datadog 2.8.0 → 2.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (108) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +36 -1
  3. data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
  4. data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +64 -54
  5. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
  6. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
  7. data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
  8. data/ext/datadog_profiling_native_extension/collectors_stack.c +7 -7
  9. data/ext/datadog_profiling_native_extension/collectors_thread_context.c +219 -122
  10. data/ext/datadog_profiling_native_extension/heap_recorder.h +1 -1
  11. data/ext/datadog_profiling_native_extension/http_transport.c +4 -4
  12. data/ext/datadog_profiling_native_extension/private_vm_api_access.c +3 -0
  13. data/ext/datadog_profiling_native_extension/private_vm_api_access.h +3 -1
  14. data/ext/datadog_profiling_native_extension/profiling.c +10 -8
  15. data/ext/datadog_profiling_native_extension/ruby_helpers.c +8 -8
  16. data/ext/datadog_profiling_native_extension/stack_recorder.c +54 -54
  17. data/ext/datadog_profiling_native_extension/stack_recorder.h +1 -1
  18. data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
  19. data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
  20. data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
  21. data/ext/libdatadog_api/crashtracker.c +3 -0
  22. data/lib/datadog/appsec/assets/waf_rules/recommended.json +355 -157
  23. data/lib/datadog/appsec/assets/waf_rules/strict.json +62 -32
  24. data/lib/datadog/appsec/context.rb +54 -0
  25. data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +7 -7
  26. data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +6 -6
  27. data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +4 -4
  28. data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +19 -28
  29. data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +5 -5
  30. data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
  31. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +64 -96
  32. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +10 -10
  33. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +5 -5
  34. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +6 -6
  35. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
  36. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +43 -49
  37. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +21 -32
  38. data/lib/datadog/appsec/contrib/rails/patcher.rb +1 -1
  39. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +6 -6
  40. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +41 -63
  41. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +2 -2
  42. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +5 -5
  43. data/lib/datadog/appsec/event.rb +6 -6
  44. data/lib/datadog/appsec/ext.rb +3 -1
  45. data/lib/datadog/appsec/monitor/gateway/watcher.rb +22 -32
  46. data/lib/datadog/appsec/monitor/reactive/set_user.rb +5 -5
  47. data/lib/datadog/appsec/processor/rule_loader.rb +0 -3
  48. data/lib/datadog/appsec.rb +3 -3
  49. data/lib/datadog/auto_instrument.rb +3 -0
  50. data/lib/datadog/core/configuration/agent_settings_resolver.rb +39 -11
  51. data/lib/datadog/core/configuration/components.rb +4 -2
  52. data/lib/datadog/core/configuration.rb +1 -1
  53. data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
  54. data/lib/datadog/core/crashtracking/component.rb +1 -3
  55. data/lib/datadog/core/telemetry/event.rb +87 -3
  56. data/lib/datadog/core/telemetry/logging.rb +2 -2
  57. data/lib/datadog/core/telemetry/metric.rb +22 -0
  58. data/lib/datadog/core/telemetry/worker.rb +33 -0
  59. data/lib/datadog/di/base.rb +115 -0
  60. data/lib/datadog/di/code_tracker.rb +7 -4
  61. data/lib/datadog/di/component.rb +17 -11
  62. data/lib/datadog/di/configuration/settings.rb +11 -1
  63. data/lib/datadog/di/contrib/railtie.rb +15 -0
  64. data/lib/datadog/di/contrib.rb +26 -0
  65. data/lib/datadog/di/error.rb +5 -0
  66. data/lib/datadog/di/instrumenter.rb +39 -18
  67. data/lib/datadog/di/{init.rb → preload.rb} +2 -4
  68. data/lib/datadog/di/probe_manager.rb +4 -4
  69. data/lib/datadog/di/probe_notification_builder.rb +16 -2
  70. data/lib/datadog/di/probe_notifier_worker.rb +5 -6
  71. data/lib/datadog/di/remote.rb +4 -4
  72. data/lib/datadog/di/transport.rb +2 -4
  73. data/lib/datadog/di.rb +5 -108
  74. data/lib/datadog/kit/appsec/events.rb +3 -3
  75. data/lib/datadog/kit/identity.rb +4 -4
  76. data/lib/datadog/profiling/component.rb +55 -53
  77. data/lib/datadog/profiling/http_transport.rb +1 -26
  78. data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
  79. data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
  80. data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
  81. data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
  82. data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
  83. data/lib/datadog/tracing/contrib/active_record/integration.rb +6 -2
  84. data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +3 -1
  85. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +3 -1
  86. data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
  87. data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
  88. data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
  89. data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
  90. data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
  91. data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
  92. data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
  93. data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
  94. data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
  95. data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
  96. data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
  97. data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
  98. data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
