datadog 2.8.0 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +36 -1
  3. data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
  4. data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +64 -54
  5. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
  6. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
  7. data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
  8. data/ext/datadog_profiling_native_extension/collectors_stack.c +7 -7
  9. data/ext/datadog_profiling_native_extension/collectors_thread_context.c +219 -122
  10. data/ext/datadog_profiling_native_extension/heap_recorder.h +1 -1
  11. data/ext/datadog_profiling_native_extension/http_transport.c +4 -4
  12. data/ext/datadog_profiling_native_extension/private_vm_api_access.c +3 -0
  13. data/ext/datadog_profiling_native_extension/private_vm_api_access.h +3 -1
  14. data/ext/datadog_profiling_native_extension/profiling.c +10 -8
  15. data/ext/datadog_profiling_native_extension/ruby_helpers.c +8 -8
  16. data/ext/datadog_profiling_native_extension/stack_recorder.c +54 -54
  17. data/ext/datadog_profiling_native_extension/stack_recorder.h +1 -1
  18. data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
  19. data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
  20. data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
  21. data/ext/libdatadog_api/crashtracker.c +3 -0
  22. data/lib/datadog/appsec/assets/waf_rules/recommended.json +355 -157
  23. data/lib/datadog/appsec/assets/waf_rules/strict.json +62 -32
  24. data/lib/datadog/appsec/context.rb +54 -0
  25. data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +7 -7
  26. data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +6 -6
  27. data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +4 -4
  28. data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +19 -28
  29. data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +5 -5
  30. data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
  31. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +64 -96
  32. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +10 -10
  33. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +5 -5
  34. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +6 -6
  35. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
  36. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +43 -49
  37. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +21 -32
  38. data/lib/datadog/appsec/contrib/rails/patcher.rb +1 -1
  39. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +6 -6
  40. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +41 -63
  41. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +2 -2
  42. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +5 -5
  43. data/lib/datadog/appsec/event.rb +6 -6
  44. data/lib/datadog/appsec/ext.rb +3 -1
  45. data/lib/datadog/appsec/monitor/gateway/watcher.rb +22 -32
  46. data/lib/datadog/appsec/monitor/reactive/set_user.rb +5 -5
  47. data/lib/datadog/appsec/processor/rule_loader.rb +0 -3
  48. data/lib/datadog/appsec.rb +3 -3
  49. data/lib/datadog/auto_instrument.rb +3 -0
  50. data/lib/datadog/core/configuration/agent_settings_resolver.rb +39 -11
  51. data/lib/datadog/core/configuration/components.rb +4 -2
