rename rules/{ => web}/proxy/proxy_apt40.yml (100%)
 rename rules/{ => web}/proxy/proxy_apt_domestic_kitten.yml (100%)
 rename rules/{ => web}/proxy/proxy_baby_shark.yml (100%)
 rename rules/{ => web}/proxy/proxy_chafer_malware.yml (100%)
 rename rules/{ => web}/proxy/proxy_cobalt_amazon.yml (100%)
 rename rules/{ => web}/proxy/proxy_cobalt_malformed_uas.yml (100%)
 rename rules/{ => web}/proxy/proxy_cobalt_ocsp.yml (100%)
 rename rules/{ => web}/proxy/proxy_cobalt_onedrive.yml (100%)
 rename rules/{ => web}/proxy/proxy_download_susp_dyndns.yml (100%)
 rename rules/{ => web}/proxy/proxy_download_susp_tlds_blacklist.yml (100%)
 rename rules/{ => web}/proxy/proxy_download_susp_tlds_whitelist.yml (100%)
 rename rules/{ => web}/proxy/proxy_downloadcradle_webdav.yml (100%)
 rename rules/{ => web}/proxy/proxy_empire_ua_uri_combos.yml (100%)
 rename rules/{ => web}/proxy/proxy_empty_ua.yml (100%)
 rename rules/{ => web}/proxy/proxy_exchange_owassrf_exploitation.yml (100%)
 rename rules/{ => web}/proxy/proxy_exchange_owassrf_poc_exploitation.yml (100%)
 rename rules/{ => web}/proxy/proxy_ios_implant.yml (100%)
 rename rules/{ => web}/proxy/proxy_java_class_download.yml (100%)
 rename rules/{ => web}/proxy/proxy_powershell_ua.yml (100%)
 rename rules/{ => web}/proxy/proxy_pwndrop.yml (100%)
 rename rules/{ => web}/proxy/proxy_raw_paste_service_access.yml (100%)
 rename rules/{ => web}/proxy/proxy_susp_flash_download_loc.yml (100%)
 rename rules/{ => web}/proxy/proxy_telegram_api.yml (100%)
 rename rules/{ => web}/proxy/proxy_turla_comrat.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_apt.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_bitsadmin_susp_ip.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_bitsadmin_susp_tld.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_cryptominer.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_frameworks.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_hacktool.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_malware.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_rclone.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_susp.yml (100%)
 rename rules/{ => web}/proxy/proxy_ua_susp_base64.yml (100%)
 rename rules/{ => web}/proxy/proxy_ursnif_malware_c2_url.yml (100%)
 rename rules/{ => web}/proxy/proxy_ursnif_malware_download_url.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2010_5278_exploitation_attempt.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2014_6287_hfs_rce.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2018_13379_fortinet_preauth_read_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2018_2894_weblogic_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2019_11510_pulsesecure_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2019_19781_citrix_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2019_3398_confluence.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_0688_exchange_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_0688_msexchange.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_10148_solarwinds_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_14882_weblogic_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_28188_terramaster_rce_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_3452_cisco_asa_ftd.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_5902_f5_bigip.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2020_8193_8195_citrix_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_2109_weblogic_rce_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_21978_vmware_view_planner_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_22005_vmware_file_upload.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_22123_fortinet_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_22893_pulse_secure_rce_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_26084_confluence_rce_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_26814_wzuh_rce.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_26858_iis_rce.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_27905_apache_solr_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_28480_exchange_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_33766_msexchange_proxytoken.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_40539_adselfservice.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_40539_manageengine_adselfservice_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_41773_apache_path_traversal.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_42237_sitecore_report_ashx.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_43798_grafana.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_44228_log4j.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2021_44228_log4j_fields.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_27925_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_31656_auth_bypass.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_31659_vmware_rce.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_33891_spark_shell_command_injection.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_44877_exploitation_attempt.yml (100%)
 rename rules/web/{ => webserver}/web_cve_2022_46169_cacti_exploitation_attempt.yml (100%)
 rename rules/web/{ => webserver}/web_exchange_exploitation_hafnium.yml (100%)
 rename rules/web/{ => webserver}/web_exchange_owassrf_exploitation.yml (100%)
 rename rules/web/{ => webserver}/web_exchange_owassrf_poc_exploitation.yml (100%)
 rename rules/web/{ => webserver}/web_exchange_proxyshell.yml (100%)
 rename rules/web/{ => webserver}/web_exchange_proxyshell_successful.yml (100%)
 rename rules/web/{ => webserver}/web_iis_tilt_shortname_scan.yml (100%)
 rename rules/web/{ => webserver}/web_java_payload_in_access_logs.yml (100%)
 rename rules/web/{ => webserver}/web_jndi_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_multiple_susp_resp_codes_single_source.yml (100%)
 rename rules/web/{ => webserver}/web_nginx_core_dump.yml (100%)
 rename rules/web/{ => webserver}/web_path_traversal_exploitation_attempt.yml (100%)
 rename rules/web/{ => webserver}/web_solarwinds_supernova_webshell.yml (100%)
 rename rules/web/{ => webserver}/web_sonicwall_jarrewrite_exploit.yml (100%)
 rename rules/web/{ => webserver}/web_source_code_enumeration.yml (100%)
 rename rules/web/{ => webserver}/web_sql_injection_in_access_logs.yml (100%)
 rename rules/web/{ => webserver}/web_ssti_in_access_logs.yml (100%)
 rename rules/web/{ => webserver}/web_susp_useragents.yml (100%)
 rename rules/web/{ => webserver}/web_susp_windows_path_uri.yml (100%)
 rename rules/web/{ => webserver}/web_unc2546_dewmode_php_webshell.yml (100%)
 rename rules/web/{ => webserver}/web_webshell_regeorg.yml (100%)
 rename rules/web/{ => webserver}/web_win_webshells_in_access_logs.yml (100%)
 rename rules/web/{ => webserver}/web_xss_in_access_logs.yml (100%)

diff --git a/rules/proxy/proxy_adv_ip_port_scanner_upd_check.yml b/rules/web/proxy/proxy_adv_ip_port_scanner_upd_check.yml
similarity index 100%
rename from rules/proxy/proxy_adv_ip_port_scanner_upd_check.yml
rename to rules/web/proxy/proxy_adv_ip_port_scanner_upd_check.yml
diff --git a/rules/proxy/proxy_apt40.yml b/rules/web/proxy/proxy_apt40.yml
similarity index 100%
rename from rules/proxy/proxy_apt40.yml
rename to rules/web/proxy/proxy_apt40.yml
diff --git a/rules/proxy/proxy_apt_domestic_kitten.yml b/rules/web/proxy/proxy_apt_domestic_kitten.yml
similarity index 100%
rename from rules/proxy/proxy_apt_domestic_kitten.yml
rename to rules/web/proxy/proxy_apt_domestic_kitten.yml
diff --git a/rules/proxy/proxy_baby_shark.yml b/rules/web/proxy/proxy_baby_shark.yml
similarity index 100%
rename from rules/proxy/proxy_baby_shark.yml
rename to rules/web/proxy/proxy_baby_shark.yml
diff --git a/rules/proxy/proxy_chafer_malware.yml b/rules/web/proxy/proxy_chafer_malware.yml
similarity index 100%
rename from rules/proxy/proxy_chafer_malware.yml
rename to rules/web/proxy/proxy_chafer_malware.yml
diff --git a/rules/proxy/proxy_cobalt_amazon.yml b/rules/web/proxy/proxy_cobalt_amazon.yml
similarity index 100%
rename from rules/proxy/proxy_cobalt_amazon.yml
rename to rules/web/proxy/proxy_cobalt_amazon.yml
diff --git a/rules/proxy/proxy_cobalt_malformed_uas.yml b/rules/web/proxy/proxy_cobalt_malformed_uas.yml
similarity index 100%
rename from rules/proxy/proxy_cobalt_malformed_uas.yml
rename to rules/web/proxy/proxy_cobalt_malformed_uas.yml
diff --git a/rules/proxy/proxy_cobalt_ocsp.yml b/rules/web/proxy/proxy_cobalt_ocsp.yml
similarity index 100%
rename from rules/proxy/proxy_cobalt_ocsp.yml
rename to rules/web/proxy/proxy_cobalt_ocsp.yml
diff --git a/rules/proxy/proxy_cobalt_onedrive.yml b/rules/web/proxy/proxy_cobalt_onedrive.yml
similarity index 100%
rename from rules/proxy/proxy_cobalt_onedrive.yml
rename to rules/web/proxy/proxy_cobalt_onedrive.yml
diff --git a/rules/proxy/proxy_download_susp_dyndns.yml b/rules/web/proxy/proxy_download_susp_dyndns.yml
similarity index 100%
rename from rules/proxy/proxy_download_susp_dyndns.yml
rename to rules/web/proxy/proxy_download_susp_dyndns.yml
diff --git a/rules/proxy/proxy_download_susp_tlds_blacklist.yml b/rules/web/proxy/proxy_download_susp_tlds_blacklist.yml
similarity index 100%
rename from rules/proxy/proxy_download_susp_tlds_blacklist.yml
rename to rules/web/proxy/proxy_download_susp_tlds_blacklist.yml
diff --git a/rules/proxy/proxy_download_susp_tlds_whitelist.yml b/rules/web/proxy/proxy_download_susp_tlds_whitelist.yml