  99. data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
  100. data/lib/datadog/tracing/span.rb +12 -4
  101. data/lib/datadog/tracing/span_event.rb +123 -3
  102. data/lib/datadog/tracing/span_operation.rb +6 -0
  103. data/lib/datadog/tracing/transport/serializable_trace.rb +24 -6
  104. data/lib/datadog/version.rb +1 -1
  105. metadata +19 -10
  106. data/lib/datadog/appsec/reactive/operation.rb +0 -68
  107. data/lib/datadog/appsec/scope.rb +0 -58
  108. data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/appsec/assets/waf_rules/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.13.1"
4
+ "rules_version": "1.13.3"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -9,7 +9,8 @@
9
9
  "name": "Block IP Addresses",
10
10
  "tags": {
11
11
  "type": "block_ip",
12
- "category": "security_response"
12
+ "category": "security_response",
13
+ "module": "network-acl"
13
14
  },
14
15
  "conditions": [
15
16
  {
@@ -34,7 +35,8 @@
34
35
  "name": "Block User Addresses",
35
36
  "tags": {
36
37
  "type": "block_user",
37
- "category": "security_response"
38
+ "category": "security_response",
39
+ "module": "authentication-acl"
38
40
  },
39
41
  "conditions": [
40
42
  {
@@ -64,7 +66,8 @@
64
66
  "tool_name": "Acunetix",
65
67
  "cwe": "200",
66
68
  "capec": "1000/118/169",
67
- "confidence": "0"
69
+ "confidence": "0",
70
+ "module": "waf"
68
71
  },
69
72
  "conditions": [
70
73
  {
@@ -98,7 +101,8 @@
98
101
  "category": "attack_attempt",
99
102
  "cwe": "200",
100
103
  "capec": "1000/118/169",
101
- "confidence": "1"
104
+ "confidence": "1",
105
+ "module": "waf"
102
106
  },
103
107
  "conditions": [
104
108
  {
@@ -162,7 +166,8 @@
162
166
  "category": "attack_attempt",
163
167
  "cwe": "176",
164
168
  "capec": "1000/255/153/267/71",
165
- "confidence": "0"
169
+ "confidence": "0",
170
+ "module": "waf"
166
171
  },
167
172
  "conditions": [
168
173
  {
@@ -191,7 +196,8 @@
191
196
  "crs_id": "921110",
192
197
  "category": "attack_attempt",
193
198
  "cwe": "444",
194
- "capec": "1000/210/272/220/33"
199
+ "capec": "1000/210/272/220/33",
200
+ "module": "waf"
195
201
  },
196
202
  "conditions": [
197
203
  {
@@ -228,7 +234,8 @@
228
234
  "crs_id": "921160",
229
235
  "category": "attack_attempt",
230
236
  "cwe": "113",
231
- "capec": "1000/210/272/220/105"
237
+ "capec": "1000/210/272/220/105",
238
+ "module": "waf"
232
239
  },
233
240
  "conditions": [
234
241
  {
@@ -263,7 +270,8 @@
263
270
  "category": "attack_attempt",
264
271
  "cwe": "22",
265
272
  "capec": "1000/255/153/126",
266
- "confidence": "1"
273
+ "confidence": "1",
274
+ "module": "waf"
267
275
  },
268
276
  "conditions": [
269
277
  {
@@ -297,7 +305,8 @@
297
305
  "category": "attack_attempt",
298
306
  "cwe": "22",
299
307
  "capec": "1000/255/153/126",
300
- "confidence": "1"
308
+ "confidence": "1",
309
+ "module": "waf"
301
310
  },
302
311
  "conditions": [
303
312
  {
@@ -1803,7 +1812,8 @@
1803
1812
  "category": "attack_attempt",
1804
1813
  "cwe": "98",
1805
1814
  "capec": "1000/152/175/253/193",
1806
- "confidence": "1"
1815
+ "confidence": "1",
1816
+ "module": "waf"
1807
1817
  },
1808
1818
  "conditions": [
1809
1819
  {
@@ -1831,7 +1841,8 @@
1831
1841
  "crs_id": "931120",
1832
1842
  "category": "attack_attempt",
1833
1843
  "cwe": "98",
1834
- "capec": "1000/152/175/253/193"
1844
+ "capec": "1000/152/175/253/193",
1845
+ "module": "waf"
1835
1846
  },
1836
1847
  "conditions": [
1837
1848
  {
@@ -1876,7 +1887,8 @@
1876
1887
  "category": "attack_attempt",
1877
1888
  "cwe": "77",
1878
1889
  "capec": "1000/152/248/88",
1879
- "confidence": "1"
1890
+ "confidence": "1",
1891
+ "module": "waf"
1880
1892
  },
1881
1893
  "conditions": [
1882
1894
  {
@@ -2388,7 +2400,8 @@
2388
2400
  "category": "attack_attempt",
2389
2401
  "cwe": "77",
2390
2402
  "capec": "1000/152/248/88",
2391
- "confidence": "1"
2403
+ "confidence": "1",
2404
+ "module": "waf"
2392
2405
  },
2393
2406
  "conditions": [
2394
2407
  {
@@ -2436,7 +2449,8 @@
2436
2449
  "category": "attack_attempt",
2437
2450
  "cwe": "706",
2438
2451
  "capec": "1000/225/122/17/177",
2439
- "confidence": "1"
2452
+ "confidence": "1",
2453
+ "module": "waf"
2440
2454
  },
2441
2455
  "conditions": [
2442
2456
  {
@@ -2500,7 +2514,8 @@
2500
2514
  "category": "attack_attempt",
2501
2515
  "cwe": "434",
2502
2516
  "capec": "1000/225/122/17/650",
2503
- "confidence": "1"
2517
+ "confidence": "1",
2518
+ "module": "waf"
2504
2519
  },
2505
2520
  "conditions": [
2506
2521
  {
@@ -2553,7 +2568,8 @@
2553
2568
  "category": "attack_attempt",
2554
2569
  "cwe": "94",
2555
2570
  "capec": "1000/225/122/17/650",
2556
- "confidence": "1"
2571
+ "confidence": "1",
2572
+ "module": "waf"
2557
2573
  },
2558
2574
  "conditions": [
2559
2575
  {
@@ -2620,7 +2636,8 @@
2620
2636
  "crs_id": "933131",
2621
2637
  "category": "attack_attempt",
2622
2638
  "cwe": "94",
2623
- "capec": "1000/225/122/17/650"
2639
+ "capec": "1000/225/122/17/650",
2640
+ "module": "waf"
2624
2641
  },
2625
2642
  "conditions": [
2626
2643
  {
@@ -2665,7 +2682,8 @@
2665
2682
  "category": "attack_attempt",
2666
2683
  "cwe": "94",
2667
2684
  "capec": "1000/225/122/17/650",
2668
- "confidence": "1"
2685
+ "confidence": "1",
2686
+ "module": "waf"
2669
2687
  },
2670
2688
  "conditions": [
2671
2689
  {
@@ -2709,7 +2727,8 @@
2709
2727
  "category": "attack_attempt",
2710
2728
  "cwe": "94",
2711
2729
  "capec": "1000/225/122/17/650",
2712
- "confidence": "1"
2730
+ "confidence": "1",
2731
+ "module": "waf"
2713
2732
  },
2714
2733
  "conditions": [
2715
2734
  {
@@ -2799,7 +2818,8 @@
2799
2818
  "crs_id": "933160",
2800
2819
  "category": "attack_attempt",
2801
2820
  "cwe": "94",
2802
- "capec": "1000/225/122/17/650"
2821
+ "capec": "1000/225/122/17/650",
2822
+ "module": "waf"
2803
2823
  },
2804
2824
  "conditions": [
2805
2825
  {
@@ -2824,7 +2844,7 @@
2824
2844
  "address": "graphql.server.resolver"
2825
2845
  }
2826
2846
  ],
2827
- "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
2847