  52. data/lib/datadog/core/configuration.rb +1 -1
  53. data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
  54. data/lib/datadog/core/crashtracking/component.rb +1 -3
  55. data/lib/datadog/core/telemetry/event.rb +87 -3
  56. data/lib/datadog/core/telemetry/logging.rb +2 -2
  57. data/lib/datadog/core/telemetry/metric.rb +22 -0
  58. data/lib/datadog/core/telemetry/worker.rb +33 -0
  59. data/lib/datadog/di/base.rb +115 -0
  60. data/lib/datadog/di/code_tracker.rb +7 -4
  61. data/lib/datadog/di/component.rb +17 -11
  62. data/lib/datadog/di/configuration/settings.rb +11 -1
  63. data/lib/datadog/di/contrib/railtie.rb +15 -0
  64. data/lib/datadog/di/contrib.rb +26 -0
  65. data/lib/datadog/di/error.rb +5 -0
  66. data/lib/datadog/di/instrumenter.rb +39 -18
  67. data/lib/datadog/di/{init.rb → preload.rb} +2 -4
  68. data/lib/datadog/di/probe_manager.rb +4 -4
  69. data/lib/datadog/di/probe_notification_builder.rb +16 -2
  70. data/lib/datadog/di/probe_notifier_worker.rb +5 -6
  71. data/lib/datadog/di/remote.rb +4 -4
  72. data/lib/datadog/di/transport.rb +2 -4
  73. data/lib/datadog/di.rb +5 -108
  74. data/lib/datadog/kit/appsec/events.rb +3 -3
  75. data/lib/datadog/kit/identity.rb +4 -4
  76. data/lib/datadog/profiling/component.rb +55 -53
  77. data/lib/datadog/profiling/http_transport.rb +1 -26
  78. data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
  79. data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
  80. data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
  81. data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
  82. data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
  83. data/lib/datadog/tracing/contrib/active_record/integration.rb +6 -2
  84. data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +3 -1
  85. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +3 -1
  86. data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
  87. data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
  88. data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
  89. data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
  90. data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
  91. data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
  92. data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
  93. data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
  94. data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
  95. data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
  96. data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
  97. data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
  98. data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
  99. data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
  100. data/lib/datadog/tracing/span.rb +12 -4
  101. data/lib/datadog/tracing/span_event.rb +123 -3
  102. data/lib/datadog/tracing/span_operation.rb +6 -0
  103. data/lib/datadog/tracing/transport/serializable_trace.rb +24 -6
  104. data/lib/datadog/version.rb +1 -1
  105. metadata +19 -10
  106. data/lib/datadog/appsec/reactive/operation.rb +0 -68
  107. data/lib/datadog/appsec/scope.rb +0 -58
  108. data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/appsec/assets/waf_rules/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.13.1"