similarity index 100%
rename from rules/proxy/proxy_download_susp_tlds_whitelist.yml
rename to rules/web/proxy/proxy_download_susp_tlds_whitelist.yml
diff --git a/rules/proxy/proxy_downloadcradle_webdav.yml b/rules/web/proxy/proxy_downloadcradle_webdav.yml
similarity index 100%
rename from rules/proxy/proxy_downloadcradle_webdav.yml
rename to rules/web/proxy/proxy_downloadcradle_webdav.yml
diff --git a/rules/proxy/proxy_empire_ua_uri_combos.yml b/rules/web/proxy/proxy_empire_ua_uri_combos.yml
similarity index 100%
rename from rules/proxy/proxy_empire_ua_uri_combos.yml
rename to rules/web/proxy/proxy_empire_ua_uri_combos.yml
diff --git a/rules/proxy/proxy_empty_ua.yml b/rules/web/proxy/proxy_empty_ua.yml
similarity index 100%
rename from rules/proxy/proxy_empty_ua.yml
rename to rules/web/proxy/proxy_empty_ua.yml
diff --git a/rules/proxy/proxy_exchange_owassrf_exploitation.yml b/rules/web/proxy/proxy_exchange_owassrf_exploitation.yml
similarity index 100%
rename from rules/proxy/proxy_exchange_owassrf_exploitation.yml
rename to rules/web/proxy/proxy_exchange_owassrf_exploitation.yml
diff --git a/rules/proxy/proxy_exchange_owassrf_poc_exploitation.yml b/rules/web/proxy/proxy_exchange_owassrf_poc_exploitation.yml
similarity index 100%
rename from rules/proxy/proxy_exchange_owassrf_poc_exploitation.yml
rename to rules/web/proxy/proxy_exchange_owassrf_poc_exploitation.yml
diff --git a/rules/proxy/proxy_ios_implant.yml b/rules/web/proxy/proxy_ios_implant.yml
similarity index 100%
rename from rules/proxy/proxy_ios_implant.yml
rename to rules/web/proxy/proxy_ios_implant.yml
diff --git a/rules/proxy/proxy_java_class_download.yml b/rules/web/proxy/proxy_java_class_download.yml
similarity index 100%
rename from rules/proxy/proxy_java_class_download.yml
rename to rules/web/proxy/proxy_java_class_download.yml
diff --git a/rules/proxy/proxy_powershell_ua.yml b/rules/web/proxy/proxy_powershell_ua.yml
similarity index 100%
rename from rules/proxy/proxy_powershell_ua.yml
rename to rules/web/proxy/proxy_powershell_ua.yml
diff --git a/rules/proxy/proxy_pwndrop.yml b/rules/web/proxy/proxy_pwndrop.yml
similarity index 100%
rename from rules/proxy/proxy_pwndrop.yml
rename to rules/web/proxy/proxy_pwndrop.yml
diff --git a/rules/proxy/proxy_raw_paste_service_access.yml b/rules/web/proxy/proxy_raw_paste_service_access.yml
similarity index 100%
rename from rules/proxy/proxy_raw_paste_service_access.yml
rename to rules/web/proxy/proxy_raw_paste_service_access.yml
diff --git a/rules/proxy/proxy_susp_flash_download_loc.yml b/rules/web/proxy/proxy_susp_flash_download_loc.yml
similarity index 100%
rename from rules/proxy/proxy_susp_flash_download_loc.yml
rename to rules/web/proxy/proxy_susp_flash_download_loc.yml
diff --git a/rules/proxy/proxy_telegram_api.yml b/rules/web/proxy/proxy_telegram_api.yml
similarity index 100%
rename from rules/proxy/proxy_telegram_api.yml
rename to rules/web/proxy/proxy_telegram_api.yml
diff --git a/rules/proxy/proxy_turla_comrat.yml b/rules/web/proxy/proxy_turla_comrat.yml
similarity index 100%
rename from rules/proxy/proxy_turla_comrat.yml
rename to rules/web/proxy/proxy_turla_comrat.yml
diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/web/proxy/proxy_ua_apt.yml
similarity index 100%
rename from rules/proxy/proxy_ua_apt.yml
rename to rules/web/proxy/proxy_ua_apt.yml
diff --git a/rules/proxy/proxy_ua_bitsadmin_susp_ip.yml b/rules/web/proxy/proxy_ua_bitsadmin_susp_ip.yml
similarity index 100%
rename from rules/proxy/proxy_ua_bitsadmin_susp_ip.yml
rename to rules/web/proxy/proxy_ua_bitsadmin_susp_ip.yml
diff --git a/rules/proxy/proxy_ua_bitsadmin_susp_tld.yml b/rules/web/proxy/proxy_ua_bitsadmin_susp_tld.yml
similarity index 100%
rename from rules/proxy/proxy_ua_bitsadmin_susp_tld.yml
rename to rules/web/proxy/proxy_ua_bitsadmin_susp_tld.yml
diff --git a/rules/proxy/proxy_ua_cryptominer.yml b/rules/web/proxy/proxy_ua_cryptominer.yml
similarity index 100%
rename from rules/proxy/proxy_ua_cryptominer.yml
rename to rules/web/proxy/proxy_ua_cryptominer.yml
diff --git a/rules/proxy/proxy_ua_frameworks.yml b/rules/web/proxy/proxy_ua_frameworks.yml
similarity index 100%
rename from rules/proxy/proxy_ua_frameworks.yml
rename to rules/web/proxy/proxy_ua_frameworks.yml
diff --git a/rules/proxy/proxy_ua_hacktool.yml b/rules/web/proxy/proxy_ua_hacktool.yml
similarity index 100%
rename from rules/proxy/proxy_ua_hacktool.yml
rename to rules/web/proxy/proxy_ua_hacktool.yml
diff --git a/rules/proxy/proxy_ua_malware.yml b/rules/web/proxy/proxy_ua_malware.yml
similarity index 100%
rename from rules/proxy/proxy_ua_malware.yml
rename to rules/web/proxy/proxy_ua_malware.yml
diff --git a/rules/proxy/proxy_ua_rclone.yml b/rules/web/proxy/proxy_ua_rclone.yml
similarity index 100%
rename from rules/proxy/proxy_ua_rclone.yml
rename to rules/web/proxy/proxy_ua_rclone.yml
diff --git a/rules/proxy/proxy_ua_susp.yml b/rules/web/proxy/proxy_ua_susp.yml
similarity index 100%
rename from rules/proxy/proxy_ua_susp.yml
rename to rules/web/proxy/proxy_ua_susp.yml
diff --git a/rules/proxy/proxy_ua_susp_base64.yml b/rules/web/proxy/proxy_ua_susp_base64.yml
similarity index 100%
rename from rules/proxy/proxy_ua_susp_base64.yml
rename to rules/web/proxy/proxy_ua_susp_base64.yml
diff --git a/rules/proxy/proxy_ursnif_malware_c2_url.yml b/rules/web/proxy/proxy_ursnif_malware_c2_url.yml
similarity index 100%
rename from rules/proxy/proxy_ursnif_malware_c2_url.yml
rename to rules/web/proxy/proxy_ursnif_malware_c2_url.yml
diff --git a/rules/proxy/proxy_ursnif_malware_download_url.yml b/rules/web/proxy/proxy_ursnif_malware_download_url.yml
similarity index 100%
rename from rules/proxy/proxy_ursnif_malware_download_url.yml
rename to rules/web/proxy/proxy_ursnif_malware_download_url.yml
diff --git a/rules/web/web_cve_2010_5278_exploitation_attempt.yml b/rules/web/webserver/web_cve_2010_5278_exploitation_attempt.yml
similarity index 100%
rename from rules/web/web_cve_2010_5278_exploitation_attempt.yml
rename to rules/web/webserver/web_cve_2010_5278_exploitation_attempt.yml
diff --git a/rules/web/web_cve_2014_6287_hfs_rce.yml b/rules/web/webserver/web_cve_2014_6287_hfs_rce.yml
similarity index 100%
rename from rules/web/web_cve_2014_6287_hfs_rce.yml
rename to rules/web/webserver/web_cve_2014_6287_hfs_rce.yml
diff --git a/rules/web/web_cve_2018_13379_fortinet_preauth_read_exploit.yml b/rules/web/webserver/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
rename to rules/web/webserver/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
diff --git a/rules/web/web_cve_2018_2894_weblogic_exploit.yml b/rules/web/webserver/web_cve_2018_2894_weblogic_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2018_2894_weblogic_exploit.yml
rename to rules/web/webserver/web_cve_2018_2894_weblogic_exploit.yml
diff --git a/rules/web/web_cve_2019_11510_pulsesecure_exploit.yml b/rules/web/webserver/web_cve_2019_11510_pulsesecure_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2019_11510_pulsesecure_exploit.yml
rename to rules/web/webserver/web_cve_2019_11510_pulsesecure_exploit.yml
diff --git a/rules/web/web_cve_2019_19781_citrix_exploit.yml b/rules/web/webserver/web_cve_2019_19781_citrix_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2019_19781_citrix_exploit.yml
rename to rules/web/webserver/web_cve_2019_19781_citrix_exploit.yml
diff --git a/rules/web/web_cve_2019_3398_confluence.yml b/rules/web/webserver/web_cve_2019_3398_confluence.yml
similarity index 100%
rename from rules/web/web_cve_2019_3398_confluence.yml
rename to rules/web/webserver/web_cve_2019_3398_confluence.yml
diff --git a/rules/web/web_cve_2020_0688_exchange_exploit.yml b/rules/web/webserver/web_cve_2020_0688_exchange_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2020_0688_exchange_exploit.yml
rename to rules/web/webserver/web_cve_2020_0688_exchange_exploit.yml
diff --git a/rules/web/web_cve_2020_0688_msexchange.yml b/rules/web/webserver/web_cve_2020_0688_msexchange.yml
similarity index 100%
rename from rules/web/web_cve_2020_0688_msexchange.yml
rename to rules/web/webserver/web_cve_2020_0688_msexchange.yml
diff --git a/rules/web/web_cve_2020_10148_solarwinds_exploit.yml b/rules/web/webserver/web_cve_2020_10148_solarwinds_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2020_10148_solarwinds_exploit.yml
rename to rules/web/webserver/web_cve_2020_10148_solarwinds_exploit.yml
diff --git a/rules/web/web_cve_2020_14882_weblogic_exploit.yml b/rules/web/webserver/web_cve_2020_14882_weblogic_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2020_14882_weblogic_exploit.yml
rename to rules/web/webserver/web_cve_2020_14882_weblogic_exploit.yml
diff --git a/rules/web/web_cve_2020_28188_terramaster_rce_exploit.yml b/rules/web/webserver/web_cve_2020_28188_terramaster_rce_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2020_28188_terramaster_rce_exploit.yml
rename to rules/web/webserver/web_cve_2020_28188_terramaster_rce_exploit.yml
diff --git a/rules/web/web_cve_2020_3452_cisco_asa_ftd.yml b/rules/web/webserver/web_cve_2020_3452_cisco_asa_ftd.yml
similarity index 100%
rename from rules/web/web_cve_2020_3452_cisco_asa_ftd.yml
rename to rules/web/webserver/web_cve_2020_3452_cisco_asa_ftd.yml
diff --git a/rules/web/web_cve_2020_5902_f5_bigip.yml b/rules/web/webserver/web_cve_2020_5902_f5_bigip.yml
similarity index 100%
rename from rules/web/web_cve_2020_5902_f5_bigip.yml