+ "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)\\s*(?:[;\\.)}\\]|\\\\]|\\?>|%>|$)",
2828
2848
  "options": {
2829
2849
  "case_sensitive": true,
2830
2850
  "min_length": 5
@@ -2844,7 +2864,8 @@
2844
2864
  "category": "attack_attempt",
2845
2865
  "cwe": "502",
2846
2866
  "capec": "1000/152/586",
2847
- "confidence": "1"
2867
+ "confidence": "1",
2868
+ "module": "waf"
2848
2869
  },
2849
2870
  "conditions": [
2850
2871
  {
@@ -2891,7 +2912,8 @@
2891
2912
  "crs_id": "933200",
2892
2913
  "category": "attack_attempt",
2893
2914
  "cwe": "502",
2894
- "capec": "1000/152/586"
2915
+ "capec": "1000/152/586",
2916
+ "module": "waf"
2895
2917
  },
2896
2918
  "conditions": [
2897
2919
  {
@@ -2937,7 +2959,8 @@
2937
2959
  "crs_id": "934100",
2938
2960
  "category": "attack_attempt",
2939
2961
  "cwe": "94",
2940
- "capec": "1000/152/242"
2962
+ "capec": "1000/152/242",
2963
+ "module": "waf"
2941
2964
  },
2942
2965
  "conditions": [
2943
2966
  {
@@ -2982,7 +3005,8 @@
2982
3005
  "category": "attack_attempt",
2983
3006
  "confidence": "1",
2984
3007
  "cwe": "94",
2985
- "capec": "1000/152/242"
3008
+ "capec": "1000/152/242",
3009
+ "module": "waf"
2986
3010
  },
2987
3011
  "conditions": [
2988
3012
  {
@@ -3024,7 +3048,8 @@
3024
3048
  "category": "attack_attempt",
3025
3049
  "cwe": "80",
3026
3050
  "capec": "1000/152/242/63/591",
3027
- "confidence": "1"
3051
+ "confidence": "1",
3052
+ "module": "waf"
3028
3053
  },
3029
3054
  "conditions": [
3030
3055
  {
@@ -3081,7 +3106,8 @@
3081
3106
  "category": "attack_attempt",
3082
3107
  "cwe": "83",
3083
3108
  "capec": "1000/152/242/63/591/243",
3084
- "confidence": "1"
3109
+ "confidence": "1",
3110
+ "module": "waf"
3085
3111
  },
3086
3112
  "conditions": [
3087
3113
  {
@@ -3140,7 +3166,8 @@
3140
3166
  "category": "attack_attempt",
3141
3167
  "cwe": "84",
3142
3168
  "capec": "1000/152/242/63/591/244",
3143
- "confidence": "1"
3169
+ "confidence": "1",
3170
+ "module": "waf"
3144
3171
  },
3145
3172
  "conditions": [
3146
3173
  {
@@ -3199,7 +3226,8 @@
3199
3226
  "category": "attack_attempt",
3200
3227
  "cwe": "83",
3201
3228
  "capec": "1000/152/242/63/591/243",
3202
- "confidence": "1"
3229
+ "confidence": "1",
3230
+ "module": "waf"
3203
3231
  },
3204
3232
  "conditions": [
3205
3233
  {
@@ -3257,7 +3285,8 @@
3257
3285
  "crs_id": "941180",
3258
3286
  "category": "attack_attempt",
3259
3287
  "cwe": "79",
3260
- "capec": "1000/152/242/63/591"
3288
+ "capec": "1000/152/242/63/591",
3289
+ "module": "waf"
3261
3290
  },
3262
3291
  "conditions": [
3263
3292
  {
@@ -3311,7 +3340,8 @@
3311
3340
  "category": "attack_attempt",
3312
3341
  "cwe": "80",
3313
3342
  "capec": "1000/152/242/63/591",
3314
- "confidence": "1"
3343
+ "confidence": "1",
3344
+ "module": "waf"
3315
3345
  },
3316
3346
  "conditions": [
3317
3347
  {
@@ -3358,7 +3388,8 @@
3358
3388
  "category": "attack_attempt",
3359
3389
  "cwe": "80",
3360
3390
  "capec": "1000/152/242/63/591",
3361
- "confidence": "1"
3391
+ "confidence": "1",
3392
+ "module": "waf"
3362
3393
  },
3363
3394
  "conditions": [
3364
3395
  {
@@ -3405,7 +3436,8 @@
3405
3436
  "category": "attack_attempt",
3406
3437
  "cwe": "80",
3407
3438
  "capec": "1000/152/242/63/591",
3408
- "confidence": "1"
3439
+ "confidence": "1",
3440
+ "module": "waf"
3409
3441
  },
3410
3442
  "conditions": [
3411
3443
  {
@@ -3452,7 +3484,8 @@
3452
3484
  "category": "attack_attempt",
3453
3485
  "cwe": "83",
3454
3486
  "capec": "1000/152/242/63/591/243",
3455
- "confidence": "1"
3487
+ "confidence": "1",
3488
+ "module": "waf"
3456
3489
  },
3457
3490
  "conditions": [
3458
3491
  {
@@ -3498,7 +3531,8 @@
3498
3531
  "category": "attack_attempt",
3499
3532
  "cwe": "83",
3500
3533
  "capec": "1000/152/242/63/591/243",
3501
- "confidence": "1"
3534
+ "confidence": "1",
3535
+ "module": "waf"
3502
3536
  },
3503
3537
  "conditions": [
3504
3538
  {
@@ -3545,7 +3579,8 @@
3545
3579
  "crs_id": "941270",
3546
3580
  "category": "attack_attempt",
3547
3581
  "cwe": "83",
3548
- "capec": "1000/152/242/63/591/243"
3582
+ "capec": "1000/152/242/63/591/243",
3583
+ "module": "waf"
3549
3584
  },
3550
3585
  "conditions": [
3551
3586
  {
@@ -3588,7 +3623,8 @@
3588
3623
  "category": "attack_attempt",
3589
3624
  "cwe": "83",
3590
3625
  "capec": "1000/152/242/63/591/243",
3591
- "confidence": "1"
3626
+ "confidence": "1",
3627
+ "module": "waf"
3592
3628
  },
3593
3629
  "conditions": [
3594
3630
  {
@@ -3634,7 +3670,8 @@
3634
3670
  "category": "attack_attempt",
3635
3671
  "cwe": "83",
3636
3672
  "capec": "1000/152/242/63/591/243",
3637
- "confidence": "1"
3673
+ "confidence": "1",
3674
+ "module": "waf"
3638
3675
  },
3639
3676
  "conditions": [
3640
3677
  {
@@ -3680,7 +3717,8 @@
3680
3717
  "category": "attack_attempt",
3681
3718
  "cwe": "83",
3682
3719
  "capec": "1000/152/242/63/591/243",
3683
- "confidence": "1"
3720
+ "confidence": "1",
3721
+ "module": "waf"
3684
3722
  },
3685
3723
  "conditions": [
3686
3724
  {
@@ -3726,7 +3764,8 @@
3726
3764
  "category": "attack_attempt",
3727
3765
  "cwe": "87",
3728
3766
  "capec": "1000/152/242/63/591/199",
3729
- "confidence": "1"
3767
+ "confidence": "1",
3768
+ "module": "waf"
3730
3769
  },
3731
3770
  "conditions": [
3732
3771
  {
@@ -3770,7 +3809,8 @@
3770
3809
  "crs_id": "941360",
3771
3810
  "category": "attack_attempt",
3772
3811
  "cwe": "87",
3773
- "capec": "1000/152/242/63/591/199"
3812
+ "capec": "1000/152/242/63/591/199",
3813
+ "module": "waf"
3774
3814
  },
3775
3815
  "conditions": [
3776
3816
  {
@@ -3815,7 +3855,8 @@
3815
3855
  "category": "attack_attempt",
3816
3856
  "confidence": "1",
3817
3857
  "cwe": "79",
3818
- "capec": "1000/152/242/63/591"
3858
+ "capec": "1000/152/242/63/591",
3859
+ "module": "waf"
3819
3860
  },
3820
3861
  "conditions": [
3821
3862
  {
@@ -3859,7 +3900,8 @@
3859
3900
  "crs_id": "942100",
3860
3901
  "category": "attack_attempt",
3861
3902
  "cwe": "89",
3862
- "capec": "1000/152/248/66"
3903
+ "capec": "1000/152/248/66",
3904
+ "module": "waf"
3863
3905
