datadog 2.7.1 → 2.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +353 -1
- data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
- data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +78 -102
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
- data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
- data/ext/datadog_profiling_native_extension/collectors_stack.c +235 -57
- data/ext/datadog_profiling_native_extension/collectors_stack.h +21 -5
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +376 -156
- data/ext/datadog_profiling_native_extension/collectors_thread_context.h +1 -0
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +14 -8
- data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
- data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
- data/ext/datadog_profiling_native_extension/heap_recorder.c +295 -532
- data/ext/datadog_profiling_native_extension/heap_recorder.h +6 -8
- data/ext/datadog_profiling_native_extension/http_transport.c +64 -98
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +22 -0
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +8 -5
- data/ext/datadog_profiling_native_extension/private_vm_api_access.c +69 -1
- data/ext/datadog_profiling_native_extension/private_vm_api_access.h +16 -4
- data/ext/datadog_profiling_native_extension/profiling.c +19 -8
- data/ext/datadog_profiling_native_extension/ruby_helpers.c +9 -21
- data/ext/datadog_profiling_native_extension/ruby_helpers.h +2 -10
- data/ext/datadog_profiling_native_extension/stack_recorder.c +231 -181
- data/ext/datadog_profiling_native_extension/stack_recorder.h +2 -2
- data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
- data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
- data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
- data/ext/libdatadog_api/crashtracker.c +17 -15
- data/ext/libdatadog_api/crashtracker.h +5 -0
- data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
- data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
- data/ext/libdatadog_api/extconf.rb +2 -2
- data/ext/libdatadog_api/init.c +15 -0
- data/ext/libdatadog_api/library_config.c +164 -0
- data/ext/libdatadog_api/library_config.h +25 -0
- data/ext/libdatadog_api/macos_development.md +3 -3
- data/ext/libdatadog_api/process_discovery.c +112 -0
- data/ext/libdatadog_api/process_discovery.h +5 -0
- data/ext/libdatadog_extconf_helpers.rb +2 -2
- data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
- data/lib/datadog/appsec/actions_handler.rb +49 -0
- data/lib/datadog/appsec/anonymizer.rb +16 -0
- data/lib/datadog/appsec/api_security/lru_cache.rb +56 -0
- data/lib/datadog/appsec/api_security/route_extractor.rb +65 -0
- data/lib/datadog/appsec/api_security/sampler.rb +59 -0
- data/lib/datadog/appsec/api_security.rb +23 -0
- data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +623 -253
- data/lib/datadog/appsec/assets/waf_rules/strict.json +69 -107
- data/lib/datadog/appsec/autoload.rb +1 -1
- data/lib/datadog/appsec/component.rb +49 -65
- data/lib/datadog/appsec/compressed_json.rb +40 -0
- data/lib/datadog/appsec/configuration/settings.rb +212 -27
- data/lib/datadog/appsec/context.rb +74 -0
- data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +92 -0
- data/lib/datadog/appsec/contrib/active_record/integration.rb +41 -0
- data/lib/datadog/appsec/contrib/active_record/patcher.rb +101 -0
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/devise/configuration.rb +52 -0
- data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
- data/lib/datadog/appsec/contrib/devise/patcher.rb +33 -25
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
- data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
- data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +3 -3
- data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
- data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
- data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
- data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +42 -0
- data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
- data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
- data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
- data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
- data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +41 -0
- data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb +1 -7
- data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +17 -30
- data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
- data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
- data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +78 -98
- data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
- data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +73 -78
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +16 -33
- data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/patcher.rb +25 -38
- data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
- data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
- data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +38 -0
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +31 -68
- data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +5 -31
- data/lib/datadog/appsec/event.rb +96 -135
- data/lib/datadog/appsec/ext.rb +12 -3
- data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
- data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
- data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
- data/lib/datadog/appsec/metrics/collector.rb +38 -0
- data/lib/datadog/appsec/metrics/exporter.rb +35 -0
- data/lib/datadog/appsec/metrics/telemetry.rb +23 -0
- data/lib/datadog/appsec/metrics.rb +13 -0
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +52 -32
- data/lib/datadog/appsec/processor/rule_loader.rb +30 -36
- data/lib/datadog/appsec/remote.rb +31 -57
- data/lib/datadog/appsec/response.rb +19 -85
- data/lib/datadog/appsec/security_engine/engine.rb +194 -0
- data/lib/datadog/appsec/security_engine/result.rb +67 -0
- data/lib/datadog/appsec/security_engine/runner.rb +87 -0
- data/lib/datadog/appsec/security_engine.rb +9 -0
- data/lib/datadog/appsec/security_event.rb +39 -0
- data/lib/datadog/appsec/utils.rb +0 -2
- data/lib/datadog/appsec.rb +22 -12
- data/lib/datadog/auto_instrument.rb +3 -0
- data/lib/datadog/core/buffer/random.rb +18 -2
- data/lib/datadog/core/configuration/agent_settings.rb +52 -0
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +4 -18
- data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
- data/lib/datadog/core/configuration/components.rb +74 -32
- data/lib/datadog/core/configuration/components_state.rb +23 -0
- data/lib/datadog/core/configuration/ext.rb +5 -1
- data/lib/datadog/core/configuration/option.rb +81 -45
- data/lib/datadog/core/configuration/option_definition.rb +6 -4
- data/lib/datadog/core/configuration/options.rb +3 -3
- data/lib/datadog/core/configuration/settings.rb +121 -50
- data/lib/datadog/core/configuration/stable_config.rb +22 -0
- data/lib/datadog/core/configuration.rb +43 -11
- data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
- data/lib/datadog/core/crashtracking/component.rb +4 -13
- data/lib/datadog/core/crashtracking/tag_builder.rb +4 -22
- data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
- data/lib/datadog/core/encoding.rb +17 -1
- data/lib/datadog/core/environment/agent_info.rb +78 -0
- data/lib/datadog/core/environment/cgroup.rb +10 -12
- data/lib/datadog/core/environment/container.rb +38 -40
- data/lib/datadog/core/environment/ext.rb +6 -6
- data/lib/datadog/core/environment/git.rb +1 -0
- data/lib/datadog/core/environment/identity.rb +3 -3
- data/lib/datadog/core/environment/platform.rb +3 -3
- data/lib/datadog/core/environment/variable_helpers.rb +1 -1
- data/lib/datadog/core/error.rb +11 -9
- data/lib/datadog/core/logger.rb +2 -2
- data/lib/datadog/core/metrics/client.rb +27 -27
- data/lib/datadog/core/metrics/logging.rb +5 -5
- data/lib/datadog/core/process_discovery/tracer_memfd.rb +15 -0
- data/lib/datadog/core/process_discovery.rb +36 -0
- data/lib/datadog/core/rate_limiter.rb +4 -2
- data/lib/datadog/core/remote/client/capabilities.rb +6 -0
- data/lib/datadog/core/remote/client.rb +107 -92
- data/lib/datadog/core/remote/component.rb +18 -19
- data/lib/datadog/core/remote/configuration/digest.rb +7 -7
- data/lib/datadog/core/remote/configuration/path.rb +1 -1
- data/lib/datadog/core/remote/configuration/repository.rb +14 -1
- data/lib/datadog/core/remote/negotiation.rb +9 -9
- data/lib/datadog/core/remote/transport/config.rb +4 -3
- data/lib/datadog/core/remote/transport/http/api.rb +13 -18
- data/lib/datadog/core/remote/transport/http/client.rb +5 -4
- data/lib/datadog/core/remote/transport/http/config.rb +27 -55
- data/lib/datadog/core/remote/transport/http/negotiation.rb +8 -51
- data/lib/datadog/core/remote/transport/http.rb +25 -94
- data/lib/datadog/core/remote/transport/negotiation.rb +17 -4
- data/lib/datadog/core/remote/worker.rb +10 -7
- data/lib/datadog/core/runtime/metrics.rb +12 -5
- data/lib/datadog/core/tag_builder.rb +56 -0
- data/lib/datadog/core/telemetry/component.rb +84 -49
- data/lib/datadog/core/telemetry/emitter.rb +23 -11
- data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +66 -0
- data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
- data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
- data/lib/datadog/core/telemetry/event/app_started.rb +269 -0
- data/lib/datadog/core/telemetry/event/base.rb +40 -0
- data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
- data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
- data/lib/datadog/core/telemetry/event/log.rb +76 -0
- data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
- data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
- data/lib/datadog/core/telemetry/event.rb +17 -383
- data/lib/datadog/core/telemetry/ext.rb +1 -0
- data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
- data/lib/datadog/core/telemetry/logger.rb +5 -4
- data/lib/datadog/core/telemetry/logging.rb +12 -6
- data/lib/datadog/core/telemetry/metric.rb +28 -6
- data/lib/datadog/core/telemetry/request.rb +4 -4
- data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
- data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
- data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
- data/lib/datadog/core/telemetry/transport/http.rb +63 -0
- data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
- data/lib/datadog/core/telemetry/worker.rb +128 -25
- data/lib/datadog/core/transport/http/adapters/net.rb +17 -2
- data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
- data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
- data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +18 -1
- data/lib/datadog/core/transport/http/api/spec.rb +36 -0
- data/lib/datadog/{tracing → core}/transport/http/builder.rb +53 -31
- data/lib/datadog/core/transport/http/env.rb +8 -0
- data/lib/datadog/core/transport/http.rb +75 -0
- data/lib/datadog/core/transport/response.rb +4 -0
- data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
- data/lib/datadog/core/utils/duration.rb +32 -32
- data/lib/datadog/core/utils/forking.rb +2 -2
- data/lib/datadog/core/utils/network.rb +6 -6
- data/lib/datadog/core/utils/only_once_successful.rb +16 -5
- data/lib/datadog/core/utils/time.rb +20 -0
- data/lib/datadog/core/utils/truncation.rb +21 -0
- data/lib/datadog/core/utils.rb +7 -0
- data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
- data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
- data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
- data/lib/datadog/core/worker.rb +1 -1
- data/lib/datadog/core/workers/async.rb +29 -12
- data/lib/datadog/core/workers/interval_loop.rb +12 -1
- data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
- data/lib/datadog/core.rb +8 -0
- data/lib/datadog/di/base.rb +115 -0
- data/lib/datadog/di/boot.rb +34 -0
- data/lib/datadog/di/code_tracker.rb +26 -15
- data/lib/datadog/di/component.rb +23 -14
- data/lib/datadog/di/configuration/settings.rb +25 -1
- data/lib/datadog/di/contrib/active_record.rb +1 -0
- data/lib/datadog/di/contrib/railtie.rb +15 -0
- data/lib/datadog/di/contrib.rb +28 -0
- data/lib/datadog/di/error.rb +5 -0
- data/lib/datadog/di/instrumenter.rb +162 -21
- data/lib/datadog/di/logger.rb +30 -0
- data/lib/datadog/di/preload.rb +18 -0
- data/lib/datadog/di/probe.rb +14 -7
- data/lib/datadog/di/probe_builder.rb +1 -0
- data/lib/datadog/di/probe_manager.rb +11 -5
- data/lib/datadog/di/probe_notification_builder.rb +54 -38
- data/lib/datadog/di/probe_notifier_worker.rb +60 -26
- data/lib/datadog/di/redactor.rb +0 -1
- data/lib/datadog/di/remote.rb +147 -0
- data/lib/datadog/di/serializer.rb +19 -8
- data/lib/datadog/di/transport/diagnostics.rb +62 -0
- data/lib/datadog/di/transport/http/api.rb +42 -0
- data/lib/datadog/di/transport/http/client.rb +47 -0
- data/lib/datadog/di/transport/http/diagnostics.rb +65 -0
- data/lib/datadog/di/transport/http/input.rb +77 -0
- data/lib/datadog/di/transport/http.rb +57 -0
- data/lib/datadog/di/transport/input.rb +70 -0
- data/lib/datadog/di/utils.rb +103 -0
- data/lib/datadog/di.rb +14 -76
- data/lib/datadog/error_tracking/collector.rb +87 -0
- data/lib/datadog/error_tracking/component.rb +167 -0
- data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
- data/lib/datadog/error_tracking/configuration.rb +11 -0
- data/lib/datadog/error_tracking/ext.rb +18 -0
- data/lib/datadog/error_tracking/extensions.rb +16 -0
- data/lib/datadog/error_tracking/filters.rb +77 -0
- data/lib/datadog/error_tracking.rb +18 -0
- data/lib/datadog/kit/appsec/events.rb +15 -3
- data/lib/datadog/kit/identity.rb +9 -5
- data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
- data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
- data/lib/datadog/opentelemetry/api/context.rb +16 -2
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
- data/lib/datadog/opentelemetry.rb +2 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +18 -9
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +4 -0
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -0
- data/lib/datadog/profiling/collectors/info.rb +3 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
- data/lib/datadog/profiling/component.rb +64 -82
- data/lib/datadog/profiling/encoded_profile.rb +11 -0
- data/lib/datadog/profiling/exporter.rb +3 -4
- data/lib/datadog/profiling/ext.rb +0 -14
- data/lib/datadog/profiling/flush.rb +5 -8
- data/lib/datadog/profiling/http_transport.rb +8 -87
- data/lib/datadog/profiling/load_native_extension.rb +1 -33
- data/lib/datadog/profiling/profiler.rb +2 -0
- data/lib/datadog/profiling/scheduler.rb +10 -2
- data/lib/datadog/profiling/stack_recorder.rb +9 -9
- data/lib/datadog/profiling/tag_builder.rb +5 -41
- data/lib/datadog/profiling/tasks/setup.rb +2 -0
- data/lib/datadog/profiling.rb +6 -2
- data/lib/datadog/tracing/analytics.rb +1 -1
- data/lib/datadog/tracing/component.rb +16 -12
- data/lib/datadog/tracing/configuration/ext.rb +8 -1
- data/lib/datadog/tracing/configuration/settings.rb +22 -10
- data/lib/datadog/tracing/context_provider.rb +1 -1
- data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
- data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
- data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +15 -0
- data/lib/datadog/tracing/contrib/action_pack/action_dispatch/instrumentation.rb +19 -12
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
- data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
- data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
- data/lib/datadog/tracing/contrib/active_record/integration.rb +7 -3
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +7 -2
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +36 -1
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
- data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +14 -4
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
- data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
- data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
- data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +4 -0
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +6 -1
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
- data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/extensions.rb +29 -3
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
- data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
- data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
- data/lib/datadog/tracing/contrib/http/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
- data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
- data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
- data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
- data/lib/datadog/tracing/contrib/karafka.rb +37 -0
- data/lib/datadog/tracing/contrib/lograge/patcher.rb +4 -2
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
- data/lib/datadog/tracing/contrib/patcher.rb +5 -2
- data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
- data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
- data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
- data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
- data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +5 -2
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
- data/lib/datadog/tracing/contrib/support.rb +28 -0
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/correlation.rb +9 -2
- data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
- data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
- data/lib/datadog/tracing/distributed/baggage.rb +131 -0
- data/lib/datadog/tracing/distributed/datadog.rb +4 -2
- data/lib/datadog/tracing/distributed/propagation.rb +25 -4
- data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
- data/lib/datadog/tracing/metadata/errors.rb +4 -4
- data/lib/datadog/tracing/metadata/ext.rb +5 -0
- data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
- data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
- data/lib/datadog/tracing/metadata.rb +2 -0
- data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
- data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
- data/lib/datadog/tracing/span.rb +22 -5
- data/lib/datadog/tracing/span_event.rb +124 -4
- data/lib/datadog/tracing/span_operation.rb +52 -16
- data/lib/datadog/tracing/sync_writer.rb +10 -6
- data/lib/datadog/tracing/trace_digest.rb +9 -2
- data/lib/datadog/tracing/trace_operation.rb +55 -27
- data/lib/datadog/tracing/trace_segment.rb +6 -4
- data/lib/datadog/tracing/tracer.rb +66 -14
- data/lib/datadog/tracing/transport/http/api.rb +5 -4
- data/lib/datadog/tracing/transport/http/client.rb +5 -4
- data/lib/datadog/tracing/transport/http/traces.rb +13 -44
- data/lib/datadog/tracing/transport/http.rb +13 -70
- data/lib/datadog/tracing/transport/serializable_trace.rb +31 -7
- data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
- data/lib/datadog/tracing/transport/traces.rb +47 -13
- data/lib/datadog/tracing/utils.rb +1 -1
- data/lib/datadog/tracing/workers/trace_writer.rb +8 -5
- data/lib/datadog/tracing/workers.rb +5 -4
- data/lib/datadog/tracing/writer.rb +10 -6
- data/lib/datadog/tracing.rb +16 -3
- data/lib/datadog/version.rb +2 -2
- data/lib/datadog.rb +2 -0
- metadata +149 -54
- data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
- data/ext/datadog_profiling_loader/extconf.rb +0 -60
- data/lib/datadog/appsec/assets/waf_rules/processors.json +0 -92
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +0 -114
- data/lib/datadog/appsec/contrib/devise/event.rb +0 -57
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -77
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -54
- data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
- data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
- data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
- data/lib/datadog/appsec/contrib/patcher.rb +0 -12
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
- data/lib/datadog/appsec/contrib/sinatra/ext.rb +0 -14
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
- data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
- data/lib/datadog/appsec/processor/actions.rb +0 -49
- data/lib/datadog/appsec/processor/context.rb +0 -107
- data/lib/datadog/appsec/processor/rule_merger.rb +0 -170
- data/lib/datadog/appsec/processor.rb +0 -106
- data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
- data/lib/datadog/appsec/reactive/engine.rb +0 -47
- data/lib/datadog/appsec/reactive/operation.rb +0 -68
- data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
- data/lib/datadog/appsec/scope.rb +0 -58
- data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
- data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
- data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
- data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
- data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
- data/lib/datadog/core/telemetry/http/env.rb +0 -20
- data/lib/datadog/core/telemetry/http/ext.rb +0 -28
- data/lib/datadog/core/telemetry/http/response.rb +0 -70
- data/lib/datadog/core/telemetry/http/transport.rb +0 -90
- data/lib/datadog/di/transport.rb +0 -81
- data/lib/datadog/tracing/transport/http/api/spec.rb +0 -19
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.