rename to rules/web/webserver/web_cve_2020_5902_f5_bigip.yml
diff --git a/rules/web/web_cve_2020_8193_8195_citrix_exploit.yml b/rules/web/webserver/web_cve_2020_8193_8195_citrix_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2020_8193_8195_citrix_exploit.yml
rename to rules/web/webserver/web_cve_2020_8193_8195_citrix_exploit.yml
diff --git a/rules/web/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml b/rules/web/webserver/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
rename to rules/web/webserver/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
diff --git a/rules/web/web_cve_2021_2109_weblogic_rce_exploit.yml b/rules/web/webserver/web_cve_2021_2109_weblogic_rce_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_2109_weblogic_rce_exploit.yml
rename to rules/web/webserver/web_cve_2021_2109_weblogic_rce_exploit.yml
diff --git a/rules/web/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml b/rules/web/webserver/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
rename to rules/web/webserver/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
diff --git a/rules/web/web_cve_2021_21978_vmware_view_planner_exploit.yml b/rules/web/webserver/web_cve_2021_21978_vmware_view_planner_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_21978_vmware_view_planner_exploit.yml
rename to rules/web/webserver/web_cve_2021_21978_vmware_view_planner_exploit.yml
diff --git a/rules/web/web_cve_2021_22005_vmware_file_upload.yml b/rules/web/webserver/web_cve_2021_22005_vmware_file_upload.yml
similarity index 100%
rename from rules/web/web_cve_2021_22005_vmware_file_upload.yml
rename to rules/web/webserver/web_cve_2021_22005_vmware_file_upload.yml
diff --git a/rules/web/web_cve_2021_22123_fortinet_exploit.yml b/rules/web/webserver/web_cve_2021_22123_fortinet_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_22123_fortinet_exploit.yml
rename to rules/web/webserver/web_cve_2021_22123_fortinet_exploit.yml
diff --git a/rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml b/rules/web/webserver/web_cve_2021_22893_pulse_secure_rce_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml
rename to rules/web/webserver/web_cve_2021_22893_pulse_secure_rce_exploit.yml
diff --git a/rules/web/web_cve_2021_26084_confluence_rce_exploit.yml b/rules/web/webserver/web_cve_2021_26084_confluence_rce_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_26084_confluence_rce_exploit.yml
rename to rules/web/webserver/web_cve_2021_26084_confluence_rce_exploit.yml
diff --git a/rules/web/web_cve_2021_26814_wzuh_rce.yml b/rules/web/webserver/web_cve_2021_26814_wzuh_rce.yml
similarity index 100%
rename from rules/web/web_cve_2021_26814_wzuh_rce.yml
rename to rules/web/webserver/web_cve_2021_26814_wzuh_rce.yml
diff --git a/rules/web/web_cve_2021_26858_iis_rce.yml b/rules/web/webserver/web_cve_2021_26858_iis_rce.yml
similarity index 100%
rename from rules/web/web_cve_2021_26858_iis_rce.yml
rename to rules/web/webserver/web_cve_2021_26858_iis_rce.yml
diff --git a/rules/web/web_cve_2021_27905_apache_solr_exploit.yml b/rules/web/webserver/web_cve_2021_27905_apache_solr_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_27905_apache_solr_exploit.yml
rename to rules/web/webserver/web_cve_2021_27905_apache_solr_exploit.yml
diff --git a/rules/web/web_cve_2021_28480_exchange_exploit.yml b/rules/web/webserver/web_cve_2021_28480_exchange_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_28480_exchange_exploit.yml
rename to rules/web/webserver/web_cve_2021_28480_exchange_exploit.yml
diff --git a/rules/web/web_cve_2021_33766_msexchange_proxytoken.yml b/rules/web/webserver/web_cve_2021_33766_msexchange_proxytoken.yml
similarity index 100%
rename from rules/web/web_cve_2021_33766_msexchange_proxytoken.yml
rename to rules/web/webserver/web_cve_2021_33766_msexchange_proxytoken.yml
diff --git a/rules/web/web_cve_2021_40539_adselfservice.yml b/rules/web/webserver/web_cve_2021_40539_adselfservice.yml
similarity index 100%
rename from rules/web/web_cve_2021_40539_adselfservice.yml
rename to rules/web/webserver/web_cve_2021_40539_adselfservice.yml
diff --git a/rules/web/web_cve_2021_40539_manageengine_adselfservice_exploit.yml b/rules/web/webserver/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
rename to rules/web/webserver/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
diff --git a/rules/web/web_cve_2021_41773_apache_path_traversal.yml b/rules/web/webserver/web_cve_2021_41773_apache_path_traversal.yml
similarity index 100%
rename from rules/web/web_cve_2021_41773_apache_path_traversal.yml
rename to rules/web/webserver/web_cve_2021_41773_apache_path_traversal.yml
diff --git a/rules/web/web_cve_2021_42237_sitecore_report_ashx.yml b/rules/web/webserver/web_cve_2021_42237_sitecore_report_ashx.yml
similarity index 100%
rename from rules/web/web_cve_2021_42237_sitecore_report_ashx.yml
rename to rules/web/webserver/web_cve_2021_42237_sitecore_report_ashx.yml
diff --git a/rules/web/web_cve_2021_43798_grafana.yml b/rules/web/webserver/web_cve_2021_43798_grafana.yml
similarity index 100%
rename from rules/web/web_cve_2021_43798_grafana.yml
rename to rules/web/webserver/web_cve_2021_43798_grafana.yml
diff --git a/rules/web/web_cve_2021_44228_log4j.yml b/rules/web/webserver/web_cve_2021_44228_log4j.yml
similarity index 100%
rename from rules/web/web_cve_2021_44228_log4j.yml
rename to rules/web/webserver/web_cve_2021_44228_log4j.yml
diff --git a/rules/web/web_cve_2021_44228_log4j_fields.yml b/rules/web/webserver/web_cve_2021_44228_log4j_fields.yml
similarity index 100%
rename from rules/web/web_cve_2021_44228_log4j_fields.yml
rename to rules/web/webserver/web_cve_2021_44228_log4j_fields.yml
diff --git a/rules/web/web_cve_2022_27925_exploit.yml b/rules/web/webserver/web_cve_2022_27925_exploit.yml
similarity index 100%
rename from rules/web/web_cve_2022_27925_exploit.yml
rename to rules/web/webserver/web_cve_2022_27925_exploit.yml
diff --git a/rules/web/web_cve_2022_31656_auth_bypass.yml b/rules/web/webserver/web_cve_2022_31656_auth_bypass.yml
similarity index 100%
rename from rules/web/web_cve_2022_31656_auth_bypass.yml
rename to rules/web/webserver/web_cve_2022_31656_auth_bypass.yml
diff --git a/rules/web/web_cve_2022_31659_vmware_rce.yml b/rules/web/webserver/web_cve_2022_31659_vmware_rce.yml
similarity index 100%
rename from rules/web/web_cve_2022_31659_vmware_rce.yml
rename to rules/web/webserver/web_cve_2022_31659_vmware_rce.yml
diff --git a/rules/web/web_cve_2022_33891_spark_shell_command_injection.yml b/rules/web/webserver/web_cve_2022_33891_spark_shell_command_injection.yml
similarity index 100%
rename from rules/web/web_cve_2022_33891_spark_shell_command_injection.yml
rename to rules/web/webserver/web_cve_2022_33891_spark_shell_command_injection.yml
diff --git a/rules/web/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml b/rules/web/webserver/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
similarity index 100%
rename from rules/web/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
rename to rules/web/webserver/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
diff --git a/rules/web/web_cve_2022_44877_exploitation_attempt.yml b/rules/web/webserver/web_cve_2022_44877_exploitation_attempt.yml
similarity index 100%
rename from rules/web/web_cve_2022_44877_exploitation_attempt.yml
rename to rules/web/webserver/web_cve_2022_44877_exploitation_attempt.yml
diff --git a/rules/web/web_cve_2022_46169_cacti_exploitation_attempt.yml b/rules/web/webserver/web_cve_2022_46169_cacti_exploitation_attempt.yml
similarity index 100%
rename from rules/web/web_cve_2022_46169_cacti_exploitation_attempt.yml
rename to rules/web/webserver/web_cve_2022_46169_cacti_exploitation_attempt.yml
diff --git a/rules/web/web_exchange_exploitation_hafnium.yml b/rules/web/webserver/web_exchange_exploitation_hafnium.yml
similarity index 100%
rename from rules/web/web_exchange_exploitation_hafnium.yml
rename to rules/web/webserver/web_exchange_exploitation_hafnium.yml
diff --git a/rules/web/web_exchange_owassrf_exploitation.yml b/rules/web/webserver/web_exchange_owassrf_exploitation.yml
similarity index 100%
rename from rules/web/web_exchange_owassrf_exploitation.yml
rename to rules/web/webserver/web_exchange_owassrf_exploitation.yml
diff --git a/rules/web/web_exchange_owassrf_poc_exploitation.yml b/rules/web/webserver/web_exchange_owassrf_poc_exploitation.yml
similarity index 100%
rename from rules/web/web_exchange_owassrf_poc_exploitation.yml
rename to rules/web/webserver/web_exchange_owassrf_poc_exploitation.yml
diff --git a/rules/web/web_exchange_proxyshell.yml b/rules/web/webserver/web_exchange_proxyshell.yml
similarity index 100%
rename from rules/web/web_exchange_proxyshell.yml
rename to rules/web/webserver/web_exchange_proxyshell.yml
diff --git a/rules/web/web_exchange_proxyshell_successful.yml b/rules/web/webserver/web_exchange_proxyshell_successful.yml
similarity index 100%
rename from rules/web/web_exchange_proxyshell_successful.yml
rename to rules/web/webserver/web_exchange_proxyshell_successful.yml
diff --git a/rules/web/web_iis_tilt_shortname_scan.yml b/rules/web/webserver/web_iis_tilt_shortname_scan.yml
similarity index 100%
rename from rules/web/web_iis_tilt_shortname_scan.yml
rename to rules/web/webserver/web_iis_tilt_shortname_scan.yml
diff --git a/rules/web/web_java_payload_in_access_logs.yml b/rules/web/webserver/web_java_payload_in_access_logs.yml
similarity index 100%
rename from rules/web/web_java_payload_in_access_logs.yml