  },
3864
3906
  "conditions": [
3865
3907
  {
@@ -3898,7 +3940,8 @@
3898
3940
  "category": "attack_attempt",
3899
3941
  "cwe": "89",
3900
3942
  "capec": "1000/152/248/66/7",
3901
- "confidence": "1"
3943
+ "confidence": "1",
3944
+ "module": "waf"
3902
3945
  },
3903
3946
  "conditions": [
3904
3947
  {
@@ -3943,7 +3986,8 @@
3943
3986
  "category": "attack_attempt",
3944
3987
  "cwe": "89",
3945
3988
  "capec": "1000/152/248/66/7",
3946
- "confidence": "1"
3989
+ "confidence": "1",
3990
+ "module": "waf"
3947
3991
  },
3948
3992
  "conditions": [
3949
3993
  {
@@ -3986,7 +4030,8 @@
3986
4030
  "crs_id": "942250",
3987
4031
  "category": "attack_attempt",
3988
4032
  "cwe": "89",
3989
- "capec": "1000/152/248/66"
4033
+ "capec": "1000/152/248/66",
4034
+ "module": "waf"
3990
4035
  },
3991
4036
  "conditions": [
3992
4037
  {
@@ -4030,7 +4075,8 @@
4030
4075
  "crs_id": "942270",
4031
4076
  "category": "attack_attempt",
4032
4077
  "cwe": "89",
4033
- "capec": "1000/152/248/66"
4078
+ "capec": "1000/152/248/66",
4079
+ "module": "waf"
4034
4080
  },
4035
4081
  "conditions": [
4036
4082
  {
@@ -4074,7 +4120,8 @@
4074
4120
  "category": "attack_attempt",
4075
4121
  "cwe": "89",
4076
4122
  "capec": "1000/152/248/66/7",
4077
- "confidence": "1"
4123
+ "confidence": "1",
4124
+ "module": "waf"
4078
4125
  },
4079
4126
  "conditions": [
4080
4127
  {
@@ -4117,7 +4164,8 @@
4117
4164
  "crs_id": "942290",
4118
4165
  "category": "attack_attempt",
4119
4166
  "cwe": "943",
4120
- "capec": "1000/152/248/676"
4167
+ "capec": "1000/152/248/676",
4168
+ "module": "waf"
4121
4169
  },
4122
4170
  "conditions": [
4123
4171
  {
@@ -4163,7 +4211,8 @@
4163
4211
  "crs_id": "942360",
4164
4212
  "category": "attack_attempt",
4165
4213
  "cwe": "89",
4166
- "capec": "1000/152/248/66/470"
4214
+ "capec": "1000/152/248/66/470",
4215
+ "module": "waf"
4167
4216
  },
4168
4217
  "conditions": [
4169
4218
  {
@@ -4206,7 +4255,8 @@
4206
4255
  "crs_id": "942500",
4207
4256
  "category": "attack_attempt",
4208
4257
  "cwe": "89",
4209
- "capec": "1000/152/248/66"
4258
+ "capec": "1000/152/248/66",
4259
+ "module": "waf"
4210
4260
  },
4211
4261
  "conditions": [
4212
4262
  {
@@ -4251,7 +4301,8 @@
4251
4301
  "category": "attack_attempt",
4252
4302
  "cwe": "384",
4253
4303
  "capec": "1000/225/21/593/61",
4254
- "confidence": "1"
4304
+ "confidence": "1",
4305
+ "module": "waf"
4255
4306
  },
4256
4307
  "conditions": [
4257
4308
  {
@@ -4296,7 +4347,8 @@
4296
4347
  "category": "attack_attempt",
4297
4348
  "cwe": "94",
4298
4349
  "capec": "1000/152/242",
4299
- "confidence": "1"
4350
+ "confidence": "1",
4351
+ "module": "waf"
4300
4352
  },
4301
4353
  "conditions": [
4302
4354
  {
@@ -4344,7 +4396,8 @@
4344
4396
  "type": "java_code_injection",
4345
4397
  "category": "attack_attempt",
4346
4398
  "cwe": "94",
4347
- "capec": "1000/152/242"
4399
+ "capec": "1000/152/242",
4400
+ "module": "waf"
4348
4401
  },
4349
4402
  "conditions": [
4350
4403
  {
@@ -4391,7 +4444,8 @@
4391
4444
  "crs_id": "944130",
4392
4445
  "category": "attack_attempt",
4393
4446
  "cwe": "94",
4394
- "capec": "1000/152/242"
4447
+ "capec": "1000/152/242",
4448
+ "module": "waf"
4395
4449
  },
4396
4450
  "conditions": [
4397
4451
  {
@@ -4529,7 +4583,8 @@
4529
4583
  "type": "nosql_injection",
4530
4584
  "category": "attack_attempt",
4531
4585
  "cwe": "943",
4532
- "capec": "1000/152/248/676"
4586
+ "capec": "1000/152/248/676",
4587
+ "module": "waf"
4533
4588
  },
4534
4589
  "conditions": [
4535
4590
  {
@@ -4573,7 +4628,8 @@
4573
4628
  "type": "java_code_injection",
4574
4629
  "category": "attack_attempt",
4575
4630
  "cwe": "94",
4576
- "capec": "1000/152/242"
4631
+ "capec": "1000/152/242",
4632
+ "module": "waf"
4577
4633
  },
4578
4634
  "conditions": [
4579
4635
  {
@@ -4619,7 +4675,8 @@
4619
4675
  "category": "attack_attempt",
4620
4676
  "cwe": "94",
4621
4677
  "capec": "1000/152/242",
4622
- "confidence": "1"
4678
+ "confidence": "1",
4679
+ "module": "waf"
4623
4680
  },
4624
4681
  "conditions": [
4625
4682
  {
@@ -4695,7 +4752,8 @@
4695
4752
  "category": "attack_attempt",
4696
4753
  "cwe": "1321",
4697
4754
  "capec": "1000/152/242",
4698
- "confidence": "1"
4755
+ "confidence": "1",
4756
+ "module": "waf"
4699
4757
  },
4700
4758
  "conditions": [
4701
4759
  {
@@ -4725,7 +4783,8 @@
4725
4783
  "category": "attack_attempt",
4726
4784
  "cwe": "1321",
4727
4785
  "capec": "1000/152/242",
4728
- "confidence": "1"
4786
+ "confidence": "1",
4787
+ "module": "waf"
4729
4788
  },
4730
4789
  "conditions": [
4731
4790
  {
@@ -4769,7 +4828,8 @@
4769
4828
  "category": "attack_attempt",
4770
4829
  "cwe": "1336",
4771
4830
  "capec": "1000/152/242/19",
4772
- "confidence": "1"
4831
+ "confidence": "1",
4832
+ "module": "waf"
4773
4833
  },
4774
4834
  "conditions": [
4775
4835
  {
@@ -4813,7 +4873,8 @@
4813
4873
  "tool_name": "BurpCollaborator",
4814
4874
  "cwe": "200",
4815
4875
  "capec": "1000/118/169",
4816
- "confidence": "1"
4876
+ "confidence": "1",
4877
+ "module": "waf"
4817
4878
  },
4818
4879
  "conditions": [
4819
4880
  {
@@ -4857,7 +4918,8 @@
4857
4918
  "tool_name": "Qualys",
4858
4919
  "cwe": "200",
4859
4920
  "capec": "1000/118/169",
4860
- "confidence": "0"
4921
+ "confidence": "0",
4922
+ "module": "waf"
4861
4923
  },
4862
4924
  "conditions": [
4863
4925
  {
@@ -4901,7 +4963,8 @@
4901
4963
  "tool_name": "Probely",
4902
4964
  "cwe": "200",
4903
4965
  "capec": "1000/118/169",
4904
- "confidence": "0"
4966
+ "confidence": "0",
4967
+ "module": "waf"
4905
4968
  },
4906
4969
  "conditions": [
4907
4970
  {
@@ -4944,7 +5007,8 @@
4944
5007
  "category": "attack_attempt",
4945
5008
  "cwe": "200",
4946
5009
  "capec": "1000/118/169",
4947
- "confidence": "1"
5010
+ "confidence": "1",
5011
+ "module": "waf"
4948
5012
  },
4949
5013
  "conditions": [
4950
5014
  {
@@ -4987,7 +5051,8 @@
4987
5051
  "category": "attack_attempt",
4988
5052
  "cwe": "200",
4989
5053
  "capec": "1000/118/169",
4990
- "confidence": "0"
5054