|
|
4
|
+
"rules_version": "1.14.2"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -9,7 +9,8 @@
|
|
|
9
9
|
"name": "Block IP Addresses",
|
|
10
10
|
"tags": {
|
|
11
11
|
"type": "block_ip",
|
|
12
|
-
"category": "security_response"
|
|
12
|
+
"category": "security_response",
|
|
13
|
+
"module": "network-acl"
|
|
13
14
|
},
|
|
14
15
|
"conditions": [
|
|
15
16
|
{
|
|
@@ -34,7 +35,8 @@
|
|
|
34
35
|
"name": "Block User Addresses",
|
|
35
36
|
"tags": {
|
|
36
37
|
"type": "block_user",
|
|
37
|
-
"category": "security_response"
|
|
38
|
+
"category": "security_response",
|
|
39
|
+
"module": "authentication-acl"
|
|
38
40
|
},
|
|
39
41
|
"conditions": [
|
|
40
42
|
{
|
|
@@ -64,7 +66,8 @@
|
|
|
64
66
|
"tool_name": "Acunetix",
|
|
65
67
|
"cwe": "200",
|
|
66
68
|
"capec": "1000/118/169",
|
|
67
|
-
"confidence": "0"
|
|
69
|
+
"confidence": "0",
|
|
70
|
+
"module": "waf"
|
|
68
71
|
},
|
|
69
72
|
"conditions": [
|
|
70
73
|
{
|
|
@@ -98,7 +101,8 @@
|
|
|
98
101
|
"category": "attack_attempt",
|
|
99
102
|
"cwe": "200",
|
|
100
103
|
"capec": "1000/118/169",
|
|
101
|
-
"confidence": "1"
|
|
104
|
+
"confidence": "1",
|
|
105
|
+
"module": "waf"
|
|
102
106
|
},
|
|
103
107
|
"conditions": [
|
|
104
108
|
{
|
|
@@ -162,7 +166,8 @@
|
|
|
162
166
|
"category": "attack_attempt",
|
|
163
167
|
"cwe": "176",
|
|
164
168
|
"capec": "1000/255/153/267/71",
|
|
165
|
-
"confidence": "0"
|
|
169
|
+
"confidence": "0",
|
|
170
|
+
"module": "waf"
|
|
166
171
|
},
|
|
167
172
|
"conditions": [
|
|
168
173
|
{
|
|
@@ -191,7 +196,8 @@
|
|
|
191
196
|
"crs_id": "921110",
|
|
192
197
|
"category": "attack_attempt",
|
|
193
198
|
"cwe": "444",
|
|
194
|
-
"capec": "1000/210/272/220/33"
|
|
199
|
+
"capec": "1000/210/272/220/33",
|
|
200
|
+
"module": "waf"
|
|
195
201
|
},
|
|
196
202
|
"conditions": [
|
|
197
203
|
{
|
|
@@ -228,7 +234,8 @@
|
|
|
228
234
|
"crs_id": "921160",
|
|
229
235
|
"category": "attack_attempt",
|
|
230
236
|
"cwe": "113",
|
|
231
|
-
"capec": "1000/210/272/220/105"
|
|
237
|
+
"capec": "1000/210/272/220/105",
|
|
238
|
+
"module": "waf"
|
|
232
239
|
},
|
|
233
240
|
"conditions": [
|
|
234
241
|
{
|
|
@@ -263,7 +270,8 @@
|
|
|
263
270
|
"category": "attack_attempt",
|
|
264
271
|
"cwe": "22",
|
|
265
272
|
"capec": "1000/255/153/126",
|
|
266
|
-
"confidence": "1"
|
|
273
|
+
"confidence": "1",
|
|
274
|
+
"module": "waf"
|
|
267
275
|
},
|
|
268
276
|
"conditions": [
|
|
269
277
|
{
|
|
@@ -297,7 +305,8 @@
|
|
|
297
305
|
"category": "attack_attempt",
|
|
298
306
|
"cwe": "22",
|
|
299
307
|
"capec": "1000/255/153/126",
|
|
300
|
-
"confidence": "1"
|
|
308
|
+
"confidence": "1",
|
|
309
|
+
"module": "waf"
|
|
301
310
|
},
|
|
302
311
|
"conditions": [
|
|
303
312
|
{
|
|
@@ -1803,7 +1812,8 @@
|
|
|
1803
1812
|
"category": "attack_attempt",
|
|
1804
1813
|
"cwe": "98",
|
|
1805
1814
|
"capec": "1000/152/175/253/193",
|
|
1806
|
-
"confidence": "1"
|
|
1815
|
+
"confidence": "1",
|
|
1816
|
+
"module": "waf"
|
|
1807
1817
|
},
|
|
1808
1818
|
"conditions": [
|
|
1809
1819
|
{
|
|
@@ -1831,7 +1841,8 @@
|
|
|
1831
1841
|
"crs_id": "931120",
|
|
1832
1842
|
"category": "attack_attempt",
|
|
1833
1843
|
"cwe": "98",
|
|
1834
|
-
"capec": "1000/152/175/253/193"
|
|
1844
|
+
"capec": "1000/152/175/253/193",
|
|
1845
|
+
"module": "waf"
|
|
1835
1846
|
},
|
|
1836
1847
|
"conditions": [
|
|
1837
1848
|
{
|
|
@@ -1876,7 +1887,8 @@
|
|
|
1876
1887
|
"category": "attack_attempt",
|
|
1877
1888
|
"cwe": "77",
|
|
1878
1889
|
"capec": "1000/152/248/88",
|
|
1879
|
-
"confidence": "1"
|
|
1890
|
+
"confidence": "1",
|
|
1891
|
+
"module": "waf"
|
|
1880
1892
|
},
|
|
1881
1893
|
"conditions": [
|
|
1882
1894
|
{
|
|
@@ -2388,7 +2400,8 @@
|
|
|
2388
2400
|
"category": "attack_attempt",
|
|
2389
2401
|
"cwe": "77",
|
|
2390
2402
|
"capec": "1000/152/248/88",
|
|
2391
|
-
"confidence": "1"
|
|
2403
|
+
"confidence": "1",
|
|
2404
|
+
"module": "waf"
|
|
2392
2405
|
},
|
|
2393
2406
|
"conditions": [
|
|
2394
2407
|
{
|
|
@@ -2436,7 +2449,8 @@
|
|
|
2436
2449
|
"category": "attack_attempt",
|
|
2437
2450
|
"cwe": "706",
|
|
2438
2451
|
"capec": "1000/225/122/17/177",
|
|
2439
|
-
"confidence": "1"
|
|
2452
|
+
"confidence": "1",
|
|
2453
|
+
"module": "waf"
|
|
2440
2454
|
},
|
|
2441
2455
|
"conditions": [
|
|
2442
2456
|
{
|
|
@@ -2500,7 +2514,8 @@
|
|
|
2500
2514
|
"category": "attack_attempt",
|
|
2501
2515
|
"cwe": "434",
|
|
2502
2516
|
"capec": "1000/225/122/17/650",
|
|
2503
|
-
"confidence": "1"
|
|
2517
|
+
"confidence": "1",
|
|
2518
|
+
"module": "waf"
|
|
2504
2519
|
},
|
|
2505
2520
|
"conditions": [
|
|
2506
2521
|
{
|
|
@@ -2553,7 +2568,8 @@
|
|
|
2553
2568
|
"category": "attack_attempt",
|
|
2554
2569
|
"cwe": "94",
|
|
2555
2570
|
"capec": "1000/225/122/17/650",
|
|
2556
|
-
"confidence": "1"
|
|
2571
|
+
"confidence": "1",
|
|
2572
|
+
"module": "waf"
|
|
2557
2573
|
},
|
|
2558
2574
|
"conditions": [
|
|
2559
2575
|
{
|
|
@@ -2620,7 +2636,8 @@
|
|
|
2620
2636
|
"crs_id": "933131",
|
|
2621
2637
|
"category": "attack_attempt",
|
|
2622
2638
|
"cwe": "94",
|
|
2623
|
-
"capec": "1000/225/122/17/650"
|
|
2639
|
+
"capec": "1000/225/122/17/650",
|
|
2640
|
+
"module": "waf"
|
|
2624
2641
|
},
|
|
2625
2642
|
"conditions": [
|
|
2626
2643
|
{
|
|
@@ -2665,7 +2682,8 @@
|
|
|
2665
2682
|
"category": "attack_attempt",
|
|
2666
2683
|
"cwe": "94",
|
|
2667
2684
|
"capec": "1000/225/122/17/650",
|
|
2668
|
-
"confidence": "1"
|
|
2685
|
+
"confidence": "1",
|
|
2686
|
+
"module": "waf"
|
|
2669
2687
|
},
|
|
2670
2688
|
"conditions": [
|
|
2671
2689
|
{
|
|
@@ -2709,7 +2727,8 @@
|
|
|
2709
2727
|
"category": "attack_attempt",
|
|
2710
2728
|
"cwe": "94",
|
|
2711
2729
|
"capec": "1000/225/122/17/650",
|
|
2712
|
-
"confidence": "1"
|
|
2730
|
+
"confidence": "1",
|
|
2731
|
+
"module": "waf"
|
|
2713
2732
|
},
|
|
2714
2733
|
"conditions": [
|
|
2715
2734
|
{
|
|
@@ -2799,7 +2818,8 @@
|
|
|
2799
2818
|
"crs_id": "933160",
|
|
2800
2819
|
"category": "attack_attempt",
|
|
2801
2820
|
"cwe": "94",
|
|
2802
|
-
"capec": "1000/225/122/17/650"
|
|
2821
|
+
"capec": "1000/225/122/17/650",
|
|
2822
|
+
"module": "waf"
|
|
2803
2823
|
},
|
|
2804
2824
|
"conditions": [
|
|
2805
2825
|
{
|
|
@@ -2824,7 +2844,7 @@
|
|
|
2824
2844
|
"address": "graphql.server.resolver"
|
|
2825
2845
|
}
|
|
2826
2846
|
],
|
|
2827
|
-
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
|
|
2847
|
+
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)\\s*(?:[;\\.)}\\]|\\\\]|\\?>|%>|$)",
|
|
2828
2848
|
"options": {
|
|
2829
2849
|
"case_sensitive": true,
|
|
2830
2850
|
"min_length": 5
|
|
@@ -2844,7 +2864,8 @@
|
|
|
2844
2864
|
"category": "attack_attempt",
|
|
2845
2865
|
"cwe": "502",
|
|
2846
2866
|
"capec": "1000/152/586",
|
|
2847
|
-
"confidence": "1"
|
|
2867
|
+
"confidence": "1",
|
|
2868
|
+
"module": "waf"
|
|
2848
2869
|
},
|
|
2849
2870
|
"conditions": [
|
|
2850
2871
|
{
|
|
@@ -2891,7 +2912,8 @@
|
|
|
2891
2912
|
"crs_id": "933200",
|
|
2892
2913
|
"category": "attack_attempt",
|
|
2893
2914
|
"cwe": "502",
|
|
2894
|
-
"capec": "1000/152/586"
|
|
2915
|
+
"capec": "1000/152/586",
|
|
2916
|
+
"module": "waf"
|
|
2895
2917
|
},
|
|
2896
2918
|
"conditions": [
|
|
2897
2919
|
{
|
|
@@ -2937,7 +2959,8 @@
|
|
|
2937
2959
|
"crs_id": "934100",
|
|
2938
2960
|
"category": "attack_attempt",
|
|
2939
2961
|
"cwe": "94",
|
|
2940
|
-
"capec": "1000/152/242"
|
|
2962
|
+
"capec": "1000/152/242",
|
|
2963
|
+
"module": "waf"
|
|
2941
2964
|
},
|
|
2942
2965
|
"conditions": [
|
|
2943
2966
|
{
|
|
@@ -2982,7 +3005,8 @@
|
|
|
2982
3005
|
"category": "attack_attempt",
|
|
2983
3006
|
"confidence": "1",
|
|
2984
3007
|
"cwe": "94",
|
|
2985
|
-
"capec": "1000/152/242"
|
|
3008
|
+
"capec": "1000/152/242",
|
|
3009
|
+
"module": "waf"
|
|
2986
3010
|
},
|
|
2987
3011
|
"conditions": [
|
|
2988
3012
|
{
|
|
@@ -3024,7 +3048,8 @@
|
|
|
3024
3048
|
"category": "attack_attempt",
|
|
3025
3049
|
"cwe": "80",
|
|
3026
3050
|
"capec": "1000/152/242/63/591",
|
|
3027
|
-
"confidence": "1"
|
|
3051
|
+
"confidence": "1",
|
|
3052
|
+
"module": "waf"
|
|
3028
3053
|
},
|
|
3029
3054
|
"conditions": [
|
|
3030
3055
|
{
|
|
@@ -3081,7 +3106,8 @@
|
|
|
3081
3106
|
"category": "attack_attempt",
|
|
3082
3107
|
"cwe": "83",
|
|
3083
3108
|
"capec": "1000/152/242/63/591/243",
|
|
3084
|
-
"confidence": "1"
|
|
3109
|
+
"confidence": "1",
|
|
3110
|
+
"module": "waf"
|
|
3085
3111
|
},
|
|
3086
3112
|
"conditions": [
|
|
3087
3113
|
{
|
|
@@ -3140,7 +3166,8 @@
|
|
|
3140
3166
|
"category": "attack_attempt",
|
|
3141
3167
|
"cwe": "84",
|
|
3142
3168
|