rename to rules/web/webserver/web_java_payload_in_access_logs.yml
diff --git a/rules/web/web_jndi_exploit.yml b/rules/web/webserver/web_jndi_exploit.yml
similarity index 100%
rename from rules/web/web_jndi_exploit.yml
rename to rules/web/webserver/web_jndi_exploit.yml
diff --git a/rules/web/web_multiple_susp_resp_codes_single_source.yml b/rules/web/webserver/web_multiple_susp_resp_codes_single_source.yml
similarity index 100%
rename from rules/web/web_multiple_susp_resp_codes_single_source.yml
rename to rules/web/webserver/web_multiple_susp_resp_codes_single_source.yml
diff --git a/rules/web/web_nginx_core_dump.yml b/rules/web/webserver/web_nginx_core_dump.yml
similarity index 100%
rename from rules/web/web_nginx_core_dump.yml
rename to rules/web/webserver/web_nginx_core_dump.yml
diff --git a/rules/web/web_path_traversal_exploitation_attempt.yml b/rules/web/webserver/web_path_traversal_exploitation_attempt.yml
similarity index 100%
rename from rules/web/web_path_traversal_exploitation_attempt.yml
rename to rules/web/webserver/web_path_traversal_exploitation_attempt.yml
diff --git a/rules/web/web_solarwinds_supernova_webshell.yml b/rules/web/webserver/web_solarwinds_supernova_webshell.yml
similarity index 100%
rename from rules/web/web_solarwinds_supernova_webshell.yml
rename to rules/web/webserver/web_solarwinds_supernova_webshell.yml
diff --git a/rules/web/web_sonicwall_jarrewrite_exploit.yml b/rules/web/webserver/web_sonicwall_jarrewrite_exploit.yml
similarity index 100%
rename from rules/web/web_sonicwall_jarrewrite_exploit.yml
rename to rules/web/webserver/web_sonicwall_jarrewrite_exploit.yml
diff --git a/rules/web/web_source_code_enumeration.yml b/rules/web/webserver/web_source_code_enumeration.yml
similarity index 100%
rename from rules/web/web_source_code_enumeration.yml
rename to rules/web/webserver/web_source_code_enumeration.yml
diff --git a/rules/web/web_sql_injection_in_access_logs.yml b/rules/web/webserver/web_sql_injection_in_access_logs.yml
similarity index 100%
rename from rules/web/web_sql_injection_in_access_logs.yml
rename to rules/web/webserver/web_sql_injection_in_access_logs.yml
diff --git a/rules/web/web_ssti_in_access_logs.yml b/rules/web/webserver/web_ssti_in_access_logs.yml
similarity index 100%
rename from rules/web/web_ssti_in_access_logs.yml
rename to rules/web/webserver/web_ssti_in_access_logs.yml
diff --git a/rules/web/web_susp_useragents.yml b/rules/web/webserver/web_susp_useragents.yml
similarity index 100%
rename from rules/web/web_susp_useragents.yml
rename to rules/web/webserver/web_susp_useragents.yml
diff --git a/rules/web/web_susp_windows_path_uri.yml b/rules/web/webserver/web_susp_windows_path_uri.yml
similarity index 100%
rename from rules/web/web_susp_windows_path_uri.yml
rename to rules/web/webserver/web_susp_windows_path_uri.yml
diff --git a/rules/web/web_unc2546_dewmode_php_webshell.yml b/rules/web/webserver/web_unc2546_dewmode_php_webshell.yml
similarity index 100%
rename from rules/web/web_unc2546_dewmode_php_webshell.yml
rename to rules/web/webserver/web_unc2546_dewmode_php_webshell.yml
diff --git a/rules/web/web_webshell_regeorg.yml b/rules/web/webserver/web_webshell_regeorg.yml
similarity index 100%
rename from rules/web/web_webshell_regeorg.yml
rename to rules/web/webserver/web_webshell_regeorg.yml
diff --git a/rules/web/web_win_webshells_in_access_logs.yml b/rules/web/webserver/web_win_webshells_in_access_logs.yml
similarity index 100%
rename from rules/web/web_win_webshells_in_access_logs.yml
rename to rules/web/webserver/web_win_webshells_in_access_logs.yml
diff --git a/rules/web/web_xss_in_access_logs.yml b/rules/web/webserver/web_xss_in_access_logs.yml
similarity index 100%
rename from rules/web/web_xss_in_access_logs.yml
rename to rules/web/webserver/web_xss_in_access_logs.yml

From 8b321ba0b2da1cc734a28c6a4237c705a144f93d Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Tue, 31 Jan 2023 14:05:08 +0100
Subject: [PATCH 2/2] Order root rules folder

---
 rules/{ => web}/product/apache/web_apache_segfault.yml            | 0
 rules/{ => web}/product/apache/web_apache_threading_error.yml     | 0
 rules/{ => web}/product/modsecurity/modsec_mulitple_blocks.yml    | 0
 .../proxy_adv_ip_port_scanner_upd_check.yml                       | 0
 rules/web/{proxy => proxy_generic}/proxy_apt40.yml                | 0
 rules/web/{proxy => proxy_generic}/proxy_apt_domestic_kitten.yml  | 0
 rules/web/{proxy => proxy_generic}/proxy_baby_shark.yml           | 0
 rules/web/{proxy => proxy_generic}/proxy_chafer_malware.yml       | 0
 rules/web/{proxy => proxy_generic}/proxy_cobalt_amazon.yml        | 0
 rules/web/{proxy => proxy_generic}/proxy_cobalt_malformed_uas.yml | 0
 rules/web/{proxy => proxy_generic}/proxy_cobalt_ocsp.yml          | 0
 rules/web/{proxy => proxy_generic}/proxy_cobalt_onedrive.yml      | 0
 rules/web/{proxy => proxy_generic}/proxy_download_susp_dyndns.yml | 0
 .../proxy_download_susp_tlds_blacklist.yml                        | 0
 .../proxy_download_susp_tlds_whitelist.yml                        | 0
 .../web/{proxy => proxy_generic}/proxy_downloadcradle_webdav.yml  | 0
 rules/web/{proxy => proxy_generic}/proxy_empire_ua_uri_combos.yml | 0
 rules/web/{proxy => proxy_generic}/proxy_empty_ua.yml             | 0
 .../proxy_exchange_owassrf_exploitation.yml                       | 0
 .../proxy_exchange_owassrf_poc_exploitation.yml                   | 0
 rules/web/{proxy => proxy_generic}/proxy_ios_implant.yml          | 0
 rules/web/{proxy => proxy_generic}/proxy_java_class_download.yml  | 0
 rules/web/{proxy => proxy_generic}/proxy_powershell_ua.yml        | 0
 rules/web/{proxy => proxy_generic}/proxy_pwndrop.yml              | 0
 .../{proxy => proxy_generic}/proxy_raw_paste_service_access.yml   | 0
 .../{proxy => proxy_generic}/proxy_susp_flash_download_loc.yml    | 0
 rules/web/{proxy => proxy_generic}/proxy_telegram_api.yml         | 0
 rules/web/{proxy => proxy_generic}/proxy_turla_comrat.yml         | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_apt.yml               | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_bitsadmin_susp_ip.yml | 0
 .../web/{proxy => proxy_generic}/proxy_ua_bitsadmin_susp_tld.yml  | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_cryptominer.yml       | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_frameworks.yml        | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_hacktool.yml          | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_malware.yml           | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_rclone.yml            | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_susp.yml              | 0
 rules/web/{proxy => proxy_generic}/proxy_ua_susp_base64.yml       | 0
 .../web/{proxy => proxy_generic}/proxy_ursnif_malware_c2_url.yml  | 0
 .../proxy_ursnif_malware_download_url.yml                         | 0
 .../web_cve_2010_5278_exploitation_attempt.yml                    | 0
 .../web_cve_2014_6287_hfs_rce.yml                                 | 0
 .../web_cve_2018_13379_fortinet_preauth_read_exploit.yml          | 0
 .../web_cve_2018_2894_weblogic_exploit.yml                        | 0
 .../web_cve_2019_11510_pulsesecure_exploit.yml                    | 0
 .../web_cve_2019_19781_citrix_exploit.yml                         | 0
 .../web_cve_2019_3398_confluence.yml                              | 0
 .../web_cve_2020_0688_exchange_exploit.yml                        | 0
 .../web_cve_2020_0688_msexchange.yml                              | 0
 .../web_cve_2020_10148_solarwinds_exploit.yml                     | 0
 .../web_cve_2020_14882_weblogic_exploit.yml                       | 0
 .../web_cve_2020_28188_terramaster_rce_exploit.yml                | 0
 .../web_cve_2020_3452_cisco_asa_ftd.yml                           | 0
 .../web_cve_2020_5902_f5_bigip.yml                                | 0
 .../web_cve_2020_8193_8195_citrix_exploit.yml                     | 0
 .../web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml     | 0
 .../web_cve_2021_2109_weblogic_rce_exploit.yml                    | 0
 .../web_cve_2021_21972_vsphere_unauth_rce_exploit.yml             | 0
 .../web_cve_2021_21978_vmware_view_planner_exploit.yml            | 0
 .../web_cve_2021_22005_vmware_file_upload.yml                     | 0
 .../web_cve_2021_22123_fortinet_exploit.yml                       | 0
 .../web_cve_2021_22893_pulse_secure_rce_exploit.yml               | 0
 .../web_cve_2021_26084_confluence_rce_exploit.yml                 | 0
 .../web_cve_2021_26814_wzuh_rce.yml                               | 0
 .../web_cve_2021_26858_iis_rce.yml                                | 0
 .../web_cve_2021_27905_apache_solr_exploit.yml                    | 0
 .../web_cve_2021_28480_exchange_exploit.yml                       | 0
 .../web_cve_2021_33766_msexchange_proxytoken.yml                  | 0
 .../web_cve_2021_40539_adselfservice.yml                          | 0
 .../web_cve_2021_40539_manageengine_adselfservice_exploit.yml     | 0
 .../web_cve_2021_41773_apache_path_traversal.yml                  | 0
 .../web_cve_2021_42237_sitecore_report_ashx.yml                   | 0
 .../web_cve_2021_43798_grafana.yml                                | 0
 .../{webserver => webserver_generic}/web_cve_2021_44228_log4j.yml | 0
 .../web_cve_2021_44228_log4j_fields.yml                           | 0
 .../web_cve_2022_27925_exploit.yml                                | 0
