Added 'multiple_suspicious_response_codes_single_source' web rule

2017-01-11 00:39:26 +01:00
parent 97511f7c1e
commit e7d62f8fbe
1 changed files with 15 additions and 0 deletions
@@ -0,0 +1,15 @@
+title: Multiple suspicious Response Codes caused by Single Client
+description: Detects possible exploitation activity or bugs in a web application
+detection:
+    selection:
+        - log: web
+          response:
+              - 400
+              - 401
+              - 403
+              - 500
+    condition: selection | count() by clientip > 10
+falsepositives:
+    - Unstable application
+    - Application that misuses the response codes
+level: 60