"capec": "1000/152/242/63/591/244",
|
|
3143
|
-
"confidence": "1"
|
|
3169
|
+
"confidence": "1",
|
|
3170
|
+
"module": "waf"
|
|
3144
3171
|
},
|
|
3145
3172
|
"conditions": [
|
|
3146
3173
|
{
|
|
@@ -3199,7 +3226,8 @@
|
|
|
3199
3226
|
"category": "attack_attempt",
|
|
3200
3227
|
"cwe": "83",
|
|
3201
3228
|
"capec": "1000/152/242/63/591/243",
|
|
3202
|
-
"confidence": "1"
|
|
3229
|
+
"confidence": "1",
|
|
3230
|
+
"module": "waf"
|
|
3203
3231
|
},
|
|
3204
3232
|
"conditions": [
|
|
3205
3233
|
{
|
|
@@ -3257,7 +3285,8 @@
|
|
|
3257
3285
|
"crs_id": "941180",
|
|
3258
3286
|
"category": "attack_attempt",
|
|
3259
3287
|
"cwe": "79",
|
|
3260
|
-
"capec": "1000/152/242/63/591"
|
|
3288
|
+
"capec": "1000/152/242/63/591",
|
|
3289
|
+
"module": "waf"
|
|
3261
3290
|
},
|
|
3262
3291
|
"conditions": [
|
|
3263
3292
|
{
|
|
@@ -3311,7 +3340,8 @@
|
|
|
3311
3340
|
"category": "attack_attempt",
|
|
3312
3341
|
"cwe": "80",
|
|
3313
3342
|
"capec": "1000/152/242/63/591",
|
|
3314
|
-
"confidence": "1"
|
|
3343
|
+
"confidence": "1",
|
|
3344
|
+
"module": "waf"
|
|
3315
3345
|
},
|
|
3316
3346
|
"conditions": [
|
|
3317
3347
|
{
|
|
@@ -3358,7 +3388,8 @@
|
|
|
3358
3388
|
"category": "attack_attempt",
|
|
3359
3389
|
"cwe": "80",
|
|
3360
3390
|
"capec": "1000/152/242/63/591",
|
|
3361
|
-
"confidence": "1"
|
|
3391
|
+
"confidence": "1",
|
|
3392
|
+
"module": "waf"
|
|
3362
3393
|
},
|
|
3363
3394
|
"conditions": [
|
|
3364
3395
|
{
|
|
@@ -3405,7 +3436,8 @@
|
|
|
3405
3436
|
"category": "attack_attempt",
|
|
3406
3437
|
"cwe": "80",
|
|
3407
3438
|
"capec": "1000/152/242/63/591",
|
|
3408
|
-
"confidence": "1"
|
|
3439
|
+
"confidence": "1",
|
|
3440
|
+
"module": "waf"
|
|
3409
3441
|
},
|
|
3410
3442
|
"conditions": [
|
|
3411
3443
|
{
|
|
@@ -3452,7 +3484,8 @@
|
|
|
3452
3484
|
"category": "attack_attempt",
|
|
3453
3485
|
"cwe": "83",
|
|
3454
3486
|
"capec": "1000/152/242/63/591/243",
|
|
3455
|
-
"confidence": "1"
|
|
3487
|
+
"confidence": "1",
|
|
3488
|
+
"module": "waf"
|
|
3456
3489
|
},
|
|
3457
3490
|
"conditions": [
|
|
3458
3491
|
{
|
|
@@ -3498,7 +3531,8 @@
|
|
|
3498
3531
|
"category": "attack_attempt",
|
|
3499
3532
|
"cwe": "83",
|
|
3500
3533
|
"capec": "1000/152/242/63/591/243",
|
|
3501
|
-
"confidence": "1"
|
|
3534
|
+
"confidence": "1",
|
|
3535
|
+
"module": "waf"
|
|
3502
3536
|
},
|
|
3503
3537
|
"conditions": [
|
|
3504
3538
|
{
|
|
@@ -3545,7 +3579,8 @@
|
|
|
3545
3579
|
"crs_id": "941270",
|
|
3546
3580
|
"category": "attack_attempt",
|
|
3547
3581
|
"cwe": "83",
|
|
3548
|
-
"capec": "1000/152/242/63/591/243"
|
|
3582
|
+
"capec": "1000/152/242/63/591/243",
|
|
3583
|
+
"module": "waf"
|
|
3549
3584
|
},
|
|
3550
3585
|
"conditions": [
|
|
3551
3586
|
{
|
|
@@ -3588,7 +3623,8 @@
|
|
|
3588
3623
|
"category": "attack_attempt",
|
|
3589
3624
|
"cwe": "83",
|
|
3590
3625
|
"capec": "1000/152/242/63/591/243",
|
|
3591
|
-
"confidence": "1"
|
|
3626
|
+
"confidence": "1",
|
|
3627
|
+
"module": "waf"
|
|
3592
3628
|
},
|
|
3593
3629
|
"conditions": [
|
|
3594
3630
|
{
|
|
@@ -3634,7 +3670,8 @@
|
|
|
3634
3670
|
"category": "attack_attempt",
|
|
3635
3671
|
"cwe": "83",
|
|
3636
3672
|
"capec": "1000/152/242/63/591/243",
|
|
3637
|
-
"confidence": "1"
|
|
3673
|
+
"confidence": "1",
|
|
3674
|
+
"module": "waf"
|
|
3638
3675
|
},
|
|
3639
3676
|
"conditions": [
|
|
3640
3677
|
{
|
|
@@ -3680,7 +3717,8 @@
|
|
|
3680
3717
|
"category": "attack_attempt",
|
|
3681
3718
|
"cwe": "83",
|
|
3682
3719
|
"capec": "1000/152/242/63/591/243",
|
|
3683
|
-
"confidence": "1"
|
|
3720
|
+
"confidence": "1",
|
|
3721
|
+
"module": "waf"
|
|
3684
3722
|
},
|
|
3685
3723
|
"conditions": [
|
|
3686
3724
|
{
|
|
@@ -3726,7 +3764,8 @@
|
|
|
3726
3764
|
"category": "attack_attempt",
|
|
3727
3765
|
"cwe": "87",
|
|
3728
3766
|
"capec": "1000/152/242/63/591/199",
|
|
3729
|
-
"confidence": "1"
|
|
3767
|
+
"confidence": "1",
|
|
3768
|
+
"module": "waf"
|
|
3730
3769
|
},
|
|
3731
3770
|
"conditions": [
|
|
3732
3771
|
{
|
|
@@ -3770,7 +3809,8 @@
|
|
|
3770
3809
|
"crs_id": "941360",
|
|
3771
3810
|
"category": "attack_attempt",
|
|
3772
3811
|
"cwe": "87",
|
|
3773
|
-
"capec": "1000/152/242/63/591/199"
|
|
3812
|
+
"capec": "1000/152/242/63/591/199",
|
|
3813
|
+
"module": "waf"
|
|
3774
3814
|
},
|
|
3775
3815
|
"conditions": [
|
|
3776
3816
|
{
|
|
@@ -3815,7 +3855,8 @@
|
|
|
3815
3855
|
"category": "attack_attempt",
|
|
3816
3856
|
"confidence": "1",
|
|
3817
3857
|
"cwe": "79",
|
|
3818
|
-
"capec": "1000/152/242/63/591"
|
|
3858
|
+
"capec": "1000/152/242/63/591",
|
|
3859
|
+
"module": "waf"
|
|
3819
3860
|
},
|
|
3820
3861
|
"conditions": [
|
|
3821
3862
|
{
|
|
@@ -3859,7 +3900,8 @@
|
|
|
3859
3900
|
"crs_id": "942100",
|
|
3860
3901
|
"category": "attack_attempt",
|
|
3861
3902
|
"cwe": "89",
|
|
3862
|
-
"capec": "1000/152/248/66"
|
|
3903
|
+
"capec": "1000/152/248/66",
|
|
3904
|
+
"module": "waf"
|
|
3863
3905
|
},
|
|
3864
3906
|
"conditions": [
|
|
3865
3907
|
{
|
|
@@ -3898,7 +3940,8 @@
|
|
|
3898
3940
|
"category": "attack_attempt",
|
|
3899
3941
|
"cwe": "89",
|
|
3900
3942
|
"capec": "1000/152/248/66/7",
|
|
3901
|
-
"confidence": "1"
|
|
3943
|
+
"confidence": "1",
|
|
3944
|
+
"module": "waf"
|
|
3902
3945
|
},
|
|
3903
3946
|
"conditions": [
|
|
3904
3947
|
{
|
|
@@ -3943,7 +3986,8 @@
|
|
|
3943
3986
|
"category": "attack_attempt",
|
|
3944
3987
|
"cwe": "89",
|
|
3945
3988
|
"capec": "1000/152/248/66/7",
|
|
3946
|
-
"confidence": "1"
|
|
3989
|
+
"confidence": "1",
|
|
3990
|
+
"module": "waf"
|
|
3947
3991
|
},
|
|
3948
3992
|
"conditions": [
|
|
3949
3993
|
{
|
|
@@ -3986,7 +4030,8 @@
|
|
|
3986
4030
|
"crs_id": "942250",
|
|
3987
4031
|
"category": "attack_attempt",
|
|
3988
4032
|
"cwe": "89",
|
|
3989
|
-
"capec": "1000/152/248/66"
|
|
4033
|
+
"capec": "1000/152/248/66",
|
|
4034
|
+
"module": "waf"
|
|
3990
4035
|
},
|
|
3991
4036
|
"conditions": [
|
|
3992
4037
|
{
|
|
@@ -4030,7 +4075,8 @@
|
|
|
4030
4075
|
"crs_id": "942270",
|
|
4031
4076
|
"category": "attack_attempt",
|
|
4032
4077
|
"cwe": "89",
|
|
4033
|
-
"capec": "1000/152/248/66"
|
|
4078
|
+
"capec": "1000/152/248/66",
|
|
4079
|
+
"module": "waf"
|
|
4034
4080
|
},
|
|
4035
4081
|
"conditions": [
|
|
4036
4082
|
{
|
|
@@ -4074,7 +4120,8 @@
|
|
|
4074
4120
|
"category": "attack_attempt",
|
|
4075
4121
|
"cwe": "89",
|
|
4076
4122
|
"capec": "1000/152/248/66/7",
|
|
4077
|
-
"confidence": "1"
|
|
4123
|
+
"confidence": "1",
|
|
4124
|
+
"module": "waf"
|
|
4078
4125
|
},
|
|
4079
4126
|
"conditions": [
|
|
4080
4127
|
{
|
|
@@ -4117,7 +4164,8 @@
|
|
|
4117
4164
|
"crs_id": "942290",
|
|
4118
4165
|
"category": "attack_attempt",
|
|
4119
4166
|
"cwe": "943",
|
|
4120
|
-
"capec": "1000/152/248/676"
|
|
4167
|
+
"capec": "1000/152/248/676",
|
|
4168
|
+
"module": "waf"
|
|
4121
4169
|
},
|
|
4122
4170
|
"conditions": [
|
|
4123
4171
|
{
|
|
@@ -4163,7 +4211,8 @@
|
|
|
4163
4211
|
"crs_id": "942360",
|
|
4164
4212
|
"category": "attack_attempt",
|
|
4165
4213
|
"cwe": "89",
|
|
4166
|
-
"capec": "1000/152/248/66/470"
|
|
4214
|
+
"capec": "1000/152/248/66/470",
|
|
4215
|
+
"module": "waf"
|
|
4167
4216
|
},
|
|
4168
4217
|
"conditions": [
|
|
4169
4218
|
{
|
|
@@ -4206,7 +4255,8 @@
|
|
|
4206
4255
|
"crs_id": "942500",
|
|
4207
4256
|
"category": "attack_attempt",
|
|
4208
4257
|
"cwe": "89",
|
|
4209
|
-
"capec": "1000/152/248/66"
|
|
4258
|
+
"capec": "1000/152/248/66",
|
|
4259
|
+
"module": "waf"
|
|
4210
4260
|
},
|
|
4211
4261
|
"conditions": [
|
|
4212
4262
|
{
|
|
@@ -4251,7 +4301,8 @@
|
|
|
4251
4301
|
"category": "attack_attempt",
|
|
4252
4302
|
"cwe": "384",
|
|
4253
4303
|
"capec": "1000/225/21/593/61",
|
|
4254
|
-
"confidence": "1"
|
|
4304
|
+
"confidence": "1",
|
|
4305
|
+
"module": "waf"
|
|
4255
4306
|
},
|
|
4256
4307
|
"conditions": [
|
|
4257
4308
|
{
|
|
@@ -4296,7 +4347,8 @@
|
|
|
4296
4347
|
"category": "attack_attempt",
|
|
4297
4348
|
"cwe": "94",
|
|
4298
4349
|
"capec": "1000/152/242",
|
|
4299
|
-
"confidence": "1"
|
|
4350
|
+
"confidence": "1",
|
|
4351
|
+
"module": "waf"
|
|
4300
4352
|
},
|
|
4301
4353
|
"conditions": [
|
|
4302
4354
|
{
|
|
@@ -4344,7 +4396,8 @@
|
|
|
4344
4396
|
"type": "java_code_injection",
|
|
4345
4397
|
"category": "attack_attempt",
|
|
4346
4398
|
"cwe": "94",
|
|
4347
|
-
"capec": "1000/152/242"
|
|
4399
|
+
"capec": "1000/152/242",
|
|
4400
|
+
"module": "waf"
|
|
4348
4401
|
},
|
|
4349
4402
|
"conditions": [
|
|
4350
4403
|
{
|
|
@@ -4391,7 +4444,8 @@
|
|
|
4391
4444
|
"crs_id": "944130",
|
|
4392
4445
|
"category": "attack_attempt",
|
|
4393
4446
|
"cwe": "94",
|
|
4394
|
-
"capec": "1000/152/242"