 .../web_cve_2022_31656_auth_bypass.yml                            | 0
 .../web_cve_2022_31659_vmware_rce.yml                             | 0
 .../web_cve_2022_33891_spark_shell_command_injection.yml          | 0
 .../web_cve_2022_36804_atlassian_bitbucket_command_injection.yml  | 0
 .../web_cve_2022_44877_exploitation_attempt.yml                   | 0
 .../web_cve_2022_46169_cacti_exploitation_attempt.yml             | 0
 .../web_exchange_exploitation_hafnium.yml                         | 0
 .../web_exchange_owassrf_exploitation.yml                         | 0
 .../web_exchange_owassrf_poc_exploitation.yml                     | 0
 .../{webserver => webserver_generic}/web_exchange_proxyshell.yml  | 0
 .../web_exchange_proxyshell_successful.yml                        | 0
 .../web_iis_tilt_shortname_scan.yml                               | 0
 .../web_java_payload_in_access_logs.yml                           | 0
 rules/web/{webserver => webserver_generic}/web_jndi_exploit.yml   | 0
 .../web_multiple_susp_resp_codes_single_source.yml                | 0
 .../web/{webserver => webserver_generic}/web_nginx_core_dump.yml  | 0
 .../web_path_traversal_exploitation_attempt.yml                   | 0
 .../web_solarwinds_supernova_webshell.yml                         | 0
 .../web_sonicwall_jarrewrite_exploit.yml                          | 0
 .../web_source_code_enumeration.yml                               | 0
 .../web_sql_injection_in_access_logs.yml                          | 0
 .../{webserver => webserver_generic}/web_ssti_in_access_logs.yml  | 0
 .../web/{webserver => webserver_generic}/web_susp_useragents.yml  | 0
 .../web_susp_windows_path_uri.yml                                 | 0
 .../web_unc2546_dewmode_php_webshell.yml                          | 0
 .../web/{webserver => webserver_generic}/web_webshell_regeorg.yml | 0
 .../web_win_webshells_in_access_logs.yml                          | 0
 .../{webserver => webserver_generic}/web_xss_in_access_logs.yml   | 0
 104 files changed, 0 insertions(+), 0 deletions(-)
 rename rules/{ => web}/product/apache/web_apache_segfault.yml (100%)
 rename rules/{ => web}/product/apache/web_apache_threading_error.yml (100%)
 rename rules/{ => web}/product/modsecurity/modsec_mulitple_blocks.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_adv_ip_port_scanner_upd_check.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_apt40.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_apt_domestic_kitten.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_baby_shark.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_chafer_malware.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_cobalt_amazon.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_cobalt_malformed_uas.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_cobalt_ocsp.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_cobalt_onedrive.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_download_susp_dyndns.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_download_susp_tlds_blacklist.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_download_susp_tlds_whitelist.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_downloadcradle_webdav.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_empire_ua_uri_combos.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_empty_ua.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_exchange_owassrf_exploitation.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_exchange_owassrf_poc_exploitation.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ios_implant.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_java_class_download.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_powershell_ua.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_pwndrop.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_raw_paste_service_access.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_susp_flash_download_loc.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_telegram_api.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_turla_comrat.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_apt.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_bitsadmin_susp_ip.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_bitsadmin_susp_tld.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_cryptominer.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_frameworks.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_hacktool.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_malware.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_rclone.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_susp.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ua_susp_base64.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ursnif_malware_c2_url.yml (100%)
 rename rules/web/{proxy => proxy_generic}/proxy_ursnif_malware_download_url.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2010_5278_exploitation_attempt.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2014_6287_hfs_rce.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2018_13379_fortinet_preauth_read_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2018_2894_weblogic_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2019_11510_pulsesecure_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2019_19781_citrix_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2019_3398_confluence.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_0688_exchange_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_0688_msexchange.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_10148_solarwinds_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_14882_weblogic_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_28188_terramaster_rce_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_3452_cisco_asa_ftd.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_5902_f5_bigip.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2020_8193_8195_citrix_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_2109_weblogic_rce_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_21978_vmware_view_planner_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_22005_vmware_file_upload.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_22123_fortinet_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_22893_pulse_secure_rce_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_26084_confluence_rce_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_26814_wzuh_rce.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_26858_iis_rce.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_27905_apache_solr_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_28480_exchange_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_33766_msexchange_proxytoken.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_40539_adselfservice.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_40539_manageengine_adselfservice_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_41773_apache_path_traversal.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_42237_sitecore_report_ashx.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_43798_grafana.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_44228_log4j.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2021_44228_log4j_fields.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_27925_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_31656_auth_bypass.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_31659_vmware_rce.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_33891_spark_shell_command_injection.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_44877_exploitation_attempt.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_cve_2022_46169_cacti_exploitation_attempt.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_exchange_exploitation_hafnium.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_exchange_owassrf_exploitation.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_exchange_owassrf_poc_exploitation.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_exchange_proxyshell.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_exchange_proxyshell_successful.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_iis_tilt_shortname_scan.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_java_payload_in_access_logs.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_jndi_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_multiple_susp_resp_codes_single_source.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_nginx_core_dump.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_path_traversal_exploitation_attempt.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_solarwinds_supernova_webshell.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_sonicwall_jarrewrite_exploit.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_source_code_enumeration.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_sql_injection_in_access_logs.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_ssti_in_access_logs.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_susp_useragents.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_susp_windows_path_uri.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_unc2546_dewmode_php_webshell.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_webshell_regeorg.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_win_webshells_in_access_logs.yml (100%)
