security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/web/product/modsecurity/modsec_mulitple_blocks.yml
T
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag
2023-02-01 11:14:59 +01:00

24 lines
659 B
YAML
Raw Blame History

title: Multiple Modsecurity Blocks
id: a06eea10-d932-4aa6-8ba9-186df72c8d23
status: stable
description: Detects multiple blocks by the mod_security module (Web Application Firewall)
author: Florian Roth (Nextron Systems)
date: 2017/02/28
modified: 2023/01/07
tags:
- attack.impact
- attack.t1499
logsource:
product: modsecurity
detection:
selection:
- 'mod_security: Access denied'
- 'ModSecurity: Access denied'
- 'mod_security-message: Access denied'
timeframe: 120m
condition: selection | count() > 6
falsepositives:
- Vulnerability scanners
- Frequent attacks if system faces Internet
level: medium
Reference in New Issue View Git Blame Copy Permalink