|
|
4447
|
+
"capec": "1000/152/242",
|
|
4448
|
+
"module": "waf"
|
|
4395
4449
|
},
|
|
4396
4450
|
"conditions": [
|
|
4397
4451
|
{
|
|
@@ -4529,7 +4583,8 @@
|
|
|
4529
4583
|
"type": "nosql_injection",
|
|
4530
4584
|
"category": "attack_attempt",
|
|
4531
4585
|
"cwe": "943",
|
|
4532
|
-
"capec": "1000/152/248/676"
|
|
4586
|
+
"capec": "1000/152/248/676",
|
|
4587
|
+
"module": "waf"
|
|
4533
4588
|
},
|
|
4534
4589
|
"conditions": [
|
|
4535
4590
|
{
|
|
@@ -4573,7 +4628,8 @@
|
|
|
4573
4628
|
"type": "java_code_injection",
|
|
4574
4629
|
"category": "attack_attempt",
|
|
4575
4630
|
"cwe": "94",
|
|
4576
|
-
"capec": "1000/152/242"
|
|
4631
|
+
"capec": "1000/152/242",
|
|
4632
|
+
"module": "waf"
|
|
4577
4633
|
},
|
|
4578
4634
|
"conditions": [
|
|
4579
4635
|
{
|
|
@@ -4619,7 +4675,8 @@
|
|
|
4619
4675
|
"category": "attack_attempt",
|
|
4620
4676
|
"cwe": "94",
|
|
4621
4677
|
"capec": "1000/152/242",
|
|
4622
|
-
"confidence": "1"
|
|
4678
|
+
"confidence": "1",
|
|
4679
|
+
"module": "waf"
|
|
4623
4680
|
},
|
|
4624
4681
|
"conditions": [
|
|
4625
4682
|
{
|
|
@@ -4695,7 +4752,8 @@
|
|
|
4695
4752
|
"category": "attack_attempt",
|
|
4696
4753
|
"cwe": "1321",
|
|
4697
4754
|
"capec": "1000/152/242",
|
|
4698
|
-
"confidence": "1"
|
|
4755
|
+
"confidence": "1",
|
|
4756
|
+
"module": "waf"
|
|
4699
4757
|
},
|
|
4700
4758
|
"conditions": [
|
|
4701
4759
|
{
|
|
@@ -4725,7 +4783,8 @@
|
|
|
4725
4783
|
"category": "attack_attempt",
|
|
4726
4784
|
"cwe": "1321",
|
|
4727
4785
|
"capec": "1000/152/242",
|
|
4728
|
-
"confidence": "1"
|
|
4786
|
+
"confidence": "1",
|
|
4787
|
+
"module": "waf"
|
|
4729
4788
|
},
|
|
4730
4789
|
"conditions": [
|
|
4731
4790
|
{
|
|
@@ -4769,7 +4828,8 @@
|
|
|
4769
4828
|
"category": "attack_attempt",
|
|
4770
4829
|
"cwe": "1336",
|
|
4771
4830
|
"capec": "1000/152/242/19",
|
|
4772
|
-
"confidence": "1"
|
|
4831
|
+
"confidence": "1",
|
|
4832
|
+
"module": "waf"
|
|
4773
4833
|
},
|
|
4774
4834
|
"conditions": [
|
|
4775
4835
|
{
|
|
@@ -4804,6 +4864,36 @@
|
|
|
4804
4864
|
],
|
|
4805
4865
|
"transformers": []
|
|
4806
4866
|
},
|
|
4867
|
+
{
|
|
4868
|
+
"id": "ua0-600-68x",
|
|
4869
|
+
"name": "xorbot",
|
|
4870
|
+
"tags": {
|
|
4871
|
+
"type": "attack_tool",
|
|
4872
|
+
"category": "attack_attempt",
|
|
4873
|
+
"cwe": "200",
|
|
4874
|
+
"capec": "1000/118/169",
|
|
4875
|
+
"tool_name": "xorbot",
|
|
4876
|
+
"confidence": "0",
|
|
4877
|
+
"module": "waf"
|
|
4878
|
+
},
|
|
4879
|
+
"conditions": [
|
|
4880
|
+
{
|
|
4881
|
+
"parameters": {
|
|
4882
|
+
"inputs": [
|
|
4883
|
+
{
|
|
4884
|
+
"address": "server.request.headers.no_cookies",
|
|
4885
|
+
"key_path": [
|
|
4886
|
+
"user-agent"
|
|
4887
|
+
]
|
|
4888
|
+
}
|
|
4889
|
+
],
|
|
4890
|
+
"regex": "\\bmasjesu\\b"
|
|
4891
|
+
},
|
|
4892
|
+
"operator": "match_regex"
|
|
4893
|
+
}
|
|
4894
|
+
],
|
|
4895
|
+
"transformers": []
|
|
4896
|
+
},
|
|
4807
4897
|
{
|
|
4808
4898
|
"id": "dog-913-001",
|
|
4809
4899
|
"name": "BurpCollaborator OOB domain",
|
|
@@ -4813,7 +4903,8 @@
|
|
|
4813
4903
|
"tool_name": "BurpCollaborator",
|
|
4814
4904
|
"cwe": "200",
|
|
4815
4905
|
"capec": "1000/118/169",
|
|
4816
|
-
"confidence": "1"
|
|
4906
|
+
"confidence": "1",
|
|
4907
|
+
"module": "waf"
|
|
4817
4908
|
},
|
|
4818
4909
|
"conditions": [
|
|
4819
4910
|
{
|
|
@@ -4857,7 +4948,8 @@
|
|
|
4857
4948
|
"tool_name": "Qualys",
|
|
4858
4949
|
"cwe": "200",
|
|
4859
4950
|
"capec": "1000/118/169",
|
|
4860
|
-
"confidence": "0"
|
|
4951
|
+
"confidence": "0",
|
|
4952
|
+
"module": "waf"
|
|
4861
4953
|
},
|
|
4862
4954
|
"conditions": [
|
|
4863
4955
|
{
|
|
@@ -4901,7 +4993,8 @@
|
|
|
4901
4993
|
"tool_name": "Probely",
|
|
4902
4994
|
"cwe": "200",
|
|
4903
4995
|
"capec": "1000/118/169",
|
|
4904
|
-
"confidence": "0"
|
|
4996
|
+
"confidence": "0",
|
|
4997
|
+
"module": "waf"
|
|
4905
4998
|
},
|
|
4906
4999
|
"conditions": [
|
|
4907
5000
|
{
|
|
@@ -4944,7 +5037,8 @@
|
|
|
4944
5037
|
"category": "attack_attempt",
|
|
4945
5038
|
"cwe": "200",
|
|
4946
5039
|
"capec": "1000/118/169",
|
|
4947
|
-
"confidence": "1"
|
|
5040
|
+
"confidence": "1",
|
|
5041
|
+
"module": "waf"
|
|
4948
5042
|
},
|
|
4949
5043
|
"conditions": [
|
|
4950
5044
|
{
|
|
@@ -4987,7 +5081,8 @@
|
|
|
4987
5081
|
"category": "attack_attempt",
|
|
4988
5082
|
"cwe": "200",
|
|
4989
5083
|
"capec": "1000/118/169",
|
|
4990
|
-
"confidence": "0"
|
|
5084
|
+
"confidence": "0",
|
|
5085
|
+
"module": "waf"
|
|
4991
5086
|
},
|
|
4992
5087
|
"conditions": [
|
|
4993
5088
|
{
|
|
@@ -5031,7 +5126,8 @@
|
|
|
5031
5126
|
"tool_name": "Rapid7",
|
|
5032
5127
|
"cwe": "200",
|
|
5033
5128
|
"capec": "1000/118/169",
|
|
5034
|
-
"confidence": "0"
|
|
5129
|
+
"confidence": "0",
|
|
5130
|
+
"module": "waf"
|
|
5035
5131
|
},
|
|
5036
5132
|
"conditions": [
|
|
5037
5133
|
{
|
|
@@ -5075,7 +5171,8 @@
|
|
|
5075
5171
|
"tool_name": "interact.sh",
|
|
5076
5172
|
"cwe": "200",
|
|
5077
5173
|
"capec": "1000/118/169",
|
|
5078
|
-
"confidence": "1"
|
|
5174
|
+
"confidence": "1",
|
|
5175
|
+
"module": "waf"
|
|
5079
5176
|
},
|
|
5080
5177
|
"conditions": [
|
|
5081
5178
|
{
|
|
@@ -5119,7 +5216,8 @@
|
|
|
5119
5216
|
"tool_name": "Netsparker",
|
|
5120
5217
|
"cwe": "200",
|
|
5121
5218
|
"capec": "1000/118/169",
|
|
5122
|
-
"confidence": "0"
|
|
5219
|
+
"confidence": "0",
|
|
5220
|
+
"module": "waf"
|
|
5123
5221
|
},
|
|
5124
5222
|
"conditions": [
|
|
5125
5223
|
{
|
|
@@ -5167,7 +5265,8 @@
|
|
|
5167
5265
|
"tool_name": "WhiteHatSecurity",
|
|
5168
5266
|
"cwe": "200",
|
|
5169
5267
|
"capec": "1000/118/169",
|
|
5170
|
-
"confidence": "0"
|
|
5268
|
+
"confidence": "0",
|
|
5269
|
+
"module": "waf"
|
|
5171
5270
|
},
|
|
5172
5271
|
"conditions": [
|
|
5173
5272
|
{
|
|
@@ -5215,7 +5314,8 @@
|
|
|
5215
5314
|
"tool_name": "Nessus",
|
|
5216
5315
|
"cwe": "200",
|
|
5217
5316
|
"capec": "1000/118/169",
|
|
5218
|
-
"confidence": "0"
|
|
5317
|
+
"confidence": "0",
|
|
5318
|
+
"module": "waf"
|
|
5219
5319
|
},
|
|
5220
5320
|
"conditions": [
|
|
5221
5321
|
{
|
|
@@ -5263,7 +5363,8 @@
|
|
|
5263
5363
|
"tool_name": "Watchtowr",
|
|
5264
5364
|
"cwe": "200",
|
|
5265
5365
|
"capec": "1000/118/169",
|
|
5266
|
-
"confidence": "0"
|
|
5366
|
+
"confidence": "0",
|
|
5367
|
+
"module": "waf"
|
|
5267
5368
|
},
|
|
5268
5369
|
"conditions": [
|
|
5269
5370
|
{
|
|
@@ -5311,7 +5412,8 @@
|
|
|
5311
5412
|
"tool_name": "AppCheckNG",
|
|
5312
5413
|
"cwe": "200",
|
|
5313
5414
|
"capec": "1000/118/169",
|
|
5314
|
-
"confidence": "0"
|
|
5415
|
+
"confidence": "0",
|
|
5416
|
+
"module": "waf"
|
|
5315
5417
|
},
|
|
5316
5418
|
"conditions": [
|
|
5317
5419
|
{
|
|
@@ -5350,6 +5452,82 @@
|
|
|
5350
5452
|
],
|
|
5351
5453
|
"transformers": []
|
|
5352
5454
|
},
|
|
5455
|
+
{
|
|
5456
|
+
"id": "dog-913-013",
|
|
5457
|
+
"name": "Public PoC for CVE-2025-24813",
|
|
5458
|
+
"tags": {
|
|
5459
|
+
"type": "attack_tool",
|
|
5460
|
+
"category": "attack_attempt",
|
|
5461
|
+
"cwe": "200",
|
|
5462
|
+
"capec": "1000/118/169",
|
|
5463
|
+
"confidence": "1",
|
|
5464
|
+
"module": "waf"
|
|
5465
|
+
},
|
|
5466
|
+
"conditions": [
|
|
5467
|
+
{
|
|
5468
|
+
"parameters": {
|
|
5469
|
+
"inputs": [
|
|
5470
|
+
{
|
|
5471
|
+
"address": "server.request.uri.raw"
|
|
5472
|
+
}
|
|
5473
|
+
],
|
|
5474
|
+
"regex": "/iSee857/session",
|
|
5475
|
+
"options": {
|
|
5476
|
+
"case_sensitive": false,
|
|
5477
|
+
"min_length": 16
|
|
5478
|
+
}
|
|
5479
|
+
},
|
|
5480
|
+
"operator": "match_regex"
|
|
5481
|
+
}
|
|
5482
|
+
],
|
|
5483
|
+
"transformers": []
|
|
5484
|
+
},
|
|
5485
|
+
{
|
|
5486
|
+
"id": "dog-913-014",
|
|
5487
|
+
"name": "Exploit attempt for Next.js Middleware Exploit (CVE-2025-29927)",
|
|
5488
|
+
"tags": {
|
|
5489
|
+
"type": "security_scanner",
|
|
5490
|
+
"category": "attack_attempt",
|
|
5491
|
+
"cwe": "200",
|
|
5492
|
+
"capec": "1000/118/169",
|
|
5493
|
+
"confidence": "0",
|
|
5494
|
+
"module": "waf"
|
|
5495
|
+
},
|
|
5496
|
+
"conditions": [
|
|
5497
|
+
{
|
|
5498
|
+
"parameters": {
|
|
5499
|
+
"inputs": [
|
|
5500
|
+
{
|
|
5501
|
+
"address": "server.request.headers.no_cookies",
|
|
5502
|
+
"key_path": [
|
|
5503
|
+
"x-middleware-subrequest"
|
|
5504
|
+
]
|
|
5505
|
+
}
|
|
5506
|
+
],
|
|
5507
|
+
"regex": ".*",
|
|
5508
|
+
"options": {
|
|
5509
|
+
"min_length": 1
|
|
5510
|
+
}
|
|
5511
|
+
},
|
|
5512
|
+
"operator": "match_regex"
|
|
5513
|
+
},
|
|
5514
|
+
{
|
|
5515
|
+
"parameters": {
|
|
5516
|
+
"inputs": [
|
|
5517
|
+
{
|
|
5518
|
+
"address": "server.request.headers.no_cookies",
|
|
5519
|
+