4
+ "rules_version": "1.13.3"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -9,7 +9,8 @@
9
9
  "name": "Block IP Addresses",
10
10
  "tags": {
11
11
  "type": "block_ip",
12
- "category": "security_response"
12
+ "category": "security_response",
13
+ "module": "network-acl"
13
14
  },
14
15
  "conditions": [
15
16
  {
@@ -34,7 +35,8 @@
34
35
  "name": "Block User Addresses",
35
36
  "tags": {
36
37
  "type": "block_user",
37
- "category": "security_response"
38
+ "category": "security_response",
39
+ "module": "authentication-acl"
38
40
  },
39
41
  "conditions": [
40
42
  {
@@ -64,7 +66,8 @@
64
66
  "tool_name": "Acunetix",
65
67
  "cwe": "200",
66
68
  "capec": "1000/118/169",
67
- "confidence": "0"
69
+ "confidence": "0",
70
+ "module": "waf"
68
71
  },
69
72
  "conditions": [
70
73
  {
@@ -98,7 +101,8 @@
98
101
  "category": "attack_attempt",
99
102
  "cwe": "200",
100
103
  "capec": "1000/118/169",
101
- "confidence": "1"
104
+ "confidence": "1",
105
+ "module": "waf"
102
106
  },
103
107
  "conditions": [
104
108
  {
@@ -162,7 +166,8 @@
162
166
  "category": "attack_attempt",
163
167
  "cwe": "176",
164
168
  "capec": "1000/255/153/267/71",
165
- "confidence": "0"
169
+ "confidence": "0",
170
+ "module": "waf"
166
171
  },
167
172
  "conditions": [
168
173
  {
@@ -191,7 +196,8 @@
191
196
  "crs_id": "921110",
192
197
  "category": "attack_attempt",
193
198
  "cwe": "444",
194
- "capec": "1000/210/272/220/33"
199
+ "capec": "1000/210/272/220/33",
200
+ "module": "waf"
195
201
  },
196
202
  "conditions": [
197
203
  {
@@ -228,7 +234,8 @@
228
234
  "crs_id": "921160",
229
235
  "category": "attack_attempt",
230
236
  "cwe": "113",
231
- "capec": "1000/210/272/220/105"
237
+ "capec": "1000/210/272/220/105",
238
+ "module": "waf"
232
239
  },
233
240
  "conditions": [
234
241
  {
@@ -263,7 +270,8 @@
263
270
  "category": "attack_attempt",
264
271
  "cwe": "22",
265
272
  "capec": "1000/255/153/126",
266
- "confidence": "1"
273
+ "confidence": "1",
274
+ "module": "waf"
267
275
  },
268
276
  "conditions": [
269
277
  {
@@ -297,7 +305,8 @@
297
305
  "category": "attack_attempt",
298
306
  "cwe": "22",
299
307
  "capec": "1000/255/153/126",
300
- "confidence": "1"
308
+ "confidence": "1",
309
+ "module": "waf"
301
310
  },
302
311
  "conditions": [
303
312
  {
@@ -1803,7 +1812,8 @@
1803
1812
  "category": "attack_attempt",
1804
1813
  "cwe": "98",
1805
1814
  "capec": "1000/152/175/253/193",
1806
- "confidence": "1"
1815
+ "confidence": "1",
1816
+ "module": "waf"
1807
1817
  },
1808
1818
  "conditions": [
1809
1819
  {
@@ -1831,7 +1841,8 @@
1831
1841
  "crs_id": "931120",
1832
1842
  "category": "attack_attempt",
1833
1843
  "cwe": "98",
1834
- "capec": "1000/152/175/253/193"
1844
+ "capec": "1000/152/175/253/193",
1845
+ "module": "waf"
1835
1846
  },
1836
1847
  "conditions": [
1837
1848
  {
@@ -1876,7 +1887,8 @@
1876
1887
  "category": "attack_attempt",
1877
1888
  "cwe": "77",
1878
1889
  "capec": "1000/152/248/88",
1879
- "confidence": "1"
1890
+ "confidence": "1",
1891
+ "module": "waf"
1880
1892
  },
1881
1893
  "conditions": [
1882
1894
  {
@@ -2388,7 +2400,8 @@
2388
2400
  "category": "attack_attempt",
2389
2401
  "cwe": "77",
2390
2402
  "capec": "1000/152/248/88",