+ "confidence": "0",
5055
+ "module": "waf"
4991
5056
  },
4992
5057
  "conditions": [
4993
5058
  {
@@ -5031,7 +5096,8 @@
5031
5096
  "tool_name": "Rapid7",
5032
5097
  "cwe": "200",
5033
5098
  "capec": "1000/118/169",
5034
- "confidence": "0"
5099
+ "confidence": "0",
5100
+ "module": "waf"
5035
5101
  },
5036
5102
  "conditions": [
5037
5103
  {
@@ -5075,7 +5141,8 @@
5075
5141
  "tool_name": "interact.sh",
5076
5142
  "cwe": "200",
5077
5143
  "capec": "1000/118/169",
5078
- "confidence": "1"
5144
+ "confidence": "1",
5145
+ "module": "waf"
5079
5146
  },
5080
5147
  "conditions": [
5081
5148
  {
@@ -5119,7 +5186,8 @@
5119
5186
  "tool_name": "Netsparker",
5120
5187
  "cwe": "200",
5121
5188
  "capec": "1000/118/169",
5122
- "confidence": "0"
5189
+ "confidence": "0",
5190
+ "module": "waf"
5123
5191
  },
5124
5192
  "conditions": [
5125
5193
  {
@@ -5167,7 +5235,8 @@
5167
5235
  "tool_name": "WhiteHatSecurity",
5168
5236
  "cwe": "200",
5169
5237
  "capec": "1000/118/169",
5170
- "confidence": "0"
5238
+ "confidence": "0",
5239
+ "module": "waf"
5171
5240
  },
5172
5241
  "conditions": [
5173
5242
  {
@@ -5215,7 +5284,8 @@
5215
5284
  "tool_name": "Nessus",
5216
5285
  "cwe": "200",
5217
5286
  "capec": "1000/118/169",
5218
- "confidence": "0"
5287
+ "confidence": "0",
5288
+ "module": "waf"
5219
5289
  },
5220
5290
  "conditions": [
5221
5291
  {
@@ -5263,7 +5333,8 @@
5263
5333
  "tool_name": "Watchtowr",
5264
5334
  "cwe": "200",
5265
5335
  "capec": "1000/118/169",
5266
- "confidence": "0"
5336
+ "confidence": "0",
5337
+ "module": "waf"
5267
5338
  },
5268
5339
  "conditions": [
5269
5340
  {
@@ -5311,7 +5382,8 @@
5311
5382
  "tool_name": "AppCheckNG",
5312
5383
  "cwe": "200",
5313
5384
  "capec": "1000/118/169",
5314
- "confidence": "0"
5385
+ "confidence": "0",
5386
+ "module": "waf"
5315
5387
  },
5316
5388
  "conditions": [
5317
5389
  {
@@ -5358,7 +5430,8 @@
5358
5430
  "category": "attack_attempt",
5359
5431
  "cwe": "287",
5360
5432
  "capec": "1000/225/115",
5361
- "confidence": "0"
5433
+ "confidence": "0",
5434
+ "module": "waf"
5362
5435
  },
5363
5436
  "conditions": [
5364
5437
  {
@@ -5392,7 +5465,8 @@
5392
5465
  "category": "attack_attempt",
5393
5466
  "cwe": "98",
5394
5467
  "capec": "1000/152/175/253/193",
5395
- "confidence": "1"
5468
+ "confidence": "1",
5469
+ "module": "waf"
5396
5470
  },
5397
5471
  "conditions": [
5398
5472
  {
@@ -5436,7 +5510,8 @@
5436
5510
  "category": "attack_attempt",
5437
5511
  "cwe": "77",
5438
5512
  "capec": "1000/152/248/88",
5439
- "confidence": "0"
5513
+ "confidence": "0",
5514
+ "module": "waf"
5440
5515
  },
5441
5516
  "conditions": [
5442
5517
  {
@@ -5483,7 +5558,8 @@
5483
5558
  "category": "attack_attempt",
5484
5559
  "cwe": "91",
5485
5560
  "capec": "1000/152/248/250",
5486
- "confidence": "1"
5561
+ "confidence": "1",
5562
+ "module": "waf"
5487
5563
  },
5488
5564
  "conditions": [
5489
5565
  {
@@ -5521,7 +5597,8 @@
5521
5597
  "category": "attack_attempt",
5522
5598
  "cwe": "83",
5523
5599
  "capec": "1000/152/242/63/591/243",
5524
- "confidence": "1"
5600
+ "confidence": "1",
5601
+ "module": "waf"
5525
5602
  },
5526
5603
  "conditions": [
5527
5604
  {
@@ -5579,7 +5656,8 @@
5579
5656
  "category": "attack_attempt",
5580
5657
  "cwe": "83",
5581
5658
  "capec": "1000/152/242/63/591/243",
5582
- "confidence": "1"
5659
+ "confidence": "1",
5660
+ "module": "waf"
5583
5661
  },
5584
5662
  "conditions": [
5585
5663
  {
@@ -5866,7 +5944,8 @@
5866
5944
  "category": "attack_attempt",
5867
5945
  "cwe": "200",
5868
5946
  "capec": "1000/118/169",
5869
- "confidence": "1"
5947
+ "confidence": "1",
5948
+ "module": "waf"
5870
5949
  },
5871
5950
  "conditions": [
5872
5951
  {
@@ -5908,7 +5987,8 @@
5908
5987
  "category": "attack_attempt",
5909
5988
  "cwe": "200",
5910
5989
  "capec": "1000/118/169",
5911
- "confidence": "1"
5990
+ "confidence": "1",
5991
+ "module": "waf"
5912
5992
  },
5913
5993
  "conditions": [
5914
5994
  {
@@ -5950,7 +6030,8 @@
5950
6030
  "category": "attack_attempt",
5951
6031
  "cwe": "200",
5952
6032
  "capec": "1000/118/169",
5953
- "confidence": "1"
6033
+ "confidence": "1",
6034
+ "module": "waf"
5954
6035
  },
5955
6036
  "conditions": [
5956
6037
  {
@@ -5992,7 +6073,8 @@
5992
6073
  "category": "attack_attempt",
5993
6074
  "cwe": "200",
5994
6075
  "capec": "1000/118/169",
5995
- "confidence": "1"
6076
+ "confidence": "1",
6077
+ "module": "waf"
5996
6078
  },
5997
6079
  "conditions": [
5998
6080
  {
@@ -6034,7 +6116,8 @@
6034
6116
  "category": "attack_attempt",
6035
6117
  "cwe": "200",
6036
6118
  "capec": "1000/118/169",
6037
- "confidence": "1"
6119
+ "confidence": "1",
6120
+ "module": "waf"
6038
6121
  },
6039
6122
  "conditions": [
6040
6123
  {
@@ -6059,7 +6142,7 @@
6059
6142
  "address": "server.request.uri.raw"
6060
6143
  }
6061
6144
  ],
6062
- "regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)",
6145
+ "regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([?#&/]|$)",
6063
6146
  "options": {
6064
6147
  "case_sensitive": false
6065
6148
  }
@@ -6076,7 +6159,8 @@
6076
6159
  "category": "attack_attempt",
6077
6160
  "cwe": "200",
6078
6161
  "capec": "1000/118/169",
6079
- "confidence": "1"
6162
+ "confidence": "1",
6163
+ "module": "waf"
6080
6164
  },
6081
6165
  "conditions": [
6082
6166
  {
@@ -6118,7 +6202,8 @@
6118
6202
  "category": "attack_attempt",
6119
6203
  "cwe": "200",
6120
6204
  "capec": "1000/118/169",
6121
- "confidence": "1"
6205
+ "confidence": "1",
6206
+ "module": "waf"
6122
6207
  },
6123
6208
  "conditions": [
6124
6209
  {
@@ -6160,7 +6245,8 @@
6160
6245
  "category": "attack_attempt",
6161
6246
  "cwe": "200",
6162
6247
  "capec": "1000/118/169",
6163
- "confidence": "1"
6248
+ "confidence": "1",
6249
+ "module": "waf"
6164
6250
  },
6165
6251
  "conditions": [
6166
6252
  {
@@ -6202,7 +6288,8 @@
6202
6288
  "category": "attack_attempt",
6203
6289
  "cwe": "200",
6204
6290
  "capec": "1000/118/169",
6205
- "confidence": "0"
6291
+ "confidence": "0",
6292