"key_path": [
|
|
5520
|
+
"x-middleware-subrequest"
|
|
5521
|
+
]
|
|
5522
|
+
}
|
|
5523
|
+
],
|
|
5524
|
+
"regex": "[0-9a-fA-F]{40}|\\[\\w+\\]"
|
|
5525
|
+
},
|
|
5526
|
+
"operator": "!match_regex"
|
|
5527
|
+
}
|
|
5528
|
+
],
|
|
5529
|
+
"transformers": []
|
|
5530
|
+
},
|
|
5353
5531
|
{
|
|
5354
5532
|
"id": "dog-920-001",
|
|
5355
5533
|
"name": "JWT authentication bypass",
|
|
@@ -5358,7 +5536,8 @@
|
|
|
5358
5536
|
"category": "attack_attempt",
|
|
5359
5537
|
"cwe": "287",
|
|
5360
5538
|
"capec": "1000/225/115",
|
|
5361
|
-
"confidence": "0"
|
|
5539
|
+
"confidence": "0",
|
|
5540
|
+
"module": "waf"
|
|
5362
5541
|
},
|
|
5363
5542
|
"conditions": [
|
|
5364
5543
|
{
|
|
@@ -5392,7 +5571,8 @@
|
|
|
5392
5571
|
"category": "attack_attempt",
|
|
5393
5572
|
"cwe": "98",
|
|
5394
5573
|
"capec": "1000/152/175/253/193",
|
|
5395
|
-
"confidence": "1"
|
|
5574
|
+
"confidence": "1",
|
|
5575
|
+
"module": "waf"
|
|
5396
5576
|
},
|
|
5397
5577
|
"conditions": [
|
|
5398
5578
|
{
|
|
@@ -5436,7 +5616,8 @@
|
|
|
5436
5616
|
"category": "attack_attempt",
|
|
5437
5617
|
"cwe": "77",
|
|
5438
5618
|
"capec": "1000/152/248/88",
|
|
5439
|
-
"confidence": "0"
|
|
5619
|
+
"confidence": "0",
|
|
5620
|
+
"module": "waf"
|
|
5440
5621
|
},
|
|
5441
5622
|
"conditions": [
|
|
5442
5623
|
{
|
|
@@ -5483,7 +5664,8 @@
|
|
|
5483
5664
|
"category": "attack_attempt",
|
|
5484
5665
|
"cwe": "91",
|
|
5485
5666
|
"capec": "1000/152/248/250",
|
|
5486
|
-
"confidence": "1"
|
|
5667
|
+
"confidence": "1",
|
|
5668
|
+
"module": "waf"
|
|
5487
5669
|
},
|
|
5488
5670
|
"conditions": [
|
|
5489
5671
|
{
|
|
@@ -5521,7 +5703,8 @@
|
|
|
5521
5703
|
"category": "attack_attempt",
|
|
5522
5704
|
"cwe": "83",
|
|
5523
5705
|
"capec": "1000/152/242/63/591/243",
|
|
5524
|
-
"confidence": "1"
|
|
5706
|
+
"confidence": "1",
|
|
5707
|
+
"module": "waf"
|
|
5525
5708
|
},
|
|
5526
5709
|
"conditions": [
|
|
5527
5710
|
{
|
|
@@ -5579,7 +5762,8 @@
|
|
|
5579
5762
|
"category": "attack_attempt",
|
|
5580
5763
|
"cwe": "83",
|
|
5581
5764
|
"capec": "1000/152/242/63/591/243",
|
|
5582
|
-
"confidence": "1"
|
|
5765
|
+
"confidence": "1",
|
|
5766
|
+
"module": "waf"
|
|
5583
5767
|
},
|
|
5584
5768
|
"conditions": [
|
|
5585
5769
|
{
|
|
@@ -5866,7 +6050,8 @@
|
|
|
5866
6050
|
"category": "attack_attempt",
|
|
5867
6051
|
"cwe": "200",
|
|
5868
6052
|
"capec": "1000/118/169",
|
|
5869
|
-
"confidence": "1"
|
|
6053
|
+
"confidence": "1",
|
|
6054
|
+
"module": "waf"
|
|
5870
6055
|
},
|
|
5871
6056
|
"conditions": [
|
|
5872
6057
|
{
|
|
@@ -5908,7 +6093,8 @@
|
|
|
5908
6093
|
"category": "attack_attempt",
|
|
5909
6094
|
"cwe": "200",
|
|
5910
6095
|
"capec": "1000/118/169",
|
|
5911
|
-
"confidence": "1"
|
|
6096
|
+
"confidence": "1",
|
|
6097
|
+
"module": "waf"
|
|
5912
6098
|
},
|
|
5913
6099
|
"conditions": [
|
|
5914
6100
|
{
|
|
@@ -5950,7 +6136,8 @@
|
|
|
5950
6136
|
"category": "attack_attempt",
|
|
5951
6137
|
"cwe": "200",
|
|
5952
6138
|
"capec": "1000/118/169",
|
|
5953
|
-
"confidence": "1"
|
|
6139
|
+
"confidence": "1",
|
|
6140
|
+
"module": "waf"
|
|
5954
6141
|
},
|
|
5955
6142
|
"conditions": [
|
|
5956
6143
|
{
|
|
@@ -5992,7 +6179,8 @@
|
|
|
5992
6179
|
"category": "attack_attempt",
|
|
5993
6180
|
"cwe": "200",
|
|
5994
6181
|
"capec": "1000/118/169",
|
|
5995
|
-
"confidence": "1"
|
|
6182
|
+
"confidence": "1",
|
|
6183
|
+
"module": "waf"
|
|
5996
6184
|
},
|
|
5997
6185
|
"conditions": [
|
|
5998
6186
|
{
|
|
@@ -6034,7 +6222,8 @@
|
|
|
6034
6222
|
"category": "attack_attempt",
|
|
6035
6223
|
"cwe": "200",
|
|
6036
6224
|
"capec": "1000/118/169",
|
|
6037
|
-
"confidence": "1"
|
|
6225
|
+
"confidence": "1",
|
|
6226
|
+
"module": "waf"
|
|
6038
6227
|
},
|
|
6039
6228
|
"conditions": [
|
|
6040
6229
|
{
|
|
@@ -6059,7 +6248,7 @@
|
|
|
6059
6248
|
"address": "server.request.uri.raw"
|
|
6060
6249
|
}
|
|
6061
6250
|
],
|
|
6062
|
-
"regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([
|
|
6251
|
+
"regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([?#&/]|$)",
|
|
6063
6252
|
"options": {
|
|
6064
6253
|
"case_sensitive": false
|
|
6065
6254
|
}
|
|
@@ -6076,7 +6265,8 @@
|
|
|
6076
6265
|
"category": "attack_attempt",
|
|
6077
6266
|
"cwe": "200",
|
|
6078
6267
|
"capec": "1000/118/169",
|
|
6079
|
-
"confidence": "1"
|
|
6268
|
+
"confidence": "1",
|
|
6269
|
+
"module": "waf"
|
|
6080
6270
|
},
|
|
6081
6271
|
"conditions": [
|
|
6082
6272
|
{
|
|
@@ -6118,7 +6308,8 @@
|
|
|
6118
6308
|
"category": "attack_attempt",
|
|
6119
6309
|
"cwe": "200",
|
|
6120
6310
|
"capec": "1000/118/169",
|
|
6121
|
-
"confidence": "1"
|
|
6311
|
+
"confidence": "1",
|
|
6312
|
+
"module": "waf"
|
|
6122
6313
|
},
|
|
6123
6314
|
"conditions": [
|
|
6124
6315
|
{
|
|
@@ -6160,7 +6351,8 @@
|
|
|
6160
6351
|
"category": "attack_attempt",
|
|
6161
6352
|
"cwe": "200",
|
|
6162
6353
|
"capec": "1000/118/169",
|
|
6163
|
-
"confidence": "1"
|
|
6354
|
+
"confidence": "1",
|
|
6355
|
+
"module": "waf"
|
|
6164
6356
|
},
|
|
6165
6357
|
"conditions": [
|
|
6166
6358
|
{
|
|
@@ -6202,7 +6394,8 @@
|
|
|
6202
6394
|
"category": "attack_attempt",
|
|
6203
6395
|
"cwe": "200",
|
|
6204
6396
|
"capec": "1000/118/169",
|
|
6205
|
-
"confidence": "0"
|
|
6397
|
+
"confidence": "0",
|
|
6398
|
+
"module": "waf"
|
|
6206
6399
|
},
|
|
6207
6400
|
"conditions": [
|
|
6208
6401
|
{
|
|
@@ -6227,7 +6420,7 @@
|
|
|
6227
6420
|
"address": "server.request.uri.raw"
|
|
6228
6421
|
}
|
|
6229
6422
|
],
|
|
6230
|
-
"regex": "(
|
|
6423
|
+
"regex": "(?:^|/)(?:swagger|api[-/]?docs?|openapi)\\b",
|
|
6231
6424
|
"options": {
|
|
6232
6425
|
"case_sensitive": false
|
|
6233
6426
|
}
|
|
@@ -6244,7 +6437,7 @@
|
|
|
6244
6437
|
"category": "vulnerability_trigger",
|
|
6245
6438
|
"cwe": "22",
|
|
6246
6439
|
"capec": "1000/255/153/126",
|
|
6247
|
-
"confidence": "
|
|
6440
|
+
"confidence": "1",
|
|
6248
6441
|
"module": "rasp"
|
|
6249
6442
|
},
|
|
6250
6443
|
"conditions": [
|
|
@@ -6276,7 +6469,7 @@
|
|
|
6276
6469
|
}
|
|
6277
6470
|
]
|
|
6278
6471
|
},
|
|
6279
|
-
"operator": "lfi_detector"
|
|
6472
|
+
"operator": "lfi_detector@v2"
|
|
6280
6473
|
}
|
|
6281
6474
|
],
|
|
6282
6475
|
"transformers": [],
|
|
@@ -6286,13 +6479,13 @@
|
|
|
6286
6479
|
},
|
|
6287
6480
|
{
|
|
6288
6481
|
"id": "rasp-932-100",
|
|
6289
|
-
"name": "Shell injection exploit",
|
|
6482
|
+
"name": "Shell command injection exploit",
|
|
6290
6483
|
"tags": {
|
|
6291
6484
|
"type": "command_injection",
|
|
6292
6485
|
"category": "vulnerability_trigger",
|
|
6293
6486
|
"cwe": "77",
|
|
6294
6487
|
"capec": "1000/152/248/88",
|
|
6295
|
-
"confidence": "
|
|
6488
|
+
"confidence": "1",
|
|
6296
6489
|
"module": "rasp"
|
|
6297
6490
|
},
|
|
6298
6491
|
"conditions": [
|
|
@@ -6333,14 +6526,14 @@
|
|
|
6333
6526
|
]
|
|
6334
6527
|
},
|
|
6335
6528
|
{
|
|
6336
|
-
"id": "rasp-
|
|
6337
|
-
"name": "
|
|
6529
|
+
"id": "rasp-932-110",
|
|
6530
|
+
"name": "OS command injection exploit",
|
|
6338
6531
|
"tags": {
|
|
6339
|
-
"type": "
|
|
6532
|
+
"type": "command_injection",
|
|
6340
6533
|
"category": "vulnerability_trigger",
|
|
6341
|
-
"cwe": "
|
|
6342
|
-
"capec": "1000/
|
|
6343
|
-
"confidence": "
|
|
6534
|
+
"cwe": "77",
|
|
6535
|
+
"capec": "1000/152/248/88",
|
|
6536
|
+
"confidence": "1",
|
|
6344
6537
|
"module": "rasp"
|
|
6345
6538
|
},
|
|
6346
6539
|
"conditions": [
|
|
@@ -6348,7 +6541,7 @@
|
|
|
6348
6541
|
"parameters": {
|
|
6349
6542
|
"resource": [
|
|
6350
6543
|
{
|
|
6351
|
-
"address": "server.
|
|
6544
|
+
"address": "server.sys.exec.cmd"
|
|
6352
6545
|
}
|
|
6353
6546
|
],
|
|
6354
6547
|
"params": [
|
|
@@ -6372,7 +6565,7 @@
|
|
|
6372
6565
|
}
|
|
6373
6566
|
]
|
|
6374
6567
|
},
|
|
6375
|
-
"operator": "
|
|
6568
|
+
"operator": "cmdi_detector"
|
|
6376
6569
|
}
|
|
6377
6570
|
],
|
|
6378
6571
|
"transformers": [],
|
|
@@ -6381,25 +6574,87 @@
|
|
|
6381
6574
|
]
|
|
6382
6575
|
},
|
|
6383
6576
|
{
|
|
6384
|
-
"id": "rasp-
|
|
6385
|
-
"name": "
|
|
6577
|
+
"id": "rasp-934-100",
|
|
6578
|
+
"name": "Server-side request forgery exploit",
|
|
6386
6579
|
"tags": {
|
|
6387
|
-
"type": "
|
|
6580
|
+
"type": "ssrf",
|
|
6388
6581
|
"category": "vulnerability_trigger",
|
|
6389
|
-
"cwe": "
|
|
6390
|
-
"capec": "1000/
|
|
6582
|
+
"cwe": "918",
|
|
6583
|
+
"capec": "1000/225/115/664",
|
|
6391
6584
|
"confidence": "0",
|
|
6392
6585
|
"module": "rasp"
|
|
6393
6586
|
},
|
|
6394
6587
|
"conditions": [
|
|
6395
6588
|
{
|
|
6396
6589
|
"parameters": {
|
|
6397
|
-
"
|
|
6590
|
+
"inputs": [
|
|
6398
6591
|
{
|
|
6399
|
-
"address": "server.