2391
- "confidence": "1"
2403
+ "confidence": "1",
2404
+ "module": "waf"
2392
2405
  },
2393
2406
  "conditions": [
2394
2407
  {
@@ -2436,7 +2449,8 @@
2436
2449
  "category": "attack_attempt",
2437
2450
  "cwe": "706",
2438
2451
  "capec": "1000/225/122/17/177",
2439
- "confidence": "1"
2452
+ "confidence": "1",
2453
+ "module": "waf"
2440
2454
  },
2441
2455
  "conditions": [
2442
2456
  {
@@ -2500,7 +2514,8 @@
2500
2514
  "category": "attack_attempt",
2501
2515
  "cwe": "434",
2502
2516
  "capec": "1000/225/122/17/650",
2503
- "confidence": "1"
2517
+ "confidence": "1",
2518
+ "module": "waf"
2504
2519
  },
2505
2520
  "conditions": [
2506
2521
  {
@@ -2553,7 +2568,8 @@
2553
2568
  "category": "attack_attempt",
2554
2569
  "cwe": "94",
2555
2570
  "capec": "1000/225/122/17/650",
2556
- "confidence": "1"
2571
+ "confidence": "1",
2572
+ "module": "waf"
2557
2573
  },
2558
2574
  "conditions": [
2559
2575
  {
@@ -2620,7 +2636,8 @@
2620
2636
  "crs_id": "933131",
2621
2637
  "category": "attack_attempt",
2622
2638
  "cwe": "94",
2623
- "capec": "1000/225/122/17/650"
2639
+ "capec": "1000/225/122/17/650",
2640
+ "module": "waf"
2624
2641
  },
2625
2642
  "conditions": [
2626
2643
  {
@@ -2665,7 +2682,8 @@
2665
2682
  "category": "attack_attempt",
2666
2683
  "cwe": "94",
2667
2684
  "capec": "1000/225/122/17/650",
2668
- "confidence": "1"
2685
+ "confidence": "1",
2686
+ "module": "waf"
2669
2687
  },
2670
2688
  "conditions": [
2671
2689
  {
@@ -2709,7 +2727,8 @@
2709
2727
  "category": "attack_attempt",
2710
2728
  "cwe": "94",
2711
2729
  "capec": "1000/225/122/17/650",
2712
- "confidence": "1"
2730
+ "confidence": "1",
2731
+ "module": "waf"
2713
2732
  },
2714
2733
  "conditions": [
2715
2734
  {
@@ -2799,7 +2818,8 @@
2799
2818
  "crs_id": "933160",
2800
2819
  "category": "attack_attempt",
2801
2820
  "cwe": "94",
2802
- "capec": "1000/225/122/17/650"
2821
+ "capec": "1000/225/122/17/650",
2822
+ "module": "waf"
2803
2823
  },
2804
2824
  "conditions": [
2805
2825
  {
@@ -2824,7 +2844,7 @@
2824
2844
  "address": "graphql.server.resolver"
2825
2845
  }
2826
2846
  ],
2827
- "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
2847
+ "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)\\s*(?:[;\\.)}\\]|\\\\]|\\?>|%>|$)",
2828
2848
  "options": {
2829
2849
  "case_sensitive": true,
2830
2850
  "min_length": 5
@@ -2844,7 +2864,8 @@
2844
2864
  "category": "attack_attempt",
2845
2865
  "cwe": "502",
2846
2866
  "capec": "1000/152/586",
2847
- "confidence": "1"
2867
+ "confidence": "1",
2868
+ "module": "waf"
2848
2869
  },
2849
2870
  "conditions": [
2850
2871
  {
@@ -2891,7 +2912,8 @@
2891
2912
  "crs_id": "933200",
2892
2913
  "category": "attack_attempt",
2893
2914
  "cwe": "502",
2894
- "capec": "1000/152/586"
2915
+ "capec": "1000/152/586",
2916
+ "module": "waf"
2895
2917
  },
2896
2918
  "conditions": [
2897
2919
  {
@@ -2937,7 +2959,8 @@
2937
2959
  "crs_id": "934100",
2938
2960
  "category": "attack_attempt",
2939
2961
  "cwe": "94",
2940
- "capec": "1000/152/242"
2962
+ "capec": "1000/152/242",
2963
+ "module": "waf"
2941
2964
  },
2942
2965
  "conditions": [
2943
2966
  {
@@ -2982,7 +3005,8 @@
2982
3005
  "category": "attack_attempt",
2983
3006
  "confidence": "1",
2984
3007
  "cwe": "94",
