security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da54e89f3045fdf23daa2dbdfd712aceb393ae90
blue-team-tools/rules/linux/modsecurity/modsec_mulitple_blocks.yml
T
Florian Roth e79e99c4aa fix: fixed missing date fields in remaining files
2020-01-30 16:07:37 +01:00

20 lines
579 B
YAML
Raw Blame History

title: Multiple Modsecurity Blocks
id: a06eea10-d932-4aa6-8ba9-186df72c8d23
description: Detects multiple blocks by the mod_security module (Web Application Firewall)
date: 2017/02/28
author: Florian Roth
logsource:
product: linux
service: modsecurity
detection:
selection:
- 'mod_security: Access denied'
- 'ModSecurity: Access denied'
- 'mod_security-message: Access denied'
timeframe: 120m
condition: selection | count() > 6
falsepositives:
- Vulnerability scanners
- Frequent attacks if system faces Internet
level: medium
Reference in New Issue View Git Blame Copy Permalink