|
|
6592
|
+
"address": "server.io.net.url"
|
|
6400
6593
|
}
|
|
6401
6594
|
],
|
|
6402
|
-
"
|
|
6595
|
+
"regex": "^(jar:)?https?:\\/\\/\\W*([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10}|(\\[)?[:0-9a-f\\.x]{2,}(\\])?|metadata\\.google\\.internal|(?:[a-z0-9:@\\.\\-]*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru|ifconfig\\.pro|dnslog\\.\\w+))(:[0-9]{1,5})?(\\/[^:@]*)?$",
|
|
6596
|
+
"options": {
|
|
6597
|
+
"case_sensitive": false
|
|
6598
|
+
}
|
|
6599
|
+
},
|
|
6600
|
+
"operator": "match_regex"
|
|
6601
|
+
},
|
|
6602
|
+
{
|
|
6603
|
+
"parameters": {
|
|
6604
|
+
"resource": [
|
|
6605
|
+
{
|
|
6606
|
+
"address": "server.io.net.url"
|
|
6607
|
+
}
|
|
6608
|
+
],
|
|
6609
|
+
"params": [
|
|
6610
|
+
{
|
|
6611
|
+
"address": "server.request.query"
|
|
6612
|
+
},
|
|
6613
|
+
{
|
|
6614
|
+
"address": "server.request.body"
|
|
6615
|
+
},
|
|
6616
|
+
{
|
|
6617
|
+
"address": "server.request.path_params"
|
|
6618
|
+
},
|
|
6619
|
+
{
|
|
6620
|
+
"address": "grpc.server.request.message"
|
|
6621
|
+
},
|
|
6622
|
+
{
|
|
6623
|
+
"address": "graphql.server.all_resolvers"
|
|
6624
|
+
},
|
|
6625
|
+
{
|
|
6626
|
+
"address": "graphql.server.resolver"
|
|
6627
|
+
}
|
|
6628
|
+
]
|
|
6629
|
+
},
|
|
6630
|
+
"operator": "ssrf_detector"
|
|
6631
|
+
}
|
|
6632
|
+
],
|
|
6633
|
+
"transformers": [],
|
|
6634
|
+
"on_match": [
|
|
6635
|
+
"stack_trace"
|
|
6636
|
+
]
|
|
6637
|
+
},
|
|
6638
|
+
{
|
|
6639
|
+
"id": "rasp-942-100",
|
|
6640
|
+
"name": "SQL injection exploit",
|
|
6641
|
+
"tags": {
|
|
6642
|
+
"type": "sql_injection",
|
|
6643
|
+
"category": "vulnerability_trigger",
|
|
6644
|
+
"cwe": "89",
|
|
6645
|
+
"capec": "1000/152/248/66",
|
|
6646
|
+
"confidence": "1",
|
|
6647
|
+
"module": "rasp"
|
|
6648
|
+
},
|
|
6649
|
+
"conditions": [
|
|
6650
|
+
{
|
|
6651
|
+
"parameters": {
|
|
6652
|
+
"resource": [
|
|
6653
|
+
{
|
|
6654
|
+
"address": "server.db.statement"
|
|
6655
|
+
}
|
|
6656
|
+
],
|
|
6657
|
+
"params": [
|
|
6403
6658
|
{
|
|
6404
6659
|
"address": "server.request.query"
|
|
6405
6660
|
},
|
|
@@ -6422,7 +6677,7 @@
|
|
|
6422
6677
|
}
|
|
6423
6678
|
]
|
|
6424
6679
|
},
|
|
6425
|
-
"operator": "sqli_detector"
|
|
6680
|
+
"operator": "sqli_detector@v2"
|
|
6426
6681
|
}
|
|
6427
6682
|
],
|
|
6428
6683
|
"transformers": [],
|
|
@@ -6438,7 +6693,8 @@
|
|
|
6438
6693
|
"category": "attack_attempt",
|
|
6439
6694
|
"cwe": "918",
|
|
6440
6695
|
"capec": "1000/225/115/664",
|
|
6441
|
-
"confidence": "1"
|
|
6696
|
+
"confidence": "1",
|
|
6697
|
+
"module": "waf"
|
|
6442
6698
|
},
|
|
6443
6699
|
"conditions": [
|
|
6444
6700
|
{
|
|
@@ -6482,7 +6738,8 @@
|
|
|
6482
6738
|
"type": "js_code_injection",
|
|
6483
6739
|
"category": "attack_attempt",
|
|
6484
6740
|
"cwe": "94",
|
|
6485
|
-
"capec": "1000/152/242"
|
|
6741
|
+
"capec": "1000/152/242",
|
|
6742
|
+
"module": "waf"
|
|
6486
6743
|
},
|
|
6487
6744
|
"conditions": [
|
|
6488
6745
|
{
|
|
@@ -6527,7 +6784,8 @@
|
|
|
6527
6784
|
"category": "attack_attempt",
|
|
6528
6785
|
"cwe": "78",
|
|
6529
6786
|
"capec": "1000/152/248/88",
|
|
6530
|
-
"confidence": "1"
|
|
6787
|
+
"confidence": "1",
|
|
6788
|
+
"module": "waf"
|
|
6531
6789
|
},
|
|
6532
6790
|
"conditions": [
|
|
6533
6791
|
{
|
|
@@ -6570,7 +6828,8 @@
|
|
|
6570
6828
|
"category": "attack_attempt",
|
|
6571
6829
|
"cwe": "78",
|
|
6572
6830
|
"capec": "1000/152/248/88",
|
|
6573
|
-
"confidence": "1"
|
|
6831
|
+
"confidence": "1",
|
|
6832
|
+
"module": "waf"
|
|
6574
6833
|
},
|
|
6575
6834
|
"conditions": [
|
|
6576
6835
|
{
|
|
@@ -6615,7 +6874,8 @@
|
|
|
6615
6874
|
"category": "attack_attempt",
|
|
6616
6875
|
"cwe": "78",
|
|
6617
6876
|
"capec": "1000/152/248/88",
|
|
6618
|
-
"confidence": "1"
|
|
6877
|
+
"confidence": "1",
|
|
6878
|
+
"module": "waf"
|
|
6619
6879
|
},
|
|
6620
6880
|
"conditions": [
|
|
6621
6881
|
{
|
|
@@ -6658,7 +6918,8 @@
|
|
|
6658
6918
|
"category": "attack_attempt",
|
|
6659
6919
|
"cwe": "918",
|
|
6660
6920
|
"capec": "1000/225/115/664",
|
|
6661
|
-
"confidence": "1"
|
|
6921
|
+
"confidence": "1",
|
|
6922
|
+
"module": "waf"
|
|
6662
6923
|
},
|
|
6663
6924
|
"conditions": [
|
|
6664
6925
|
{
|
|
@@ -6701,7 +6962,8 @@
|
|
|
6701
6962
|
"category": "attack_attempt",
|
|
6702
6963
|
"cwe": "918",
|
|
6703
6964
|
"capec": "1000/225/115/664",
|
|
6704
|
-
"confidence": "0"
|
|
6965
|
+
"confidence": "0",
|
|
6966
|
+
"module": "waf"
|
|
6705
6967
|
},
|
|
6706
6968
|
"conditions": [
|
|
6707
6969
|
{
|
|
@@ -6743,7 +7005,8 @@
|
|
|
6743
7005
|
"category": "attack_attempt",
|
|
6744
7006
|
"cwe": "918",
|
|
6745
7007
|
"capec": "1000/225/115/664",
|
|
6746
|
-
"confidence": "0"
|
|
7008
|
+
"confidence": "0",
|
|
7009
|
+
"module": "waf"
|
|
6747
7010
|
},
|
|
6748
7011
|
"conditions": [
|
|
6749
7012
|
{
|
|
@@ -6785,7 +7048,8 @@
|
|
|
6785
7048
|
"category": "attack_attempt",
|
|
6786
7049
|
"cwe": "918",
|
|
6787
7050
|
"capec": "1000/225/115/664",
|
|
6788
|
-
"confidence": "1"
|
|
7051
|
+
"confidence": "1",
|
|
7052
|
+
"module": "waf"
|
|
6789
7053
|
},
|
|
6790
7054
|
"conditions": [
|
|
6791
7055
|
{
|
|
@@ -6813,7 +7077,7 @@
|
|
|
6813
7077
|
"address": "graphql.server.resolver"
|
|
6814
7078
|
}
|
|
6815
7079
|
],
|
|
6816
|
-
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru)"
|
|
7080
|
+
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru|dnslog\\.\\w+)"
|
|
6817
7081
|
},
|
|
6818
7082
|
"operator": "match_regex"
|
|
6819
7083
|
}
|
|
@@ -6828,7 +7092,8 @@
|
|
|
6828
7092
|
"category": "attack_attempt",
|
|
6829
7093
|
"cwe": "918",
|
|
6830
7094
|
"capec": "1000/225/115/664",
|
|
6831
|
-
"confidence": "0"
|
|
7095
|
+
"confidence": "0",
|
|
7096
|
+
"module": "waf"
|
|
6832
7097
|
},
|
|
6833
7098
|
"conditions": [
|
|
6834
7099
|
{
|
|
@@ -6870,7 +7135,8 @@
|
|
|
6870
7135
|
"category": "attack_attempt",
|
|
6871
7136
|
"cwe": "94",
|
|
6872
7137
|
"capec": "1000/152/242",
|
|
6873
|
-
"confidence": "1"
|
|
7138
|
+
"confidence": "1",
|
|
7139
|
+
"module": "waf"
|
|
6874
7140
|
},
|
|
6875
7141
|
"conditions": [
|
|
6876
7142
|
{
|
|
@@ -6916,7 +7182,8 @@
|
|
|
6916
7182
|
"cwe": "200",
|
|
6917
7183
|
"capec": "1000/118/169",
|
|
6918
7184
|
"tool_name": "Joomla exploitation tool",
|
|
6919
|
-
"confidence": "1"
|
|
7185
|
+
"confidence": "1",
|
|
7186
|
+
"module": "waf"
|
|
6920
7187
|
},
|
|
6921
7188
|
"conditions": [
|
|
6922
7189
|
{
|
|
@@ -6945,7 +7212,8 @@
|
|
|
6945
7212
|
"cwe": "200",
|
|
6946
7213
|
"capec": "1000/118/169",
|
|
6947
7214
|
"tool_name": "Nessus",
|
|
6948
|
-
"confidence": "1"
|
|
7215
|
+
"confidence": "1",
|
|
7216
|
+
"module": "waf"
|
|
6949
7217
|
},
|
|
6950
7218
|
"conditions": [
|
|
6951
7219
|
{
|
|
@@ -6974,7 +7242,8 @@
|
|
|
6974
7242
|
"cwe": "200",
|
|
6975
7243
|
"capec": "1000/118/169",
|
|
6976
7244
|
"tool_name": "Arachni",
|
|
6977
|
-
"confidence": "1"
|
|
7245
|
+
"confidence": "1",
|
|
7246
|
+
"module": "waf"
|
|
6978
7247
|
},
|
|
6979
7248
|
"conditions": [
|
|
6980
7249
|
{
|
|
@@ -7003,7 +7272,8 @@
|
|
|
7003
7272
|
"cwe": "200",
|
|
7004
7273
|
"capec": "1000/118/169",
|
|
7005
7274
|
"tool_name": "Jorgee",
|
|
7006
|
-
"confidence": "1"
|
|
7275
|
+
"confidence": "1",
|
|
7276
|
+
"module": "waf"
|
|
7007
7277
|
},
|
|
7008
7278
|
"conditions": [
|
|
7009
7279
|
{
|
|
@@ -7032,7 +7302,8 @@
|
|
|
7032
7302
|
"cwe": "200",
|
|
7033
7303
|
"capec": "1000/118/169",
|
|
7034
7304
|
"tool_name": "Probely",
|
|
7035
|
-
"confidence": "0"
|
|
7305
|
+
"confidence": "0",
|
|
7306
|
+
"module": "waf"
|
|
7036
7307
|
},
|
|
7037
7308
|
"conditions": [
|
|
7038
7309
|
{
|
|
@@ -7061,7 +7332,8 @@
|
|
|
7061
7332
|
"cwe": "200",
|
|
7062
7333
|
"capec": "1000/118/169",
|
|
7063
7334
|
"tool_name": "Metis",
|
|
7064
|
-
"confidence": "1"
|
|
7335
|
+
"confidence": "1",
|
|
7336
|
+
"module": "waf"
|
|
7065
7337
|
},
|
|
7066
7338
|
"conditions": [
|
|
7067
7339
|
{
|
|
@@ -7090,7 +7362,8 @@
|
|
|
7090
7362
|
"cwe": "200",
|
|
7091
7363
|
"capec": "1000/118/169",
|
|
7092
7364
|
"tool_name": "SQLPowerInjector",
|
|
7093
|
-
"confidence": "1"
|
|
7365
|
+
"confidence": "1",
|
|
7366
|
+
"module": "waf"
|
|
7094
7367
|
},
|
|
7095
7368
|
"conditions": [
|
|
7096
7369
|
{
|
|
@@ -7119,7 +7392,8 @@
|
|
|
7119
7392
|
"cwe": "200",
|
|
7120
7393
|
"capec": "1000/118/169",
|
|
7121
7394
|
"tool_name": "N-Stealth",
|
|
7122
|
-
"confidence": "1"
|
|
7395
|
+
"confidence": "1",
|
|
7396
|
+
"module": "waf"
|
|
7123
7397
|
},
|
|
7124
7398
|
"conditions": [
|
|
7125
7399
|
{
|
|
@@ -7148,7 +7422,8 @@
|
|
|
7148
7422
|
"cwe": "200",
|
|
7149
7423
|
"capec": "1000/118/169",
|
|
7150
7424
|
"tool_name": "Brutus",
|
|
7151
|
-
"confidence": "1"
|
|
7425
|
+
"confidence": "1",
|
|
7426
|
+
"module": "waf"
|
|
7152
7427
|
},
|
|
7153
7428
|
"conditions": [
|
|
7154
7429
|
{
|
|
@@ -7176,7 +7451,8 @@
|
|
|
7176
7451
|
"category": "attack_attempt",
|
|
7177
7452
|
"cwe": "200",
|
|
7178
7453
|
"capec": "1000/118/169",
|
|
7179
|
-
"confidence": "1"
|
|
7454
|
+
"confidence": "1",
|
|
7455
|
+
"module": "waf"
|
|
7180
7456
|
},
|
|
7181
7457
|
"conditions": [
|
|
7182
7458
|
{
|
|
@@ -7205,7 +7481,8 @@
|
|
|
7205
7481
|
"cwe": "200",
|
|
7206
7482
|
"capec": "1000/118/169",
|
|
7207
7483
|
"tool_name": "Netsparker",
|
|
7208
|
-
"confidence": "0"
|
|
7484
|
+
"confidence": "0",
|
|
7485
|
+
"module": "waf"
|
|
7209
7486
|
},
|
|
7210
7487
|
"conditions": [
|
|
7211
7488
|
{
|
|
@@ -7234,7 +7511,8 @@
|
|
|
7234
7511
|
"cwe": "200",
|
|
7235
7512
|
"capec": "1000/118/169",
|
|
7236
7513
|
"tool_name": "JAASCois",
|
|
7237
|
-
"confidence": "1"
|
|
7514
|
+
"confidence": "1",
|
|
7515
|
+
"module": "waf"
|
|
7238
7516
|
},
|
|
7239
7517
|
"conditions": [
|
|