2985
- "capec": "1000/152/242"
3008
+ "capec": "1000/152/242",
3009
+ "module": "waf"
2986
3010
  },
2987
3011
  "conditions": [
2988
3012
  {
@@ -3024,7 +3048,8 @@
3024
3048
  "category": "attack_attempt",
3025
3049
  "cwe": "80",
3026
3050
  "capec": "1000/152/242/63/591",
3027
- "confidence": "1"
3051
+ "confidence": "1",
3052
+ "module": "waf"
3028
3053
  },
3029
3054
  "conditions": [
3030
3055
  {
@@ -3081,7 +3106,8 @@
3081
3106
  "category": "attack_attempt",
3082
3107
  "cwe": "83",
3083
3108
  "capec": "1000/152/242/63/591/243",
3084
- "confidence": "1"
3109
+ "confidence": "1",
3110
+ "module": "waf"
3085
3111
  },
3086
3112
  "conditions": [
3087
3113
  {
@@ -3140,7 +3166,8 @@
3140
3166
  "category": "attack_attempt",
3141
3167
  "cwe": "84",
3142
3168
  "capec": "1000/152/242/63/591/244",
3143
- "confidence": "1"
3169
+ "confidence": "1",
3170
+ "module": "waf"
3144
3171
  },
3145
3172
  "conditions": [
3146
3173
  {
@@ -3199,7 +3226,8 @@
3199
3226
  "category": "attack_attempt",
3200
3227
  "cwe": "83",
3201
3228
  "capec": "1000/152/242/63/591/243",
3202
- "confidence": "1"
3229
+ "confidence": "1",
3230
+ "module": "waf"
3203
3231
  },
3204
3232
  "conditions": [
3205
3233
  {
@@ -3257,7 +3285,8 @@
3257
3285
  "crs_id": "941180",
3258
3286
  "category": "attack_attempt",
3259
3287
  "cwe": "79",
3260
- "capec": "1000/152/242/63/591"
3288
+ "capec": "1000/152/242/63/591",
3289
+ "module": "waf"
3261
3290
  },
3262
3291
  "conditions": [
3263
3292
  {
@@ -3311,7 +3340,8 @@
3311
3340
  "category": "attack_attempt",
3312
3341
  "cwe": "80",
3313
3342
  "capec": "1000/152/242/63/591",
3314
- "confidence": "1"
3343
+ "confidence": "1",
3344
+ "module": "waf"
3315
3345
  },
3316
3346
  "conditions": [
3317
3347
  {
@@ -3358,7 +3388,8 @@
3358
3388
  "category": "attack_attempt",
3359
3389
  "cwe": "80",
3360
3390
  "capec": "1000/152/242/63/591",
3361
- "confidence": "1"
3391
+ "confidence": "1",
3392
+ "module": "waf"
3362
3393
  },
3363
3394
  "conditions": [
3364
3395
  {
@@ -3405,7 +3436,8 @@
3405
3436
  "category": "attack_attempt",
3406
3437
  "cwe": "80",
3407
3438
  "capec": "1000/152/242/63/591",
3408
- "confidence": "1"
3439
+ "confidence": "1",
3440
+ "module": "waf"
3409
3441
  },
3410
3442
  "conditions": [
3411
3443
  {
@@ -3452,7 +3484,8 @@
3452
3484
  "category": "attack_attempt",
3453
3485
  "cwe": "83",
3454
3486
  "capec": "1000/152/242/63/591/243",
3455
- "confidence": "1"
3487
+ "confidence": "1",
3488
+ "module": "waf"
3456
3489
  },
3457
3490
  "conditions": [
3458
3491
  {
@@ -3498,7 +3531,8 @@
3498
3531
  "category": "attack_attempt",
3499
3532
  "cwe": "83",
3500
3533
  "capec": "1000/152/242/63/591/243",
3501
- "confidence": "1"
3534
+ "confidence": "1",
3535
+ "module": "waf"
3502
3536
  },
3503
3537
  "conditions": [
3504
3538
  {
@@ -3545,7 +3579,8 @@
3545
3579
  "crs_id": "941270",
3546
3580
  "category": "attack_attempt",
3547
3581
  "cwe": "83",
3548
- "capec": "1000/152/242/63/591/243"
3582
+ "capec": "1000/152/242/63/591/243",
3583
+ "module": "waf"
3549
3584
  },
3550
3585
  "conditions": [
3551
3586
  {
@@ -3588,7 +3623,8 @@
3588
3623
  "category": "attack_attempt",
3589
3624
  "cwe": "83",
3590
3625
  "capec": "1000/152/242/63/591/243",
3591
- "confidence": "1"
3626