+ "module": "waf"
6206
6293
  },
6207
6294
  "conditions": [
6208
6295
  {
@@ -6276,7 +6363,7 @@
6276
6363
  }
6277
6364
  ]
6278
6365
  },
6279
- "operator": "lfi_detector"
6366
+ "operator": "lfi_detector@v2"
6280
6367
  }
6281
6368
  ],
6282
6369
  "transformers": [],
@@ -6286,7 +6373,7 @@
6286
6373
  },
6287
6374
  {
6288
6375
  "id": "rasp-932-100",
6289
- "name": "Shell injection exploit",
6376
+ "name": "Shell command injection exploit",
6290
6377
  "tags": {
6291
6378
  "type": "command_injection",
6292
6379
  "category": "vulnerability_trigger",
@@ -6332,6 +6419,54 @@
6332
6419
  "stack_trace"
6333
6420
  ]
6334
6421
  },
6422
+ {
6423
+ "id": "rasp-932-110",
6424
+ "name": "OS command injection exploit",
6425
+ "tags": {
6426
+ "type": "command_injection",
6427
+ "category": "vulnerability_trigger",
6428
+ "cwe": "77",
6429
+ "capec": "1000/152/248/88",
6430
+ "confidence": "0",
6431
+ "module": "rasp"
6432
+ },
6433
+ "conditions": [
6434
+ {
6435
+ "parameters": {
6436
+ "resource": [
6437
+ {
6438
+ "address": "server.sys.exec.cmd"
6439
+ }
6440
+ ],
6441
+ "params": [
6442
+ {
6443
+ "address": "server.request.query"
6444
+ },
6445
+ {
6446
+ "address": "server.request.body"
6447
+ },
6448
+ {
6449
+ "address": "server.request.path_params"
6450
+ },
6451
+ {
6452
+ "address": "grpc.server.request.message"
6453
+ },
6454
+ {
6455
+ "address": "graphql.server.all_resolvers"
6456
+ },
6457
+ {
6458
+ "address": "graphql.server.resolver"
6459
+ }
6460
+ ]
6461
+ },
6462
+ "operator": "cmdi_detector"
6463
+ }
6464
+ ],
6465
+ "transformers": [],
6466
+ "on_match": [
6467
+ "stack_trace"
6468
+ ]
6469
+ },
6335
6470
  {
6336
6471
  "id": "rasp-934-100",
6337
6472
  "name": "Server-side request forgery exploit",
@@ -6422,7 +6557,7 @@
6422
6557
  }
6423
6558
  ]
6424
6559
  },
6425
- "operator": "sqli_detector"
6560
+ "operator": "sqli_detector@v2"
6426
6561
  }
6427
6562
  ],
6428
6563
  "transformers": [],
@@ -6438,7 +6573,8 @@
6438
6573
  "category": "attack_attempt",
6439
6574
  "cwe": "918",
6440
6575
  "capec": "1000/225/115/664",
6441
- "confidence": "1"
6576
+ "confidence": "1",
6577
+ "module": "waf"
6442
6578
  },
6443
6579
  "conditions": [
6444
6580
  {
@@ -6482,7 +6618,8 @@
6482
6618
  "type": "js_code_injection",
6483
6619
  "category": "attack_attempt",
6484
6620
  "cwe": "94",
6485
- "capec": "1000/152/242"
6621
+ "capec": "1000/152/242",
6622
+ "module": "waf"
6486
6623
  },
6487
6624
  "conditions": [
6488
6625
  {
@@ -6527,7 +6664,8 @@
6527
6664
  "category": "attack_attempt",
6528
6665
  "cwe": "78",
6529
6666
  "capec": "1000/152/248/88",
6530
- "confidence": "1"
6667
+ "confidence": "1",
6668
+ "module": "waf"
6531
6669
  },
6532
6670
  "conditions": [
6533
6671
  {
@@ -6570,7 +6708,8 @@
6570
6708
  "category": "attack_attempt",
6571
6709
  "cwe": "78",
6572
6710
  "capec": "1000/152/248/88",
6573
- "confidence": "1"
6711
+ "confidence": "1",
6712
+ "module": "waf"
6574
6713
  },
6575
6714
  "conditions": [
6576
6715
  {
@@ -6615,7 +6754,8 @@
6615
6754
  "category": "attack_attempt",
6616
6755
  "cwe": "78",
6617
6756
  "capec": "1000/152/248/88",
6618
- "confidence": "1"
6757
+ "confidence": "1",
6758
+ "module": "waf"
6619
6759
  },
6620
6760
  "conditions": [
6621
6761
  {
@@ -6658,7 +6798,8 @@
6658
6798
  "category": "attack_attempt",
6659
6799
  "cwe": "918",
6660
6800
  "capec": "1000/225/115/664",
6661
- "confidence": "1"
6801
+ "confidence": "1",
6802
+ "module": "waf"
6662
6803
  },
6663
6804
  "conditions": [
6664
6805
  {
@@ -6701,7 +6842,8 @@
6701
6842
  "category": "attack_attempt",
6702
6843
  "cwe": "918",
6703
6844
  "capec": "1000/225/115/664",
6704
- "confidence": "0"
6845
+ "confidence": "0",
6846
+ "module": "waf"
6705
6847
  },
6706
6848
  "conditions": [
6707
6849
  {
@@ -6743,7 +6885,8 @@
6743
6885
  "category": "attack_attempt",
6744
6886
  "cwe": "918",
6745
6887
  "capec": "1000/225/115/664",
6746
- "confidence": "0"
6888
+ "confidence": "0",
6889
+ "module": "waf"
6747
6890
  },
6748
6891
  "conditions": [
6749
6892
  {
@@ -6785,7 +6928,8 @@
6785
6928
  "category": "attack_attempt",
6786
6929
  "cwe": "918",
6787
6930
  "capec": "1000/225/115/664",
6788
- "confidence": "1"
6931
+ "confidence": "1",
6932
+ "module": "waf"
6789
6933
  },
6790
6934
  "conditions": [
6791
6935
  {
@@ -6828,7 +6972,8 @@
6828
6972
  "category": "attack_attempt",
6829
6973
  "cwe": "918",
6830
6974
  "capec": "1000/225/115/664",
6831
- "confidence": "0"
6975
+ "confidence": "0",
6976
+ "module": "waf"
6832
6977
  },
6833
6978
  "conditions": [
6834
6979
  {
@@ -6870,7 +7015,8 @@
6870
7015
  "category": "attack_attempt",
6871
7016
  "cwe": "94",
6872
7017
  "capec": "1000/152/242",
6873
- "confidence": "1"
7018
+ "confidence": "1",
7019
+ "module": "waf"
6874
7020
  },
6875
7021
  "conditions": [
6876
7022
  {
@@ -6916,7 +7062,8 @@
6916
7062
  "cwe": "200",
6917
7063
  "capec": "1000/118/169",
6918
7064
  "tool_name": "Joomla exploitation tool",
6919
- "confidence": "1"
7065
+ "confidence": "1",
7066
+ "module": "waf"
6920
7067
  },
6921
7068
  "conditions": [
6922
7069
  {
@@ -6945,7 +7092,8 @@
6945
7092
  "cwe": "200",
6946
7093
  "capec": "1000/118/169",
6947
7094
  "tool_name": "Nessus",
6948
- "confidence": "1"
7095
+ "confidence": "1",
7096
+ "module": "waf"
6949
7097
  },
6950
7098
  "conditions": [
6951
7099
  {
@@ -6974,7 +7122,8 @@
6974
7122
  "cwe": "200",
6975
7123
  "capec": "1000/118/169",
6976
7124
  "tool_name": "Arachni",
6977
- "confidence": "1"
7125
+ "confidence": "1",
7126
+ "module": "waf"
6978
7127
  },
6979
7128
  "conditions": [
6980
7129
  {
@@ -7003,7 +7152,8 @@
7003
7152
  "cwe": "200",
7004
7153
  "capec": "1000/118/169",
7005
7154
  "tool_name": "Jorgee",
7006
- "confidence": "1"
7155
+ "confidence": "1",
7156
+ "module": "waf"
7007
7157
  },
7008
7158
  "conditions": [
7009
7159
  {
@@ -7032,7 +7182,8 @@
7032
7182
  "cwe": "200",
7033
7183
  "capec": "1000/118/169",
7034
7184
  "tool_name": "Probely",
7035
- "confidence": "0"
7185
+ "confidence": "0",
7186