7240
7518
|
{
|
|
@@ -7263,7 +7541,8 @@
|
|
|
7263
7541
|
"cwe": "200",
|
|
7264
7542
|
"capec": "1000/118/169",
|
|
7265
7543
|
"tool_name": "Nsauditor",
|
|
7266
|
-
"confidence": "1"
|
|
7544
|
+
"confidence": "1",
|
|
7545
|
+
"module": "waf"
|
|
7267
7546
|
},
|
|
7268
7547
|
"conditions": [
|
|
7269
7548
|
{
|
|
@@ -7292,7 +7571,8 @@
|
|
|
7292
7571
|
"cwe": "200",
|
|
7293
7572
|
"capec": "1000/118/169",
|
|
7294
7573
|
"tool_name": "Paros",
|
|
7295
|
-
"confidence": "1"
|
|
7574
|
+
"confidence": "1",
|
|
7575
|
+
"module": "waf"
|
|
7296
7576
|
},
|
|
7297
7577
|
"conditions": [
|
|
7298
7578
|
{
|
|
@@ -7321,7 +7601,8 @@
|
|
|
7321
7601
|
"cwe": "200",
|
|
7322
7602
|
"capec": "1000/118/169",
|
|
7323
7603
|
"tool_name": "DirBuster",
|
|
7324
|
-
"confidence": "1"
|
|
7604
|
+
"confidence": "1",
|
|
7605
|
+
"module": "waf"
|
|
7325
7606
|
},
|
|
7326
7607
|
"conditions": [
|
|
7327
7608
|
{
|
|
@@ -7350,7 +7631,8 @@
|
|
|
7350
7631
|
"cwe": "200",
|
|
7351
7632
|
"capec": "1000/118/169",
|
|
7352
7633
|
"tool_name": "Pangolin",
|
|
7353
|
-
"confidence": "1"
|
|
7634
|
+
"confidence": "1",
|
|
7635
|
+
"module": "waf"
|
|
7354
7636
|
},
|
|
7355
7637
|
"conditions": [
|
|
7356
7638
|
{
|
|
@@ -7379,7 +7661,8 @@
|
|
|
7379
7661
|
"cwe": "200",
|
|
7380
7662
|
"capec": "1000/118/169",
|
|
7381
7663
|
"tool_name": "Qualys",
|
|
7382
|
-
"confidence": "0"
|
|
7664
|
+
"confidence": "0",
|
|
7665
|
+
"module": "waf"
|
|
7383
7666
|
},
|
|
7384
7667
|
"conditions": [
|
|
7385
7668
|
{
|
|
@@ -7408,7 +7691,8 @@
|
|
|
7408
7691
|
"cwe": "200",
|
|
7409
7692
|
"capec": "1000/118/169",
|
|
7410
7693
|
"tool_name": "SQLNinja",
|
|
7411
|
-
"confidence": "1"
|
|
7694
|
+
"confidence": "1",
|
|
7695
|
+
"module": "waf"
|
|
7412
7696
|
},
|
|
7413
7697
|
"conditions": [
|
|
7414
7698
|
{
|
|
@@ -7437,7 +7721,8 @@
|
|
|
7437
7721
|
"cwe": "200",
|
|
7438
7722
|
"capec": "1000/118/169",
|
|
7439
7723
|
"tool_name": "Nikto",
|
|
7440
|
-
"confidence": "1"
|
|
7724
|
+
"confidence": "1",
|
|
7725
|
+
"module": "waf"
|
|
7441
7726
|
},
|
|
7442
7727
|
"conditions": [
|
|
7443
7728
|
{
|
|
@@ -7466,7 +7751,8 @@
|
|
|
7466
7751
|
"cwe": "200",
|
|
7467
7752
|
"capec": "1000/118/169",
|
|
7468
7753
|
"tool_name": "BlackWidow",
|
|
7469
|
-
"confidence": "1"
|
|
7754
|
+
"confidence": "1",
|
|
7755
|
+
"module": "waf"
|
|
7470
7756
|
},
|
|
7471
7757
|
"conditions": [
|
|
7472
7758
|
{
|
|
@@ -7495,7 +7781,8 @@
|
|
|
7495
7781
|
"cwe": "200",
|
|
7496
7782
|
"capec": "1000/118/169",
|
|
7497
7783
|
"tool_name": "Grendel-Scan",
|
|
7498
|
-
"confidence": "1"
|
|
7784
|
+
"confidence": "1",
|
|
7785
|
+
"module": "waf"
|
|
7499
7786
|
},
|
|
7500
7787
|
"conditions": [
|
|
7501
7788
|
{
|
|
@@ -7524,7 +7811,8 @@
|
|
|
7524
7811
|
"cwe": "200",
|
|
7525
7812
|
"capec": "1000/118/169",
|
|
7526
7813
|
"tool_name": "Havij",
|
|
7527
|
-
"confidence": "1"
|
|
7814
|
+
"confidence": "1",
|
|
7815
|
+
"module": "waf"
|
|
7528
7816
|
},
|
|
7529
7817
|
"conditions": [
|
|
7530
7818
|
{
|
|
@@ -7553,7 +7841,8 @@
|
|
|
7553
7841
|
"cwe": "200",
|
|
7554
7842
|
"capec": "1000/118/169",
|
|
7555
7843
|
"tool_name": "w3af",
|
|
7556
|
-
"confidence": "1"
|
|
7844
|
+
"confidence": "1",
|
|
7845
|
+
"module": "waf"
|
|
7557
7846
|
},
|
|
7558
7847
|
"conditions": [
|
|
7559
7848
|
{
|
|
@@ -7582,7 +7871,8 @@
|
|
|
7582
7871
|
"cwe": "200",
|
|
7583
7872
|
"capec": "1000/118/169",
|
|
7584
7873
|
"tool_name": "Nmap",
|
|
7585
|
-
"confidence": "1"
|
|
7874
|
+
"confidence": "1",
|
|
7875
|
+
"module": "waf"
|
|
7586
7876
|
},
|
|
7587
7877
|
"conditions": [
|
|
7588
7878
|
{
|
|
@@ -7595,7 +7885,7 @@
|
|
|
7595
7885
|
]
|
|
7596
7886
|
}
|
|
7597
7887
|
],
|
|
7598
|
-
"regex": "nmap (nse|scripting engine)"
|
|
7888
|
+
"regex": "nmap (nse|scripting engine|icap-client/)"
|
|
7599
7889
|
},
|
|
7600
7890
|
"operator": "match_regex"
|
|
7601
7891
|
}
|
|
@@ -7611,7 +7901,8 @@
|
|
|
7611
7901
|
"cwe": "200",
|
|
7612
7902
|
"capec": "1000/118/169",
|
|
7613
7903
|
"tool_name": "Nessus",
|
|
7614
|
-
"confidence": "1"
|
|
7904
|
+
"confidence": "1",
|
|
7905
|
+
"module": "waf"
|
|
7615
7906
|
},
|
|
7616
7907
|
"conditions": [
|
|
7617
7908
|
{
|
|
@@ -7640,7 +7931,8 @@
|
|
|
7640
7931
|
"cwe": "200",
|
|
7641
7932
|
"capec": "1000/118/169",
|
|
7642
7933
|
"tool_name": "EvilScanner",
|
|
7643
|
-
"confidence": "1"
|
|
7934
|
+
"confidence": "1",
|
|
7935
|
+
"module": "waf"
|
|
7644
7936
|
},
|
|
7645
7937
|
"conditions": [
|
|
7646
7938
|
{
|
|
@@ -7669,7 +7961,8 @@
|
|
|
7669
7961
|
"cwe": "200",
|
|
7670
7962
|
"capec": "1000/118/169",
|
|
7671
7963
|
"tool_name": "WebFuck",
|
|
7672
|
-
"confidence": "1"
|
|
7964
|
+
"confidence": "1",
|
|
7965
|
+
"module": "waf"
|
|
7673
7966
|
},
|
|
7674
7967
|
"conditions": [
|
|
7675
7968
|
{
|
|
@@ -7698,7 +7991,8 @@
|
|
|
7698
7991
|
"cwe": "200",
|
|
7699
7992
|
"capec": "1000/118/169",
|
|
7700
7993
|
"tool_name": "OpenVAS",
|
|
7701
|
-
"confidence": "1"
|
|
7994
|
+
"confidence": "1",
|
|
7995
|
+
"module": "waf"
|
|
7702
7996
|
},
|
|
7703
7997
|
"conditions": [
|
|
7704
7998
|
{
|
|
@@ -7727,7 +8021,8 @@
|
|
|
7727
8021
|
"cwe": "200",
|
|
7728
8022
|
"capec": "1000/118/169",
|
|
7729
8023
|
"tool_name": "Spider-Pig",
|
|
7730
|
-
"confidence": "1"
|
|
8024
|
+
"confidence": "1",
|
|
8025
|
+
"module": "waf"
|
|
7731
8026
|
},
|
|
7732
8027
|
"conditions": [
|
|
7733
8028
|
{
|
|
@@ -7756,7 +8051,8 @@
|
|
|
7756
8051
|
"cwe": "200",
|
|
7757
8052
|
"capec": "1000/118/169",
|
|
7758
8053
|
"tool_name": "Zgrab",
|
|
7759
|
-
"confidence": "1"
|
|
8054
|
+
"confidence": "1",
|
|
8055
|
+
"module": "waf"
|
|
7760
8056
|
},
|
|
7761
8057
|
"conditions": [
|
|
7762
8058
|
{
|
|
@@ -7785,7 +8081,8 @@
|
|
|
7785
8081
|
"cwe": "200",
|
|
7786
8082
|
"capec": "1000/118/169",
|
|
7787
8083
|
"tool_name": "Zmeu",
|
|
7788
|
-
"confidence": "1"
|
|
8084
|
+
"confidence": "1",
|
|
8085
|
+
"module": "waf"
|
|
7789
8086
|
},
|
|
7790
8087
|
"conditions": [
|
|
7791
8088
|
{
|
|
@@ -7814,7 +8111,8 @@
|
|
|
7814
8111
|
"cwe": "200",
|
|
7815
8112
|
"capec": "1000/118/169",
|
|
7816
8113
|
"tool_name": "GoogleSecurityScanner",
|
|
7817
|
-
"confidence": "0"
|
|
8114
|
+
"confidence": "0",
|
|
8115
|
+
"module": "waf"
|
|
7818
8116
|
},
|
|
7819
8117
|
"conditions": [
|
|
7820
8118
|
{
|
|
@@ -7843,7 +8141,8 @@
|
|
|
7843
8141
|
"cwe": "200",
|
|
7844
8142
|
"capec": "1000/118/169",
|
|
7845
8143
|
"tool_name": "Commix",
|
|
7846
|
-
"confidence": "1"
|
|
8144
|
+
"confidence": "1",
|
|
8145
|
+
"module": "waf"
|
|
7847
8146
|
},
|
|
7848
8147
|
"conditions": [
|
|
7849
8148
|
{
|
|
@@ -7872,7 +8171,8 @@
|
|
|
7872
8171
|
"cwe": "200",
|
|
7873
8172
|
"capec": "1000/118/169",
|
|
7874
8173
|
"tool_name": "Gobuster",
|
|
7875
|
-
"confidence": "1"
|
|
8174
|
+
"confidence": "1",
|
|
8175
|
+
"module": "waf"
|
|
7876
8176
|
},
|
|
7877
8177
|
"conditions": [
|
|
7878
8178
|
{
|
|
@@ -7901,7 +8201,8 @@
|
|
|
7901
8201
|
"cwe": "200",
|
|
7902
8202
|
"capec": "1000/118/169",
|
|
7903
8203
|
"tool_name": "CGIchk",
|
|
7904
|
-
"confidence": "1"
|
|
8204
|
+
"confidence": "1",
|
|
8205
|
+
"module": "waf"
|
|
7905
8206
|
},
|
|
7906
8207
|
"conditions": [
|
|
7907
8208
|
{
|
|
@@ -7930,7 +8231,8 @@
|
|
|
7930
8231
|
"cwe": "200",
|
|
7931
8232
|
"capec": "1000/118/169",
|
|
7932
8233
|
"tool_name": "FFUF",
|
|
7933
|
-
"confidence": "1"
|
|
8234
|
+
"confidence": "1",
|
|
8235
|
+
"module": "waf"
|
|
7934
8236
|
},
|
|
7935
8237
|
"conditions": [
|
|
7936
8238
|
{
|
|
@@ -7959,7 +8261,8 @@
|
|
|
7959
8261
|
"cwe": "200",
|
|
7960
8262
|
"capec": "1000/118/169",
|
|
7961
8263
|
"tool_name": "Nuclei",
|
|
7962
|
-
"confidence": "1"
|
|
8264
|
+
"confidence": "1",
|
|
8265
|
+
"module": "waf"
|
|
7963
8266
|
},
|
|
7964
8267
|
"conditions": [
|
|
7965
8268
|
{
|
|
@@ -7988,7 +8291,8 @@
|
|
|
7988
8291
|
"cwe": "200",
|
|
7989
8292
|
"capec": "1000/118/169",
|
|
7990
8293
|
"tool_name": "Tsunami",
|
|
7991
|
-
"confidence": "1"
|
|
8294
|
+
"confidence": "1",
|
|
8295
|
+
"module": "waf"
|
|
7992
8296
|
},
|
|
7993
8297
|
"conditions": [
|
|
7994
8298
|
{
|
|
@@ -8017,7 +8321,8 @@
|
|
|
8017
8321
|
"cwe": "200",
|
|
8018
8322
|
"capec": "1000/118/169",
|
|
8019
8323
|
"tool_name": "Nimbostratus",
|
|
8020
|
-
"confidence": "1"
|
|
8324
|
+
"confidence": "1",
|
|
8325
|
+
"module": "waf"
|
|
8021
8326
|
},
|
|
8022
8327
|
"conditions": [
|
|
8023
8328
|
{
|
|
@@ -8046,7 +8351,8 @@
|
|
|
8046
8351
|
"cwe": "200",
|
|
8047
8352
|
"capec": "1000/118/169",
|
|
8048
8353
|
"tool_name": "Datadog Canary Test",
|
|
8049
|
-
"confidence": "1"
|
|
8354
|
+
"confidence": "1",
|
|
8355
|
+
"module": "waf"
|
|
8050
8356
|
},
|
|
8051
8357
|
"conditions": [
|
|
8052
8358
|
{
|
|
@@ -8081,7 +8387,8 @@
|
|
|
8081
8387
|
"cwe": "200",
|
|
8082
8388
|
"capec": "1000/118/169",
|
|
8083
8389
|
"tool_name": "Datadog Canary Test",
|
|
8084
|
-
"confidence": "1"
|
|
8390
|
+
"confidence": "1",
|
|
8391
|
+
"module": "waf"
|
|
8085
8392
|
},
|
|
8086
8393
|
"conditions": [
|
|
8087
8394
|
{
|
|
@@ -8119,7 +8426,8 @@
|
|
|
8119
8426
|
"cwe": "200",
|
|
8120
8427
|
"capec": "1000/118/169",
|
|
8121
8428
|
"tool_name": "AlertLogic",
|
|
8122
|
-
"confidence": "0"
|
|
8429
|
+
"confidence": "0",
|
|
8430
|
+
"module": "waf"
|
|
8123
8431
|
},
|
|
8124
8432
|
"conditions": [
|
|
8125
8433
|
{
|
|
@@ -8148,7 +8456,8 @@
|
|
|
8148
8456
|
"cwe": "200",
|
|
8149
8457
|
"capec": "1000/118/169",
|
|
8150
8458
|
"tool_name": "wfuzz",
|
|
8151
|
-
"confidence": "1"
|
|
8459
|
+
"confidence": "1",
|
|
8460
|
+
"module": "waf"
|
|
8152
8461
|
},
|
|
8153
8462
|
"conditions": [
|
|
8154
8463
|
{
|
|
@@ -8177,7 +8486,8 @@
|
|
|
8177
8486
|
"cwe": "200",
|
|
8178
8487
|
"capec": "1000/118/169",