 rename rules/web/{webserver => webserver_generic}/web_xss_in_access_logs.yml (100%)

diff --git a/rules/product/apache/web_apache_segfault.yml b/rules/web/product/apache/web_apache_segfault.yml
similarity index 100%
rename from rules/product/apache/web_apache_segfault.yml
rename to rules/web/product/apache/web_apache_segfault.yml
diff --git a/rules/product/apache/web_apache_threading_error.yml b/rules/web/product/apache/web_apache_threading_error.yml
similarity index 100%
rename from rules/product/apache/web_apache_threading_error.yml
rename to rules/web/product/apache/web_apache_threading_error.yml
diff --git a/rules/product/modsecurity/modsec_mulitple_blocks.yml b/rules/web/product/modsecurity/modsec_mulitple_blocks.yml
similarity index 100%
rename from rules/product/modsecurity/modsec_mulitple_blocks.yml
rename to rules/web/product/modsecurity/modsec_mulitple_blocks.yml
diff --git a/rules/web/proxy/proxy_adv_ip_port_scanner_upd_check.yml b/rules/web/proxy_generic/proxy_adv_ip_port_scanner_upd_check.yml
similarity index 100%
rename from rules/web/proxy/proxy_adv_ip_port_scanner_upd_check.yml
rename to rules/web/proxy_generic/proxy_adv_ip_port_scanner_upd_check.yml
diff --git a/rules/web/proxy/proxy_apt40.yml b/rules/web/proxy_generic/proxy_apt40.yml
similarity index 100%
rename from rules/web/proxy/proxy_apt40.yml
rename to rules/web/proxy_generic/proxy_apt40.yml
diff --git a/rules/web/proxy/proxy_apt_domestic_kitten.yml b/rules/web/proxy_generic/proxy_apt_domestic_kitten.yml
similarity index 100%
rename from rules/web/proxy/proxy_apt_domestic_kitten.yml
rename to rules/web/proxy_generic/proxy_apt_domestic_kitten.yml
diff --git a/rules/web/proxy/proxy_baby_shark.yml b/rules/web/proxy_generic/proxy_baby_shark.yml
similarity index 100%
rename from rules/web/proxy/proxy_baby_shark.yml
rename to rules/web/proxy_generic/proxy_baby_shark.yml
diff --git a/rules/web/proxy/proxy_chafer_malware.yml b/rules/web/proxy_generic/proxy_chafer_malware.yml
similarity index 100%
rename from rules/web/proxy/proxy_chafer_malware.yml
rename to rules/web/proxy_generic/proxy_chafer_malware.yml
diff --git a/rules/web/proxy/proxy_cobalt_amazon.yml b/rules/web/proxy_generic/proxy_cobalt_amazon.yml
similarity index 100%
rename from rules/web/proxy/proxy_cobalt_amazon.yml
rename to rules/web/proxy_generic/proxy_cobalt_amazon.yml
diff --git a/rules/web/proxy/proxy_cobalt_malformed_uas.yml b/rules/web/proxy_generic/proxy_cobalt_malformed_uas.yml
similarity index 100%
rename from rules/web/proxy/proxy_cobalt_malformed_uas.yml
rename to rules/web/proxy_generic/proxy_cobalt_malformed_uas.yml
diff --git a/rules/web/proxy/proxy_cobalt_ocsp.yml b/rules/web/proxy_generic/proxy_cobalt_ocsp.yml
similarity index 100%
rename from rules/web/proxy/proxy_cobalt_ocsp.yml
rename to rules/web/proxy_generic/proxy_cobalt_ocsp.yml
diff --git a/rules/web/proxy/proxy_cobalt_onedrive.yml b/rules/web/proxy_generic/proxy_cobalt_onedrive.yml
similarity index 100%
rename from rules/web/proxy/proxy_cobalt_onedrive.yml
rename to rules/web/proxy_generic/proxy_cobalt_onedrive.yml
diff --git a/rules/web/proxy/proxy_download_susp_dyndns.yml b/rules/web/proxy_generic/proxy_download_susp_dyndns.yml
similarity index 100%
rename from rules/web/proxy/proxy_download_susp_dyndns.yml
rename to rules/web/proxy_generic/proxy_download_susp_dyndns.yml
diff --git a/rules/web/proxy/proxy_download_susp_tlds_blacklist.yml b/rules/web/proxy_generic/proxy_download_susp_tlds_blacklist.yml
similarity index 100%
rename from rules/web/proxy/proxy_download_susp_tlds_blacklist.yml
rename to rules/web/proxy_generic/proxy_download_susp_tlds_blacklist.yml
diff --git a/rules/web/proxy/proxy_download_susp_tlds_whitelist.yml b/rules/web/proxy_generic/proxy_download_susp_tlds_whitelist.yml
similarity index 100%
rename from rules/web/proxy/proxy_download_susp_tlds_whitelist.yml
rename to rules/web/proxy_generic/proxy_download_susp_tlds_whitelist.yml
diff --git a/rules/web/proxy/proxy_downloadcradle_webdav.yml b/rules/web/proxy_generic/proxy_downloadcradle_webdav.yml
similarity index 100%
rename from rules/web/proxy/proxy_downloadcradle_webdav.yml
rename to rules/web/proxy_generic/proxy_downloadcradle_webdav.yml
diff --git a/rules/web/proxy/proxy_empire_ua_uri_combos.yml b/rules/web/proxy_generic/proxy_empire_ua_uri_combos.yml
similarity index 100%
rename from rules/web/proxy/proxy_empire_ua_uri_combos.yml
rename to rules/web/proxy_generic/proxy_empire_ua_uri_combos.yml
diff --git a/rules/web/proxy/proxy_empty_ua.yml b/rules/web/proxy_generic/proxy_empty_ua.yml
similarity index 100%
rename from rules/web/proxy/proxy_empty_ua.yml
rename to rules/web/proxy_generic/proxy_empty_ua.yml
diff --git a/rules/web/proxy/proxy_exchange_owassrf_exploitation.yml b/rules/web/proxy_generic/proxy_exchange_owassrf_exploitation.yml
similarity index 100%
rename from rules/web/proxy/proxy_exchange_owassrf_exploitation.yml
rename to rules/web/proxy_generic/proxy_exchange_owassrf_exploitation.yml
diff --git a/rules/web/proxy/proxy_exchange_owassrf_poc_exploitation.yml b/rules/web/proxy_generic/proxy_exchange_owassrf_poc_exploitation.yml
similarity index 100%
rename from rules/web/proxy/proxy_exchange_owassrf_poc_exploitation.yml
rename to rules/web/proxy_generic/proxy_exchange_owassrf_poc_exploitation.yml
diff --git a/rules/web/proxy/proxy_ios_implant.yml b/rules/web/proxy_generic/proxy_ios_implant.yml
similarity index 100%
rename from rules/web/proxy/proxy_ios_implant.yml
rename to rules/web/proxy_generic/proxy_ios_implant.yml
diff --git a/rules/web/proxy/proxy_java_class_download.yml b/rules/web/proxy_generic/proxy_java_class_download.yml
similarity index 100%
rename from rules/web/proxy/proxy_java_class_download.yml
rename to rules/web/proxy_generic/proxy_java_class_download.yml
diff --git a/rules/web/proxy/proxy_powershell_ua.yml b/rules/web/proxy_generic/proxy_powershell_ua.yml
similarity index 100%
rename from rules/web/proxy/proxy_powershell_ua.yml
rename to rules/web/proxy_generic/proxy_powershell_ua.yml
diff --git a/rules/web/proxy/proxy_pwndrop.yml b/rules/web/proxy_generic/proxy_pwndrop.yml
similarity index 100%
rename from rules/web/proxy/proxy_pwndrop.yml
rename to rules/web/proxy_generic/proxy_pwndrop.yml
diff --git a/rules/web/proxy/proxy_raw_paste_service_access.yml b/rules/web/proxy_generic/proxy_raw_paste_service_access.yml
similarity index 100%
rename from rules/web/proxy/proxy_raw_paste_service_access.yml
rename to rules/web/proxy_generic/proxy_raw_paste_service_access.yml
diff --git a/rules/web/proxy/proxy_susp_flash_download_loc.yml b/rules/web/proxy_generic/proxy_susp_flash_download_loc.yml
similarity index 100%
rename from rules/web/proxy/proxy_susp_flash_download_loc.yml
rename to rules/web/proxy_generic/proxy_susp_flash_download_loc.yml
diff --git a/rules/web/proxy/proxy_telegram_api.yml b/rules/web/proxy_generic/proxy_telegram_api.yml
similarity index 100%
rename from rules/web/proxy/proxy_telegram_api.yml
rename to rules/web/proxy_generic/proxy_telegram_api.yml
diff --git a/rules/web/proxy/proxy_turla_comrat.yml b/rules/web/proxy_generic/proxy_turla_comrat.yml
similarity index 100%
rename from rules/web/proxy/proxy_turla_comrat.yml
rename to rules/web/proxy_generic/proxy_turla_comrat.yml
diff --git a/rules/web/proxy/proxy_ua_apt.yml b/rules/web/proxy_generic/proxy_ua_apt.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_apt.yml
rename to rules/web/proxy_generic/proxy_ua_apt.yml
diff --git a/rules/web/proxy/proxy_ua_bitsadmin_susp_ip.yml b/rules/web/proxy_generic/proxy_ua_bitsadmin_susp_ip.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_bitsadmin_susp_ip.yml
rename to rules/web/proxy_generic/proxy_ua_bitsadmin_susp_ip.yml
diff --git a/rules/web/proxy/proxy_ua_bitsadmin_susp_tld.yml b/rules/web/proxy_generic/proxy_ua_bitsadmin_susp_tld.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_bitsadmin_susp_tld.yml
rename to rules/web/proxy_generic/proxy_ua_bitsadmin_susp_tld.yml
diff --git a/rules/web/proxy/proxy_ua_cryptominer.yml b/rules/web/proxy_generic/proxy_ua_cryptominer.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_cryptominer.yml
rename to rules/web/proxy_generic/proxy_ua_cryptominer.yml
diff --git a/rules/web/proxy/proxy_ua_frameworks.yml b/rules/web/proxy_generic/proxy_ua_frameworks.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_frameworks.yml
rename to rules/web/proxy_generic/proxy_ua_frameworks.yml
diff --git a/rules/web/proxy/proxy_ua_hacktool.yml b/rules/web/proxy_generic/proxy_ua_hacktool.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_hacktool.yml
rename to rules/web/proxy_generic/proxy_ua_hacktool.yml
diff --git a/rules/web/proxy/proxy_ua_malware.yml b/rules/web/proxy_generic/proxy_ua_malware.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_malware.yml
rename to rules/web/proxy_generic/proxy_ua_malware.yml
diff --git a/rules/web/proxy/proxy_ua_rclone.yml b/rules/web/proxy_generic/proxy_ua_rclone.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_rclone.yml
rename to rules/web/proxy_generic/proxy_ua_rclone.yml
diff --git a/rules/web/proxy/proxy_ua_susp.yml b/rules/web/proxy_generic/proxy_ua_susp.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_susp.yml
rename to rules/web/proxy_generic/proxy_ua_susp.yml
diff --git a/rules/web/proxy/proxy_ua_susp_base64.yml b/rules/web/proxy_generic/proxy_ua_susp_base64.yml
similarity index 100%
rename from rules/web/proxy/proxy_ua_susp_base64.yml