+ "confidence": "1",
3627
+ "module": "waf"
3592
3628
  },
3593
3629
  "conditions": [
3594
3630
  {
@@ -3634,7 +3670,8 @@
3634
3670
  "category": "attack_attempt",
3635
3671
  "cwe": "83",
3636
3672
  "capec": "1000/152/242/63/591/243",
3637
- "confidence": "1"
3673
+ "confidence": "1",
3674
+ "module": "waf"
3638
3675
  },
3639
3676
  "conditions": [
3640
3677
  {
@@ -3680,7 +3717,8 @@
3680
3717
  "category": "attack_attempt",
3681
3718
  "cwe": "83",
3682
3719
  "capec": "1000/152/242/63/591/243",
3683
- "confidence": "1"
3720
+ "confidence": "1",
3721
+ "module": "waf"
3684
3722
  },
3685
3723
  "conditions": [
3686
3724
  {
@@ -3726,7 +3764,8 @@
3726
3764
  "category": "attack_attempt",
3727
3765
  "cwe": "87",
3728
3766
  "capec": "1000/152/242/63/591/199",
3729
- "confidence": "1"
3767
+ "confidence": "1",
3768
+ "module": "waf"
3730
3769
  },
3731
3770
  "conditions": [
3732
3771
  {
@@ -3770,7 +3809,8 @@
3770
3809
  "crs_id": "941360",
3771
3810
  "category": "attack_attempt",
3772
3811
  "cwe": "87",
3773
- "capec": "1000/152/242/63/591/199"
3812
+ "capec": "1000/152/242/63/591/199",
3813
+ "module": "waf"
3774
3814
  },
3775
3815
  "conditions": [
3776
3816
  {
@@ -3815,7 +3855,8 @@
3815
3855
  "category": "attack_attempt",
3816
3856
  "confidence": "1",
3817
3857
  "cwe": "79",
3818
- "capec": "1000/152/242/63/591"
3858
+ "capec": "1000/152/242/63/591",
3859
+ "module": "waf"
3819
3860
  },
3820
3861
  "conditions": [
3821
3862
  {
@@ -3859,7 +3900,8 @@
3859
3900
  "crs_id": "942100",
3860
3901
  "category": "attack_attempt",
3861
3902
  "cwe": "89",
3862
- "capec": "1000/152/248/66"
3903
+ "capec": "1000/152/248/66",
3904
+ "module": "waf"
3863
3905
  },
3864
3906
  "conditions": [
3865
3907
  {
@@ -3898,7 +3940,8 @@
3898
3940
  "category": "attack_attempt",
3899
3941
  "cwe": "89",
3900
3942
  "capec": "1000/152/248/66/7",
3901
- "confidence": "1"
3943
+ "confidence": "1",
3944
+ "module": "waf"
3902
3945
  },
3903
3946
  "conditions": [
3904
3947
  {
@@ -3943,7 +3986,8 @@
3943
3986
  "category": "attack_attempt",
3944
3987
  "cwe": "89",
3945
3988
  "capec": "1000/152/248/66/7",
3946
- "confidence": "1"
3989
+ "confidence": "1",
3990
+ "module": "waf"
3947
3991
  },
3948
3992
  "conditions": [
3949
3993
  {
@@ -3986,7 +4030,8 @@
3986
4030
  "crs_id": "942250",
3987
4031
  "category": "attack_attempt",
3988
4032
  "cwe": "89",
3989
- "capec": "1000/152/248/66"
4033
+ "capec": "1000/152/248/66",
4034
+ "module": "waf"
3990
4035
  },
3991
4036
  "conditions": [
3992
4037
  {
@@ -4030,7 +4075,8 @@
4030
4075
  "crs_id": "942270",
4031
4076
  "category": "attack_attempt",
4032
4077
  "cwe": "89",
4033
- "capec": "1000/152/248/66"
4078
+ "capec": "1000/152/248/66",
4079
+ "module": "waf"
4034
4080
  },
4035
4081
  "conditions": [
4036
4082
  {
@@ -4074,7 +4120,8 @@
4074
4120
  "category": "attack_attempt",
4075
4121
  "cwe": "89",
4076
4122
  "capec": "1000/152/248/66/7",
4077
- "confidence": "1"
4123
+ "confidence": "1",
4124
+ "module": "waf"
4078
4125
  },
4079
4126
  "conditions": [
4080
4127
  {
@@ -4117,7 +4164,8 @@
4117
4164
  "crs_id": "942290",
4118
4165
  "category": "attack_attempt",
4119
4166
  "cwe": "943",
4120
- "capec": "1000/152/248/676"
4167
+ "capec": "1000/152/248/676",
4168
