security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46c63094de79a6dc9f931e1faf94186a48f05542
blue-team-tools/rules/linux/modsecurity/modsec_mulitple_blocks.yml
T
Thomas Patzke 0592cbb67a Added UUIDs to rules
2019-11-12 23:12:27 +01:00

19 lines
543 B
YAML
Raw Blame History

title: Multiple Modsecurity Blocks
id: a06eea10-d932-4aa6-8ba9-186df72c8d23
description: Detects multiple blocks by the mod_security module (Web Application Firewall)
logsource:
product: linux
service: modsecurity
detection:
selection:
- 'mod_security: Access denied'
- 'ModSecurity: Access denied'
- 'mod_security-message: Access denied'
timeframe: 120m
condition: selection | count() > 6
falsepositives:
- Vulnerability scanners
- Frequent attacks if system faces Internet
level: medium
Reference in New Issue View Git Blame Copy Permalink