rename to rules/web/proxy_generic/proxy_ua_susp_base64.yml
diff --git a/rules/web/proxy/proxy_ursnif_malware_c2_url.yml b/rules/web/proxy_generic/proxy_ursnif_malware_c2_url.yml
similarity index 100%
rename from rules/web/proxy/proxy_ursnif_malware_c2_url.yml
rename to rules/web/proxy_generic/proxy_ursnif_malware_c2_url.yml
diff --git a/rules/web/proxy/proxy_ursnif_malware_download_url.yml b/rules/web/proxy_generic/proxy_ursnif_malware_download_url.yml
similarity index 100%
rename from rules/web/proxy/proxy_ursnif_malware_download_url.yml
rename to rules/web/proxy_generic/proxy_ursnif_malware_download_url.yml
diff --git a/rules/web/webserver/web_cve_2010_5278_exploitation_attempt.yml b/rules/web/webserver_generic/web_cve_2010_5278_exploitation_attempt.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2010_5278_exploitation_attempt.yml
rename to rules/web/webserver_generic/web_cve_2010_5278_exploitation_attempt.yml
diff --git a/rules/web/webserver/web_cve_2014_6287_hfs_rce.yml b/rules/web/webserver_generic/web_cve_2014_6287_hfs_rce.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2014_6287_hfs_rce.yml
rename to rules/web/webserver_generic/web_cve_2014_6287_hfs_rce.yml
diff --git a/rules/web/webserver/web_cve_2018_13379_fortinet_preauth_read_exploit.yml b/rules/web/webserver_generic/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
rename to rules/web/webserver_generic/web_cve_2018_13379_fortinet_preauth_read_exploit.yml
diff --git a/rules/web/webserver/web_cve_2018_2894_weblogic_exploit.yml b/rules/web/webserver_generic/web_cve_2018_2894_weblogic_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2018_2894_weblogic_exploit.yml
rename to rules/web/webserver_generic/web_cve_2018_2894_weblogic_exploit.yml
diff --git a/rules/web/webserver/web_cve_2019_11510_pulsesecure_exploit.yml b/rules/web/webserver_generic/web_cve_2019_11510_pulsesecure_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2019_11510_pulsesecure_exploit.yml
rename to rules/web/webserver_generic/web_cve_2019_11510_pulsesecure_exploit.yml
diff --git a/rules/web/webserver/web_cve_2019_19781_citrix_exploit.yml b/rules/web/webserver_generic/web_cve_2019_19781_citrix_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2019_19781_citrix_exploit.yml
rename to rules/web/webserver_generic/web_cve_2019_19781_citrix_exploit.yml
diff --git a/rules/web/webserver/web_cve_2019_3398_confluence.yml b/rules/web/webserver_generic/web_cve_2019_3398_confluence.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2019_3398_confluence.yml
rename to rules/web/webserver_generic/web_cve_2019_3398_confluence.yml
diff --git a/rules/web/webserver/web_cve_2020_0688_exchange_exploit.yml b/rules/web/webserver_generic/web_cve_2020_0688_exchange_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_0688_exchange_exploit.yml
rename to rules/web/webserver_generic/web_cve_2020_0688_exchange_exploit.yml
diff --git a/rules/web/webserver/web_cve_2020_0688_msexchange.yml b/rules/web/webserver_generic/web_cve_2020_0688_msexchange.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_0688_msexchange.yml
rename to rules/web/webserver_generic/web_cve_2020_0688_msexchange.yml
diff --git a/rules/web/webserver/web_cve_2020_10148_solarwinds_exploit.yml b/rules/web/webserver_generic/web_cve_2020_10148_solarwinds_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_10148_solarwinds_exploit.yml
rename to rules/web/webserver_generic/web_cve_2020_10148_solarwinds_exploit.yml
diff --git a/rules/web/webserver/web_cve_2020_14882_weblogic_exploit.yml b/rules/web/webserver_generic/web_cve_2020_14882_weblogic_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_14882_weblogic_exploit.yml
rename to rules/web/webserver_generic/web_cve_2020_14882_weblogic_exploit.yml
diff --git a/rules/web/webserver/web_cve_2020_28188_terramaster_rce_exploit.yml b/rules/web/webserver_generic/web_cve_2020_28188_terramaster_rce_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_28188_terramaster_rce_exploit.yml
rename to rules/web/webserver_generic/web_cve_2020_28188_terramaster_rce_exploit.yml
diff --git a/rules/web/webserver/web_cve_2020_3452_cisco_asa_ftd.yml b/rules/web/webserver_generic/web_cve_2020_3452_cisco_asa_ftd.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_3452_cisco_asa_ftd.yml
rename to rules/web/webserver_generic/web_cve_2020_3452_cisco_asa_ftd.yml
diff --git a/rules/web/webserver/web_cve_2020_5902_f5_bigip.yml b/rules/web/webserver_generic/web_cve_2020_5902_f5_bigip.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_5902_f5_bigip.yml
rename to rules/web/webserver_generic/web_cve_2020_5902_f5_bigip.yml
diff --git a/rules/web/webserver/web_cve_2020_8193_8195_citrix_exploit.yml b/rules/web/webserver_generic/web_cve_2020_8193_8195_citrix_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2020_8193_8195_citrix_exploit.yml
rename to rules/web/webserver_generic/web_cve_2020_8193_8195_citrix_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml b/rules/web/webserver_generic/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_20090_2021_20091_arcadyan_router_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_2109_weblogic_rce_exploit.yml b/rules/web/webserver_generic/web_cve_2021_2109_weblogic_rce_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_2109_weblogic_rce_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_2109_weblogic_rce_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml b/rules/web/webserver_generic/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_21972_vsphere_unauth_rce_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_21978_vmware_view_planner_exploit.yml b/rules/web/webserver_generic/web_cve_2021_21978_vmware_view_planner_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_21978_vmware_view_planner_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_21978_vmware_view_planner_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_22005_vmware_file_upload.yml b/rules/web/webserver_generic/web_cve_2021_22005_vmware_file_upload.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_22005_vmware_file_upload.yml
rename to rules/web/webserver_generic/web_cve_2021_22005_vmware_file_upload.yml
diff --git a/rules/web/webserver/web_cve_2021_22123_fortinet_exploit.yml b/rules/web/webserver_generic/web_cve_2021_22123_fortinet_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_22123_fortinet_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_22123_fortinet_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_22893_pulse_secure_rce_exploit.yml b/rules/web/webserver_generic/web_cve_2021_22893_pulse_secure_rce_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_22893_pulse_secure_rce_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_22893_pulse_secure_rce_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_26084_confluence_rce_exploit.yml b/rules/web/webserver_generic/web_cve_2021_26084_confluence_rce_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_26084_confluence_rce_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_26084_confluence_rce_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_26814_wzuh_rce.yml b/rules/web/webserver_generic/web_cve_2021_26814_wzuh_rce.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_26814_wzuh_rce.yml
rename to rules/web/webserver_generic/web_cve_2021_26814_wzuh_rce.yml
diff --git a/rules/web/webserver/web_cve_2021_26858_iis_rce.yml b/rules/web/webserver_generic/web_cve_2021_26858_iis_rce.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_26858_iis_rce.yml
rename to rules/web/webserver_generic/web_cve_2021_26858_iis_rce.yml
diff --git a/rules/web/webserver/web_cve_2021_27905_apache_solr_exploit.yml b/rules/web/webserver_generic/web_cve_2021_27905_apache_solr_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_27905_apache_solr_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_27905_apache_solr_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_28480_exchange_exploit.yml b/rules/web/webserver_generic/web_cve_2021_28480_exchange_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_28480_exchange_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_28480_exchange_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_33766_msexchange_proxytoken.yml b/rules/web/webserver_generic/web_cve_2021_33766_msexchange_proxytoken.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_33766_msexchange_proxytoken.yml
rename to rules/web/webserver_generic/web_cve_2021_33766_msexchange_proxytoken.yml
diff --git a/rules/web/webserver/web_cve_2021_40539_adselfservice.yml b/rules/web/webserver_generic/web_cve_2021_40539_adselfservice.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_40539_adselfservice.yml
rename to rules/web/webserver_generic/web_cve_2021_40539_adselfservice.yml
diff --git a/rules/web/webserver/web_cve_2021_40539_manageengine_adselfservice_exploit.yml b/rules/web/webserver_generic/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
rename to rules/web/webserver_generic/web_cve_2021_40539_manageengine_adselfservice_exploit.yml
diff --git a/rules/web/webserver/web_cve_2021_41773_apache_path_traversal.yml b/rules/web/webserver_generic/web_cve_2021_41773_apache_path_traversal.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_41773_apache_path_traversal.yml
rename to rules/web/webserver_generic/web_cve_2021_41773_apache_path_traversal.yml
diff --git a/rules/web/webserver/web_cve_2021_42237_sitecore_report_ashx.yml b/rules/web/webserver_generic/web_cve_2021_42237_sitecore_report_ashx.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_42237_sitecore_report_ashx.yml