+ "module": "waf"
4121
4169
  },
4122
4170
  "conditions": [
4123
4171
  {
@@ -4163,7 +4211,8 @@
4163
4211
  "crs_id": "942360",
4164
4212
  "category": "attack_attempt",
4165
4213
  "cwe": "89",
4166
- "capec": "1000/152/248/66/470"
4214
+ "capec": "1000/152/248/66/470",
4215
+ "module": "waf"
4167
4216
  },
4168
4217
  "conditions": [
4169
4218
  {
@@ -4206,7 +4255,8 @@
4206
4255
  "crs_id": "942500",
4207
4256
  "category": "attack_attempt",
4208
4257
  "cwe": "89",
4209
- "capec": "1000/152/248/66"
4258
+ "capec": "1000/152/248/66",
4259
+ "module": "waf"
4210
4260
  },
4211
4261
  "conditions": [
4212
4262
  {
@@ -4251,7 +4301,8 @@
4251
4301
  "category": "attack_attempt",
4252
4302
  "cwe": "384",
4253
4303
  "capec": "1000/225/21/593/61",
4254
- "confidence": "1"
4304
+ "confidence": "1",
4305
+ "module": "waf"
4255
4306
  },
4256
4307
  "conditions": [
4257
4308
  {
@@ -4296,7 +4347,8 @@
4296
4347
  "category": "attack_attempt",
4297
4348
  "cwe": "94",
4298
4349
  "capec": "1000/152/242",
4299
- "confidence": "1"
4350
+ "confidence": "1",
4351
+ "module": "waf"
4300
4352
  },
4301
4353
  "conditions": [
4302
4354
  {
@@ -4344,7 +4396,8 @@
4344
4396
  "type": "java_code_injection",
4345
4397
  "category": "attack_attempt",
4346
4398
  "cwe": "94",
4347
- "capec": "1000/152/242"
4399
+ "capec": "1000/152/242",
4400
+ "module": "waf"
4348
4401
  },
4349
4402
  "conditions": [
4350
4403
  {
@@ -4391,7 +4444,8 @@
4391
4444
  "crs_id": "944130",
4392
4445
  "category": "attack_attempt",
4393
4446
  "cwe": "94",
4394
- "capec": "1000/152/242"
4447
+ "capec": "1000/152/242",
4448
+ "module": "waf"
4395
4449
  },
4396
4450
  "conditions": [
4397
4451
  {
@@ -4529,7 +4583,8 @@
4529
4583
  "type": "nosql_injection",
4530
4584
  "category": "attack_attempt",
4531
4585
  "cwe": "943",
4532
- "capec": "1000/152/248/676"
4586
+ "capec": "1000/152/248/676",
4587
+ "module": "waf"
4533
4588
  },
4534
4589
  "conditions": [
4535
4590
  {
@@ -4573,7 +4628,8 @@
4573
4628
  "type": "java_code_injection",
4574
4629
  "category": "attack_attempt",
4575
4630
  "cwe": "94",
4576
- "capec": "1000/152/242"
4631
+ "capec": "1000/152/242",
4632
+ "module": "waf"
4577
4633
  },
4578
4634
  "conditions": [
4579
4635
  {
@@ -4619,7 +4675,8 @@
4619
4675
  "category": "attack_attempt",
4620
4676
  "cwe": "94",
4621
4677
  "capec": "1000/152/242",
4622
- "confidence": "1"
4678
+ "confidence": "1",
4679
+ "module": "waf"
4623
4680
  },
4624
4681
  "conditions": [
4625
4682
  {
@@ -4695,7 +4752,8 @@
4695
4752
  "category": "attack_attempt",
4696
4753
  "cwe": "1321",
4697
4754
  "capec": "1000/152/242",
4698
- "confidence": "1"
4755
+ "confidence": "1",
4756
+ "module": "waf"
4699
4757
  },
4700
4758
  "conditions": [
4701
4759
  {
@@ -4725,7 +4783,8 @@
4725
4783
  "category": "attack_attempt",
4726
4784
  "cwe": "1321",
4727
4785
  "capec": "1000/152/242",
4728
- "confidence": "1"
4786
+ "confidence": "1",
4787
+ "module": "waf"
4729
4788
  },
4730
4789
  "conditions": [
4731
4790
  {
@@ -4769,7 +4828,8 @@
4769
4828
  "category": "attack_attempt",
4770
4829
  "cwe": "1336",
4771
4830
  "capec": "1000/152/242/19",
4772
- "confidence": "1"
4831
+ "confidence": "1",
4832
+ "module": "waf"
4773
4833
  },
4774
4834
  "conditions": [
4775
4835