|
|
8179
8488
|
"tool_name": "Detectify",
|
|
8180
|
-
"confidence": "0"
|
|
8489
|
+
"confidence": "0",
|
|
8490
|
+
"module": "waf"
|
|
8181
8491
|
},
|
|
8182
8492
|
"conditions": [
|
|
8183
8493
|
{
|
|
@@ -8206,7 +8516,8 @@
|
|
|
8206
8516
|
"cwe": "200",
|
|
8207
8517
|
"capec": "1000/118/169",
|
|
8208
8518
|
"tool_name": "BSQLBF",
|
|
8209
|
-
"confidence": "1"
|
|
8519
|
+
"confidence": "1",
|
|
8520
|
+
"module": "waf"
|
|
8210
8521
|
},
|
|
8211
8522
|
"conditions": [
|
|
8212
8523
|
{
|
|
@@ -8235,7 +8546,8 @@
|
|
|
8235
8546
|
"cwe": "200",
|
|
8236
8547
|
"capec": "1000/118/169",
|
|
8237
8548
|
"tool_name": "masscan",
|
|
8238
|
-
"confidence": "1"
|
|
8549
|
+
"confidence": "1",
|
|
8550
|
+
"module": "waf"
|
|
8239
8551
|
},
|
|
8240
8552
|
"conditions": [
|
|
8241
8553
|
{
|
|
@@ -8264,7 +8576,8 @@
|
|
|
8264
8576
|
"cwe": "200",
|
|
8265
8577
|
"capec": "1000/118/169",
|
|
8266
8578
|
"tool_name": "WPScan",
|
|
8267
|
-
"confidence": "1"
|
|
8579
|
+
"confidence": "1",
|
|
8580
|
+
"module": "waf"
|
|
8268
8581
|
},
|
|
8269
8582
|
"conditions": [
|
|
8270
8583
|
{
|
|
@@ -8293,7 +8606,8 @@
|
|
|
8293
8606
|
"cwe": "200",
|
|
8294
8607
|
"capec": "1000/118/169",
|
|
8295
8608
|
"tool_name": "Aon",
|
|
8296
|
-
"confidence": "0"
|
|
8609
|
+
"confidence": "0",
|
|
8610
|
+
"module": "waf"
|
|
8297
8611
|
},
|
|
8298
8612
|
"conditions": [
|
|
8299
8613
|
{
|
|
@@ -8322,7 +8636,8 @@
|
|
|
8322
8636
|
"cwe": "200",
|
|
8323
8637
|
"capec": "1000/118/169",
|
|
8324
8638
|
"tool_name": "feroxbuster",
|
|
8325
|
-
"confidence": "1"
|
|
8639
|
+
"confidence": "1",
|
|
8640
|
+
"module": "waf"
|
|
8326
8641
|
},
|
|
8327
8642
|
"conditions": [
|
|
8328
8643
|
{
|
|
@@ -8342,6 +8657,126 @@
|
|
|
8342
8657
|
],
|
|
8343
8658
|
"transformers": []
|
|
8344
8659
|
},
|
|
8660
|
+
{
|
|
8661
|
+
"id": "ua0-600-64x",
|
|
8662
|
+
"name": "ddg_win",
|
|
8663
|
+
"tags": {
|
|
8664
|
+
"type": "attack_tool",
|
|
8665
|
+
"category": "attack_attempt",
|
|
8666
|
+
"cwe": "200",
|
|
8667
|
+
"capec": "1000/118/169",
|
|
8668
|
+
"tool_name": "ddg_win",
|
|
8669
|
+
"confidence": "1",
|
|
8670
|
+
"module": "waf"
|
|
8671
|
+
},
|
|
8672
|
+
"conditions": [
|
|
8673
|
+
{
|
|
8674
|
+
"parameters": {
|
|
8675
|
+
"inputs": [
|
|
8676
|
+
{
|
|
8677
|
+
"address": "server.request.headers.no_cookies",
|
|
8678
|
+
"key_path": [
|
|
8679
|
+
"user-agent"
|
|
8680
|
+
]
|
|
8681
|
+
}
|
|
8682
|
+
],
|
|
8683
|
+
"regex": "\\bddg_win\\b"
|
|
8684
|
+
},
|
|
8685
|
+
"operator": "match_regex"
|
|
8686
|
+
}
|
|
8687
|
+
],
|
|
8688
|
+
"transformers": []
|
|
8689
|
+
},
|
|
8690
|
+
{
|
|
8691
|
+
"id": "ua0-600-65x",
|
|
8692
|
+
"name": "ISS",
|
|
8693
|
+
"tags": {
|
|
8694
|
+
"type": "commercial_scanner",
|
|
8695
|
+
"category": "attack_attempt",
|
|
8696
|
+
"cwe": "200",
|
|
8697
|
+
"capec": "1000/118/169",
|
|
8698
|
+
"tool_name": "iss",
|
|
8699
|
+
"confidence": "0",
|
|
8700
|
+
"module": "waf"
|
|
8701
|
+
},
|
|
8702
|
+
"conditions": [
|
|
8703
|
+
{
|
|
8704
|
+
"parameters": {
|
|
8705
|
+
"inputs": [
|
|
8706
|
+
{
|
|
8707
|
+
"address": "server.request.headers.no_cookies",
|
|
8708
|
+
"key_path": [
|
|
8709
|
+
"user-agent"
|
|
8710
|
+
]
|
|
8711
|
+
}
|
|
8712
|
+
],
|
|
8713
|
+
"regex": "\\bisscyberriskcrawler/\\d\\.\\d"
|
|
8714
|
+
},
|
|
8715
|
+
"operator": "match_regex"
|
|
8716
|
+
}
|
|
8717
|
+
],
|
|
8718
|
+
"transformers": []
|
|
8719
|
+
},
|
|
8720
|
+
{
|
|
8721
|
+
"id": "ua0-600-66x",
|
|
8722
|
+
"name": "BountyBot",
|
|
8723
|
+
"tags": {
|
|
8724
|
+
"type": "attack_tool",
|
|
8725
|
+
"category": "attack_attempt",
|
|
8726
|
+
"cwe": "200",
|
|
8727
|
+
"capec": "1000/118/169",
|
|
8728
|
+
"tool_name": "bountybot",
|
|
8729
|
+
"confidence": "1",
|
|
8730
|
+
"module": "waf"
|
|
8731
|
+
},
|
|
8732
|
+
"conditions": [
|
|
8733
|
+
{
|
|
8734
|
+
"parameters": {
|
|
8735
|
+
"inputs": [
|
|
8736
|
+
{
|
|
8737
|
+
"address": "server.request.headers.no_cookies",
|
|
8738
|
+
"key_path": [
|
|
8739
|
+
"user-agent"
|
|
8740
|
+
]
|
|
8741
|
+
}
|
|
8742
|
+
],
|
|
8743
|
+
"regex": "\\bbountybot\\b"
|
|
8744
|
+
},
|
|
8745
|
+
"operator": "match_regex"
|
|
8746
|
+
}
|
|
8747
|
+
],
|
|
8748
|
+
"transformers": []
|
|
8749
|
+
},
|
|
8750
|
+
{
|
|
8751
|
+
"id": "ua0-600-67x",
|
|
8752
|
+
"name": "ZumBot",
|
|
8753
|
+
"tags": {
|
|
8754
|
+
"type": "attack_tool",
|
|
8755
|
+
"category": "attack_attempt",
|
|
8756
|
+
"cwe": "200",
|
|
8757
|
+
"capec": "1000/118/169",
|
|
8758
|
+
"tool_name": "zumbot",
|
|
8759
|
+
"confidence": "1",
|
|
8760
|
+
"module": "waf"
|
|
8761
|
+
},
|
|
8762
|
+
"conditions": [
|
|
8763
|
+
{
|
|
8764
|
+
"parameters": {
|
|
8765
|
+
"inputs": [
|
|
8766
|
+
{
|
|
8767
|
+
"address": "server.request.headers.no_cookies",
|
|
8768
|
+
"key_path": [
|
|
8769
|
+
"user-agent"
|
|
8770
|
+
]
|
|
8771
|
+
}
|
|
8772
|
+
],
|
|
8773
|
+
"regex": "\\bzumbot\\b"
|
|
8774
|
+
},
|
|
8775
|
+
"operator": "match_regex"
|
|
8776
|
+
}
|
|
8777
|
+
],
|
|
8778
|
+
"transformers": []
|
|
8779
|
+
},
|
|
8345
8780
|
{
|
|
8346
8781
|
"id": "ua0-600-6xx",
|
|
8347
8782
|
"name": "Stealthy scanner",
|
|
@@ -8350,7 +8785,8 @@
|
|
|
8350
8785
|
"category": "attack_attempt",
|
|
8351
8786
|
"cwe": "200",
|
|
8352
8787
|
"capec": "1000/118/169",
|
|
8353
|
-
"confidence": "1"
|
|
8788
|
+
"confidence": "1",
|
|
8789
|
+
"module": "waf"
|
|
8354
8790
|
},
|
|
8355
8791
|
"conditions": [
|
|
8356
8792
|
{
|
|
@@ -8382,7 +8818,8 @@
|
|
|
8382
8818
|
"cwe": "200",
|
|
8383
8819
|
"capec": "1000/118/169",
|
|
8384
8820
|
"tool_name": "SQLmap",
|
|
8385
|
-
"confidence": "1"
|
|
8821
|
+
"confidence": "1",
|
|
8822
|
+
"module": "waf"
|
|
8386
8823
|
},
|
|
8387
8824
|
"conditions": [
|
|
8388
8825
|
{
|
|
@@ -8411,7 +8848,8 @@
|
|
|
8411
8848
|
"cwe": "200",
|
|
8412
8849
|
"capec": "1000/118/169",
|
|
8413
8850
|
"tool_name": "Skipfish",
|
|
8414
|
-
"confidence": "1"
|
|
8851
|
+
"confidence": "1",
|
|
8852
|
+
"module": "waf"
|
|
8415
8853
|
},
|
|
8416
8854
|
"conditions": [
|
|
8417
8855
|
{
|
|
@@ -8436,24 +8874,7 @@
|
|
|
8436
8874
|
{
|
|
8437
8875
|
"id": "http-endpoint-fingerprint",
|
|
8438
8876
|
"generator": "http_endpoint_fingerprint",
|
|
8439
|
-
"conditions": [
|
|
8440
|
-
{
|
|
8441
|
-
"operator": "exists",
|
|
8442
|
-
"parameters": {
|
|
8443
|
-
"inputs": [
|
|
8444
|
-
{
|
|
8445
|
-
"address": "waf.context.event"
|
|
8446
|
-
},
|
|
8447
|
-
{
|
|
8448
|
-
"address": "server.business_logic.users.login.failure"
|
|
8449
|
-
},
|
|
8450
|
-
{
|
|
8451
|
-
"address": "server.business_logic.users.login.success"
|
|
8452
|
-
}
|
|
8453
|
-
]
|
|
8454
|
-
}
|
|
8455
|
-
}
|
|
8456
|
-
],
|
|
8877
|
+
"conditions": [],
|
|
8457
8878
|
"parameters": {
|
|
8458
8879
|
"mappings": [
|
|
8459
8880
|
{
|
|
@@ -8481,7 +8902,7 @@
|
|
|
8481
8902
|
}
|
|
8482
8903
|
]
|
|
8483
8904
|
},
|
|
8484
|
-
"evaluate":
|
|
8905
|
+
"evaluate": true,
|
|
8485
8906
|
"output": true
|
|
8486
8907
|
},
|
|
8487
8908
|
{
|
|
@@ -8637,24 +9058,7 @@
|
|
|
8637
9058
|
{
|
|
8638
9059
|
"id": "http-header-fingerprint",
|
|
8639
9060
|
"generator": "http_header_fingerprint",
|
|
8640
|
-
"conditions": [
|
|
8641
|
-
{
|
|
8642
|
-
"operator": "exists",
|
|
8643
|
-
"parameters": {
|
|
8644
|
-
"inputs": [
|
|
8645
|
-
{
|
|
8646
|
-
"address": "waf.context.event"
|
|
8647
|
-
},
|
|
8648
|
-
{
|
|
8649
|
-
"address": "server.business_logic.users.login.failure"
|
|
8650
|
-
},
|
|
8651
|
-
{
|
|
8652
|
-
"address": "server.business_logic.users.login.success"
|
|
8653
|
-
}
|
|
8654
|
-
]
|
|
8655
|
-
}
|
|
8656
|
-
}
|
|
8657
|
-
],
|
|
9061
|
+
"conditions": [],
|
|
8658
9062
|
"parameters": {
|
|
8659
9063
|
"mappings": [
|
|
8660
9064
|
{
|
|
@@ -8667,30 +9071,13 @@
|
|
|
8667
9071
|
}
|
|
8668
9072
|
]
|
|
8669
9073
|
},
|
|
8670
|
-
"evaluate":
|
|
9074
|
+
"evaluate": true,
|
|
8671
9075
|
"output": true
|
|
8672
9076
|
},
|
|
8673
9077
|
{
|
|
8674
9078
|
"id": "http-network-fingerprint",
|
|
8675
9079
|
"generator": "http_network_fingerprint",
|
|
8676
|
-
"conditions": [
|
|
8677
|
-
{
|
|
8678
|
-
"operator": "exists",
|
|
8679
|
-
"parameters": {
|
|
8680
|
-
"inputs": [
|
|
8681
|
-
{
|
|
8682
|
-
"address": "waf.context.event"
|
|
8683
|
-
},
|
|
8684
|
-
{
|
|
8685
|
-
"address": "server.business_logic.users.login.failure"
|
|
8686
|
-
},
|
|
8687
|
-
{
|
|
8688
|
-
"address": "server.business_logic.users.login.success"
|
|
8689
|
-
}
|
|
8690
|
-
]
|
|
8691
|
-
}
|
|
8692
|
-
}
|
|
8693
|
-
],
|
|
9080
|
+
"conditions": [],
|
|
8694
9081
|
"parameters": {
|
|
8695
9082
|
"mappings": [
|
|
8696
9083
|
{
|
|
@@ -8703,30 +9090,13 @@
|
|
|
8703
9090
|
}
|
|
8704
9091
|
]
|
|
8705
9092
|
},
|
|
8706
|
-
"evaluate":
|
|
9093
|
+
"evaluate": true,
|
|
8707
9094
|
"output": true
|
|
8708
9095
|
},
|
|
8709
9096
|
{
|
|
8710
9097
|
"id": "session-fingerprint",
|
|
8711
9098
|
"generator": "session_fingerprint",
|
|
8712
|
-
"conditions": [
|
|
8713
|
-
{
|
|
8714
|
-
"operator": "exists",
|
|
8715
|
-
"parameters": {
|
|
8716
|
-
"inputs": [
|
|
8717
|
-
{
|
|
8718
|
-
"address": "waf.context.event"
|
|
8719
|
-
},
|
|
8720
|
-
{
|
|
8721
|
-
"address": "server.business_logic.users.login.failure"
|
|
8722
|
-
},
|
|
8723
|
-
{
|
|
8724
|
-
"address": "server.business_logic.users.login.success"
|
|
8725
|
-
}
|
|
8726
|
-
]
|
|
8727
|
-
}
|
|
8728
|
-
}
|
|
8729
|
-
],
|
|
9099
|
+
"conditions": [],
|
|
8730
9100
|
"parameters": {
|
|
8731
9101
|
"mappings": [
|
|
8732
9102
|
{
|
|
@@ -8749,7 +9119,7 @@
|
|
|
8749
9119
|
}
|
|
8750
9120
|
]
|
|
8751
9121
|
},
|
|
8752
|
-
"evaluate":
|
|
9122
|
+
"evaluate": true,
|
|
8753
9123
|
"output": true
|
|
8754
9124
|
}
|
|
8755
9125
|
],
|