+ "module": "waf"
7036
7187
  },
7037
7188
  "conditions": [
7038
7189
  {
@@ -7061,7 +7212,8 @@
7061
7212
  "cwe": "200",
7062
7213
  "capec": "1000/118/169",
7063
7214
  "tool_name": "Metis",
7064
- "confidence": "1"
7215
+ "confidence": "1",
7216
+ "module": "waf"
7065
7217
  },
7066
7218
  "conditions": [
7067
7219
  {
@@ -7090,7 +7242,8 @@
7090
7242
  "cwe": "200",
7091
7243
  "capec": "1000/118/169",
7092
7244
  "tool_name": "SQLPowerInjector",
7093
- "confidence": "1"
7245
+ "confidence": "1",
7246
+ "module": "waf"
7094
7247
  },
7095
7248
  "conditions": [
7096
7249
  {
@@ -7119,7 +7272,8 @@
7119
7272
  "cwe": "200",
7120
7273
  "capec": "1000/118/169",
7121
7274
  "tool_name": "N-Stealth",
7122
- "confidence": "1"
7275
+ "confidence": "1",
7276
+ "module": "waf"
7123
7277
  },
7124
7278
  "conditions": [
7125
7279
  {
@@ -7148,7 +7302,8 @@
7148
7302
  "cwe": "200",
7149
7303
  "capec": "1000/118/169",
7150
7304
  "tool_name": "Brutus",
7151
- "confidence": "1"
7305
+ "confidence": "1",
7306
+ "module": "waf"
7152
7307
  },
7153
7308
  "conditions": [
7154
7309
  {
@@ -7176,7 +7331,8 @@
7176
7331
  "category": "attack_attempt",
7177
7332
  "cwe": "200",
7178
7333
  "capec": "1000/118/169",
7179
- "confidence": "1"
7334
+ "confidence": "1",
7335
+ "module": "waf"
7180
7336
  },
7181
7337
  "conditions": [
7182
7338
  {
@@ -7205,7 +7361,8 @@
7205
7361
  "cwe": "200",
7206
7362
  "capec": "1000/118/169",
7207
7363
  "tool_name": "Netsparker",
7208
- "confidence": "0"
7364
+ "confidence": "0",
7365
+ "module": "waf"
7209
7366
  },
7210
7367
  "conditions": [
7211
7368
  {
@@ -7234,7 +7391,8 @@
7234
7391
  "cwe": "200",
7235
7392
  "capec": "1000/118/169",
7236
7393
  "tool_name": "JAASCois",
7237
- "confidence": "1"
7394
+ "confidence": "1",
7395
+ "module": "waf"
7238
7396
  },
7239
7397
  "conditions": [
7240
7398
  {
@@ -7263,7 +7421,8 @@
7263
7421
  "cwe": "200",
7264
7422
  "capec": "1000/118/169",
7265
7423
  "tool_name": "Nsauditor",
7266
- "confidence": "1"
7424
+ "confidence": "1",
7425
+ "module": "waf"
7267
7426
  },
7268
7427
  "conditions": [
7269
7428
  {
@@ -7292,7 +7451,8 @@
7292
7451
  "cwe": "200",
7293
7452
  "capec": "1000/118/169",
7294
7453
  "tool_name": "Paros",
7295
- "confidence": "1"
7454
+ "confidence": "1",
7455
+ "module": "waf"
7296
7456
  },
7297
7457
  "conditions": [
7298
7458
  {
@@ -7321,7 +7481,8 @@
7321
7481
  "cwe": "200",
7322
7482
  "capec": "1000/118/169",
7323
7483
  "tool_name": "DirBuster",
7324
- "confidence": "1"
7484
+ "confidence": "1",
7485
+ "module": "waf"
7325
7486
  },
7326
7487
  "conditions": [
7327
7488
  {
@@ -7350,7 +7511,8 @@
7350
7511
  "cwe": "200",
7351
7512
  "capec": "1000/118/169",
7352
7513
  "tool_name": "Pangolin",
7353
- "confidence": "1"
7514
+ "confidence": "1",
7515
+ "module": "waf"
7354
7516
  },
7355
7517
  "conditions": [
7356
7518
  {
@@ -7379,7 +7541,8 @@
7379
7541
  "cwe": "200",
7380
7542
  "capec": "1000/118/169",
7381
7543
  "tool_name": "Qualys",
7382
- "confidence": "0"
7544
+ "confidence": "0",
7545
+ "module": "waf"
7383
7546
  },
7384
7547
  "conditions": [
7385
7548
  {
@@ -7408,7 +7571,8 @@
7408
7571
  "cwe": "200",
7409
7572
  "capec": "1000/118/169",
7410
7573
  "tool_name": "SQLNinja",
7411
- "confidence": "1"
7574
+ "confidence": "1",
7575
+ "module": "waf"
7412
7576
  },
7413
7577
  "conditions": [
7414
7578
  {
@@ -7437,7 +7601,8 @@
7437
7601
  "cwe": "200",
7438
7602
  "capec": "1000/118/169",
7439
7603
  "tool_name": "Nikto",
7440
- "confidence": "1"
7604
+ "confidence": "1",
7605
+ "module": "waf"
7441
7606
  },
7442
7607
  "conditions": [
7443
7608
  {
@@ -7466,7 +7631,8 @@
7466
7631
  "cwe": "200",
7467
7632
  "capec": "1000/118/169",
7468
7633
  "tool_name": "BlackWidow",
7469
- "confidence": "1"
7634
+ "confidence": "1",
7635
+ "module": "waf"
7470
7636
  },
7471
7637
  "conditions": [
7472
7638
  {
@@ -7495,7 +7661,8 @@
7495
7661
  "cwe": "200",
7496
7662
  "capec": "1000/118/169",
7497
7663
  "tool_name": "Grendel-Scan",
7498
- "confidence": "1"
7664
+ "confidence": "1",
7665
+ "module": "waf"
7499
7666
  },
7500
7667
  "conditions": [
7501
7668
  {
@@ -7524,7 +7691,8 @@
7524
7691
  "cwe": "200",
7525
7692
  "capec": "1000/118/169",
7526
7693
  "tool_name": "Havij",
7527
- "confidence": "1"
7694
+ "confidence": "1",
7695
+ "module": "waf"
7528
7696
  },
7529
7697
  "conditions": [
7530
7698
  {
@@ -7553,7 +7721,8 @@
7553
7721
  "cwe": "200",
7554
7722
  "capec": "1000/118/169",
7555
7723
  "tool_name": "w3af",
7556
- "confidence": "1"
7724
+ "confidence": "1",
7725
+ "module": "waf"
7557
7726
  },
7558
7727
  "conditions": [
7559
7728
  {
@@ -7582,7 +7751,8 @@
7582
7751
  "cwe": "200",
7583
7752
  "capec": "1000/118/169",
7584
7753
  "tool_name": "Nmap",
7585
- "confidence": "1"
7754
+ "confidence": "1",
7755
+ "module": "waf"
7586
7756
  },
7587
7757
  "conditions": [
7588
7758
  {
@@ -7611,7 +7781,8 @@
7611
7781
  "cwe": "200",
7612
7782
  "capec": "1000/118/169",
7613
7783
  "tool_name": "Nessus",
7614
- "confidence": "1"
7784
+ "confidence": "1",
7785
+ "module": "waf"
7615
7786
  },
7616
7787
  "conditions": [
7617
7788
  {
@@ -7640,7 +7811,8 @@
7640
7811
  "cwe": "200",
7641
7812
  "capec": "1000/118/169",
7642
7813
  "tool_name": "EvilScanner",
7643
- "confidence": "1"
7814
+ "confidence": "1",
7815
+ "module": "waf"
7644
7816
  },
7645
7817
  "conditions": [
7646
7818
  {
@@ -7669,7 +7841,8 @@
7669
7841
  "cwe": "200",
7670
7842
  "capec": "1000/118/169",
7671
7843
  "tool_name": "WebFuck",
7672
- "confidence": "1"
7844
+ "confidence": "1",
7845
+ "module": "waf"
7673
7846
  },
7674
7847
  "conditions": [
7675
7848
  {
@@ -7698,7 +7871,8 @@
7698
7871
  "cwe": "200",
7699
7872
  "capec": "1000/118/169",
7700
7873
  "tool_name": "OpenVAS",
7701
- "confidence": "1"
7874
+ "confidence": "1",
7875
+ "module": "waf"
7702
7876
  },
7703
7877
  "conditions": [
7704
7878
  {
@@ -7727,7 +7901,8 @@
7727
7901
  "cwe": "200",
7728
7902
  "capec": "1000/118/169",
7729
7903
  "tool_name": "Spider-Pig",
7730
- "confidence": "1"