rename to rules/web/webserver_generic/web_cve_2021_42237_sitecore_report_ashx.yml
diff --git a/rules/web/webserver/web_cve_2021_43798_grafana.yml b/rules/web/webserver_generic/web_cve_2021_43798_grafana.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_43798_grafana.yml
rename to rules/web/webserver_generic/web_cve_2021_43798_grafana.yml
diff --git a/rules/web/webserver/web_cve_2021_44228_log4j.yml b/rules/web/webserver_generic/web_cve_2021_44228_log4j.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_44228_log4j.yml
rename to rules/web/webserver_generic/web_cve_2021_44228_log4j.yml
diff --git a/rules/web/webserver/web_cve_2021_44228_log4j_fields.yml b/rules/web/webserver_generic/web_cve_2021_44228_log4j_fields.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2021_44228_log4j_fields.yml
rename to rules/web/webserver_generic/web_cve_2021_44228_log4j_fields.yml
diff --git a/rules/web/webserver/web_cve_2022_27925_exploit.yml b/rules/web/webserver_generic/web_cve_2022_27925_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_27925_exploit.yml
rename to rules/web/webserver_generic/web_cve_2022_27925_exploit.yml
diff --git a/rules/web/webserver/web_cve_2022_31656_auth_bypass.yml b/rules/web/webserver_generic/web_cve_2022_31656_auth_bypass.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_31656_auth_bypass.yml
rename to rules/web/webserver_generic/web_cve_2022_31656_auth_bypass.yml
diff --git a/rules/web/webserver/web_cve_2022_31659_vmware_rce.yml b/rules/web/webserver_generic/web_cve_2022_31659_vmware_rce.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_31659_vmware_rce.yml
rename to rules/web/webserver_generic/web_cve_2022_31659_vmware_rce.yml
diff --git a/rules/web/webserver/web_cve_2022_33891_spark_shell_command_injection.yml b/rules/web/webserver_generic/web_cve_2022_33891_spark_shell_command_injection.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_33891_spark_shell_command_injection.yml
rename to rules/web/webserver_generic/web_cve_2022_33891_spark_shell_command_injection.yml
diff --git a/rules/web/webserver/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml b/rules/web/webserver_generic/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
rename to rules/web/webserver_generic/web_cve_2022_36804_atlassian_bitbucket_command_injection.yml
diff --git a/rules/web/webserver/web_cve_2022_44877_exploitation_attempt.yml b/rules/web/webserver_generic/web_cve_2022_44877_exploitation_attempt.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_44877_exploitation_attempt.yml
rename to rules/web/webserver_generic/web_cve_2022_44877_exploitation_attempt.yml
diff --git a/rules/web/webserver/web_cve_2022_46169_cacti_exploitation_attempt.yml b/rules/web/webserver_generic/web_cve_2022_46169_cacti_exploitation_attempt.yml
similarity index 100%
rename from rules/web/webserver/web_cve_2022_46169_cacti_exploitation_attempt.yml
rename to rules/web/webserver_generic/web_cve_2022_46169_cacti_exploitation_attempt.yml
diff --git a/rules/web/webserver/web_exchange_exploitation_hafnium.yml b/rules/web/webserver_generic/web_exchange_exploitation_hafnium.yml
similarity index 100%
rename from rules/web/webserver/web_exchange_exploitation_hafnium.yml
rename to rules/web/webserver_generic/web_exchange_exploitation_hafnium.yml
diff --git a/rules/web/webserver/web_exchange_owassrf_exploitation.yml b/rules/web/webserver_generic/web_exchange_owassrf_exploitation.yml
similarity index 100%
rename from rules/web/webserver/web_exchange_owassrf_exploitation.yml
rename to rules/web/webserver_generic/web_exchange_owassrf_exploitation.yml
diff --git a/rules/web/webserver/web_exchange_owassrf_poc_exploitation.yml b/rules/web/webserver_generic/web_exchange_owassrf_poc_exploitation.yml
similarity index 100%
rename from rules/web/webserver/web_exchange_owassrf_poc_exploitation.yml
rename to rules/web/webserver_generic/web_exchange_owassrf_poc_exploitation.yml
diff --git a/rules/web/webserver/web_exchange_proxyshell.yml b/rules/web/webserver_generic/web_exchange_proxyshell.yml
similarity index 100%
rename from rules/web/webserver/web_exchange_proxyshell.yml
rename to rules/web/webserver_generic/web_exchange_proxyshell.yml
diff --git a/rules/web/webserver/web_exchange_proxyshell_successful.yml b/rules/web/webserver_generic/web_exchange_proxyshell_successful.yml
similarity index 100%
rename from rules/web/webserver/web_exchange_proxyshell_successful.yml
rename to rules/web/webserver_generic/web_exchange_proxyshell_successful.yml
diff --git a/rules/web/webserver/web_iis_tilt_shortname_scan.yml b/rules/web/webserver_generic/web_iis_tilt_shortname_scan.yml
similarity index 100%
rename from rules/web/webserver/web_iis_tilt_shortname_scan.yml
rename to rules/web/webserver_generic/web_iis_tilt_shortname_scan.yml
diff --git a/rules/web/webserver/web_java_payload_in_access_logs.yml b/rules/web/webserver_generic/web_java_payload_in_access_logs.yml
similarity index 100%
rename from rules/web/webserver/web_java_payload_in_access_logs.yml
rename to rules/web/webserver_generic/web_java_payload_in_access_logs.yml
diff --git a/rules/web/webserver/web_jndi_exploit.yml b/rules/web/webserver_generic/web_jndi_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_jndi_exploit.yml
rename to rules/web/webserver_generic/web_jndi_exploit.yml
diff --git a/rules/web/webserver/web_multiple_susp_resp_codes_single_source.yml b/rules/web/webserver_generic/web_multiple_susp_resp_codes_single_source.yml
similarity index 100%
rename from rules/web/webserver/web_multiple_susp_resp_codes_single_source.yml
rename to rules/web/webserver_generic/web_multiple_susp_resp_codes_single_source.yml
diff --git a/rules/web/webserver/web_nginx_core_dump.yml b/rules/web/webserver_generic/web_nginx_core_dump.yml
similarity index 100%
rename from rules/web/webserver/web_nginx_core_dump.yml
rename to rules/web/webserver_generic/web_nginx_core_dump.yml
diff --git a/rules/web/webserver/web_path_traversal_exploitation_attempt.yml b/rules/web/webserver_generic/web_path_traversal_exploitation_attempt.yml
similarity index 100%
rename from rules/web/webserver/web_path_traversal_exploitation_attempt.yml
rename to rules/web/webserver_generic/web_path_traversal_exploitation_attempt.yml
diff --git a/rules/web/webserver/web_solarwinds_supernova_webshell.yml b/rules/web/webserver_generic/web_solarwinds_supernova_webshell.yml
similarity index 100%
rename from rules/web/webserver/web_solarwinds_supernova_webshell.yml
rename to rules/web/webserver_generic/web_solarwinds_supernova_webshell.yml
diff --git a/rules/web/webserver/web_sonicwall_jarrewrite_exploit.yml b/rules/web/webserver_generic/web_sonicwall_jarrewrite_exploit.yml
similarity index 100%
rename from rules/web/webserver/web_sonicwall_jarrewrite_exploit.yml
rename to rules/web/webserver_generic/web_sonicwall_jarrewrite_exploit.yml
diff --git a/rules/web/webserver/web_source_code_enumeration.yml b/rules/web/webserver_generic/web_source_code_enumeration.yml
similarity index 100%
rename from rules/web/webserver/web_source_code_enumeration.yml
rename to rules/web/webserver_generic/web_source_code_enumeration.yml
diff --git a/rules/web/webserver/web_sql_injection_in_access_logs.yml b/rules/web/webserver_generic/web_sql_injection_in_access_logs.yml
similarity index 100%
rename from rules/web/webserver/web_sql_injection_in_access_logs.yml
rename to rules/web/webserver_generic/web_sql_injection_in_access_logs.yml
diff --git a/rules/web/webserver/web_ssti_in_access_logs.yml b/rules/web/webserver_generic/web_ssti_in_access_logs.yml
similarity index 100%
rename from rules/web/webserver/web_ssti_in_access_logs.yml
rename to rules/web/webserver_generic/web_ssti_in_access_logs.yml
diff --git a/rules/web/webserver/web_susp_useragents.yml b/rules/web/webserver_generic/web_susp_useragents.yml
similarity index 100%
rename from rules/web/webserver/web_susp_useragents.yml
rename to rules/web/webserver_generic/web_susp_useragents.yml
diff --git a/rules/web/webserver/web_susp_windows_path_uri.yml b/rules/web/webserver_generic/web_susp_windows_path_uri.yml
similarity index 100%
rename from rules/web/webserver/web_susp_windows_path_uri.yml
rename to rules/web/webserver_generic/web_susp_windows_path_uri.yml
diff --git a/rules/web/webserver/web_unc2546_dewmode_php_webshell.yml b/rules/web/webserver_generic/web_unc2546_dewmode_php_webshell.yml
similarity index 100%
rename from rules/web/webserver/web_unc2546_dewmode_php_webshell.yml
rename to rules/web/webserver_generic/web_unc2546_dewmode_php_webshell.yml
diff --git a/rules/web/webserver/web_webshell_regeorg.yml b/rules/web/webserver_generic/web_webshell_regeorg.yml
similarity index 100%
rename from rules/web/webserver/web_webshell_regeorg.yml
rename to rules/web/webserver_generic/web_webshell_regeorg.yml
diff --git a/rules/web/webserver/web_win_webshells_in_access_logs.yml b/rules/web/webserver_generic/web_win_webshells_in_access_logs.yml
similarity index 100%
rename from rules/web/webserver/web_win_webshells_in_access_logs.yml
rename to rules/web/webserver_generic/web_win_webshells_in_access_logs.yml
diff --git a/rules/web/webserver/web_xss_in_access_logs.yml b/rules/web/webserver_generic/web_xss_in_access_logs.yml
similarity index 100%
rename from rules/web/webserver/web_xss_in_access_logs.yml
rename to rules/web/webserver_generic/web_xss_in_access_logs.yml