7904
+ "confidence": "1",
7905
+ "module": "waf"
7731
7906
  },
7732
7907
  "conditions": [
7733
7908
  {
@@ -7756,7 +7931,8 @@
7756
7931
  "cwe": "200",
7757
7932
  "capec": "1000/118/169",
7758
7933
  "tool_name": "Zgrab",
7759
- "confidence": "1"
7934
+ "confidence": "1",
7935
+ "module": "waf"
7760
7936
  },
7761
7937
  "conditions": [
7762
7938
  {
@@ -7785,7 +7961,8 @@
7785
7961
  "cwe": "200",
7786
7962
  "capec": "1000/118/169",
7787
7963
  "tool_name": "Zmeu",
7788
- "confidence": "1"
7964
+ "confidence": "1",
7965
+ "module": "waf"
7789
7966
  },
7790
7967
  "conditions": [
7791
7968
  {
@@ -7814,7 +7991,8 @@
7814
7991
  "cwe": "200",
7815
7992
  "capec": "1000/118/169",
7816
7993
  "tool_name": "GoogleSecurityScanner",
7817
- "confidence": "0"
7994
+ "confidence": "0",
7995
+ "module": "waf"
7818
7996
  },
7819
7997
  "conditions": [
7820
7998
  {
@@ -7843,7 +8021,8 @@
7843
8021
  "cwe": "200",
7844
8022
  "capec": "1000/118/169",
7845
8023
  "tool_name": "Commix",
7846
- "confidence": "1"
8024
+ "confidence": "1",
8025
+ "module": "waf"
7847
8026
  },
7848
8027
  "conditions": [
7849
8028
  {
@@ -7872,7 +8051,8 @@
7872
8051
  "cwe": "200",
7873
8052
  "capec": "1000/118/169",
7874
8053
  "tool_name": "Gobuster",
7875
- "confidence": "1"
8054
+ "confidence": "1",
8055
+ "module": "waf"
7876
8056
  },
7877
8057
  "conditions": [
7878
8058
  {
@@ -7901,7 +8081,8 @@
7901
8081
  "cwe": "200",
7902
8082
  "capec": "1000/118/169",
7903
8083
  "tool_name": "CGIchk",
7904
- "confidence": "1"
8084
+ "confidence": "1",
8085
+ "module": "waf"
7905
8086
  },
7906
8087
  "conditions": [
7907
8088
  {
@@ -7930,7 +8111,8 @@
7930
8111
  "cwe": "200",
7931
8112
  "capec": "1000/118/169",
7932
8113
  "tool_name": "FFUF",
7933
- "confidence": "1"
8114
+ "confidence": "1",
8115
+ "module": "waf"
7934
8116
  },
7935
8117
  "conditions": [
7936
8118
  {
@@ -7959,7 +8141,8 @@
7959
8141
  "cwe": "200",
7960
8142
  "capec": "1000/118/169",
7961
8143
  "tool_name": "Nuclei",
7962
- "confidence": "1"
8144
+ "confidence": "1",
8145
+ "module": "waf"
7963
8146
  },
7964
8147
  "conditions": [
7965
8148
  {
@@ -7988,7 +8171,8 @@
7988
8171
  "cwe": "200",
7989
8172
  "capec": "1000/118/169",
7990
8173
  "tool_name": "Tsunami",
7991
- "confidence": "1"
8174
+ "confidence": "1",
8175
+ "module": "waf"
7992
8176
  },
7993
8177
  "conditions": [
7994
8178
  {
@@ -8017,7 +8201,8 @@
8017
8201
  "cwe": "200",
8018
8202
  "capec": "1000/118/169",
8019
8203
  "tool_name": "Nimbostratus",
8020
- "confidence": "1"
8204
+ "confidence": "1",
8205
+ "module": "waf"
8021
8206
  },
8022
8207
  "conditions": [
8023
8208
  {
@@ -8046,7 +8231,8 @@
8046
8231
  "cwe": "200",
8047
8232
  "capec": "1000/118/169",
8048
8233
  "tool_name": "Datadog Canary Test",
8049
- "confidence": "1"
8234
+ "confidence": "1",
8235
+ "module": "waf"
8050
8236
  },
8051
8237
  "conditions": [
8052
8238
  {
@@ -8081,7 +8267,8 @@
8081
8267
  "cwe": "200",
8082
8268
  "capec": "1000/118/169",
8083
8269
  "tool_name": "Datadog Canary Test",
8084
- "confidence": "1"
8270
+ "confidence": "1",
8271
+ "module": "waf"
8085
8272
  },
8086
8273
  "conditions": [
8087
8274
  {
@@ -8119,7 +8306,8 @@
8119
8306
  "cwe": "200",
8120
8307
  "capec": "1000/118/169",
8121
8308
  "tool_name": "AlertLogic",
8122
- "confidence": "0"
8309
+ "confidence": "0",
8310
+ "module": "waf"
8123
8311
  },
8124
8312
  "conditions": [
8125
8313
  {
@@ -8148,7 +8336,8 @@
8148
8336
  "cwe": "200",
8149
8337
  "capec": "1000/118/169",
8150
8338
  "tool_name": "wfuzz",
8151
- "confidence": "1"
8339
+ "confidence": "1",
8340
+ "module": "waf"
8152
8341
  },
8153
8342
  "conditions": [
8154
8343
  {
@@ -8177,7 +8366,8 @@
8177
8366
  "cwe": "200",
8178
8367
  "capec": "1000/118/169",
8179
8368
  "tool_name": "Detectify",
8180
- "confidence": "0"
8369
+ "confidence": "0",
8370
+ "module": "waf"
8181
8371
  },
8182
8372
  "conditions": [
8183
8373
  {
@@ -8206,7 +8396,8 @@
8206
8396
  "cwe": "200",
8207
8397
  "capec": "1000/118/169",
8208
8398
  "tool_name": "BSQLBF",
8209
- "confidence": "1"
8399
+ "confidence": "1",
8400
+ "module": "waf"
8210
8401
  },
8211
8402
  "conditions": [
8212
8403
  {
@@ -8235,7 +8426,8 @@
8235
8426
  "cwe": "200",
8236
8427
  "capec": "1000/118/169",
8237
8428
  "tool_name": "masscan",
8238
- "confidence": "1"
8429
+ "confidence": "1",
8430
+ "module": "waf"
8239
8431
  },
8240
8432
  "conditions": [
8241
8433
  {
@@ -8264,7 +8456,8 @@
8264
8456
  "cwe": "200",
8265
8457
  "capec": "1000/118/169",
8266
8458
  "tool_name": "WPScan",
8267
- "confidence": "1"
8459
+ "confidence": "1",
8460
+ "module": "waf"
8268
8461
  },
8269
8462
  "conditions": [
8270
8463
  {
@@ -8293,7 +8486,8 @@
8293
8486
  "cwe": "200",
8294
8487
  "capec": "1000/118/169",
8295
8488
  "tool_name": "Aon",
8296
- "confidence": "0"
8489
+ "confidence": "0",
8490
+ "module": "waf"
8297
8491
  },
8298
8492
  "conditions": [
8299
8493
  {
@@ -8322,7 +8516,8 @@
8322
8516
  "cwe": "200",
8323
8517
  "capec": "1000/118/169",
8324
8518
  "tool_name": "feroxbuster",
8325
- "confidence": "1"
8519
+ "confidence": "1",
8520
+ "module": "waf"
8326
8521
  },
8327
8522
  "conditions": [
8328
8523
  {
@@ -8350,7 +8545,8 @@
8350
8545
  "category": "attack_attempt",
8351
8546
  "cwe": "200",
8352
8547
  "capec": "1000/118/169",
8353
- "confidence": "1"
8548
+ "confidence": "1",
8549
+ "module": "waf"
8354
8550
  },
8355
8551
  "conditions": [
8356
8552
  {
@@ -8382,7 +8578,8 @@
8382
8578
  "cwe": "200",
8383
8579
  "capec": "1000/118/169",
8384
8580
  "tool_name": "SQLmap",
8385
- "confidence": "1"
8581
+ "confidence": "1",
8582
+ "module": "waf"
8386
8583
  },
8387
8584
  "conditions": [
8388
8585
  {
@@ -8411,7 +8608,8 @@
8411
8608
  "cwe": "200",
8412
8609
  "capec": "1000/118/169",
8413
8610
  "tool_name": "Skipfish",
8414
- "confidence": "1"
8611
+ "confidence": "1",
8612
+ "module": "waf"
8415
8613
  },
8416
8614
  "conditions": [
8417
8615
  {
@@ -9776,4 +9974,4 @@
9776
9974
  }
9777
9975
  }
9778
9976
  ]
9779
- }
9977
+ }