  {
@@ -4813,7 +4873,8 @@
4813
4873
  "tool_name": "BurpCollaborator",
4814
4874
  "cwe": "200",
4815
4875
  "capec": "1000/118/169",
4816
- "confidence": "1"
4876
+ "confidence": "1",
4877
+ "module": "waf"
4817
4878
  },
4818
4879
  "conditions": [
4819
4880
  {
@@ -4857,7 +4918,8 @@
4857
4918
  "tool_name": "Qualys",
4858
4919
  "cwe": "200",
4859
4920
  "capec": "1000/118/169",
4860
- "confidence": "0"
4921
+ "confidence": "0",
4922
+ "module": "waf"
4861
4923
  },
4862
4924
  "conditions": [
4863
4925
  {
@@ -4901,7 +4963,8 @@
4901
4963
  "tool_name": "Probely",
4902
4964
  "cwe": "200",
4903
4965
  "capec": "1000/118/169",
4904
- "confidence": "0"
4966
+ "confidence": "0",
4967
+ "module": "waf"
4905
4968
  },
4906
4969
  "conditions": [
4907
4970
  {
@@ -4944,7 +5007,8 @@
4944
5007
  "category": "attack_attempt",
4945
5008
  "cwe": "200",
4946
5009
  "capec": "1000/118/169",
4947
- "confidence": "1"
5010
+ "confidence": "1",
5011
+ "module": "waf"
4948
5012
  },
4949
5013
  "conditions": [
4950
5014
  {
@@ -4987,7 +5051,8 @@
4987
5051
  "category": "attack_attempt",
4988
5052
  "cwe": "200",
4989
5053
  "capec": "1000/118/169",
4990
- "confidence": "0"
5054
+ "confidence": "0",
5055
+ "module": "waf"
4991
5056
  },
4992
5057
  "conditions": [
4993
5058
  {
@@ -5031,7 +5096,8 @@
5031
5096
  "tool_name": "Rapid7",
5032
5097
  "cwe": "200",
5033
5098
  "capec": "1000/118/169",
5034
- "confidence": "0"
5099
+ "confidence": "0",
5100
+ "module": "waf"
5035
5101
  },
5036
5102
  "conditions": [
5037
5103
  {
@@ -5075,7 +5141,8 @@
5075
5141
  "tool_name": "interact.sh",
5076
5142
  "cwe": "200",
5077
5143
  "capec": "1000/118/169",
5078
- "confidence": "1"
5144
+ "confidence": "1",
5145
+ "module": "waf"
5079
5146
  },
5080
5147
  "conditions": [
5081
5148
  {
@@ -5119,7 +5186,8 @@
5119
5186
  "tool_name": "Netsparker",
5120
5187
  "cwe": "200",
5121
5188
  "capec": "1000/118/169",
5122
- "confidence": "0"
5189
+ "confidence": "0",
5190
+ "module": "waf"
5123
5191
  },
5124
5192
  "conditions": [
5125
5193
  {
@@ -5167,7 +5235,8 @@
5167
5235
  "tool_name": "WhiteHatSecurity",
5168
5236
  "cwe": "200",
5169
5237
  "capec": "1000/118/169",
5170
- "confidence": "0"
5238
+ "confidence": "0",
5239
+ "module": "waf"
5171
5240
  },
5172
5241
  "conditions": [
5173
5242
  {
@@ -5215,7 +5284,8 @@
5215
5284
  "tool_name": "Nessus",
5216
5285
  "cwe": "200",
5217
5286
  "capec": "1000/118/169",
5218
- "confidence": "0"
5287
+ "confidence": "0",
5288
+ "module": "waf"
5219
5289
  },
5220
5290
  "conditions": [
5221
5291
  {
@@ -5263,7 +5333,8 @@
5263
5333
  "tool_name": "Watchtowr",
5264
5334
  "cwe": "200",
5265
5335
  "capec": "1000/118/169",
5266
- "confidence": "0"
5336
+ "confidence": "0",
5337
+ "module": "waf"
5267
5338
  },
5268
5339
  "conditions": [
5269
5340
  {
@@ -5311,7 +5382,8 @@
5311
5382
  "tool_name": "AppCheckNG",
5312
5383
  "cwe": "200",
5313
5384
  "capec": "1000/118/169",
5314
- "confidence": "0"
5385
+ "confidence": "0",
5386
+ "module": "waf"
5315
5387
  },
5316
5388
  "conditions": [
5317
5389
  {
@@ -5358,7 +5430,8 @@
5358
5430
  "category": "attack_attempt",
5359
5431
  "cwe": "287",
5360
5432
  "capec": "1000/225/115",
5361
- "confidence": "0"
5433
+ "confidence": "0",
5434
+ "module": "waf"
5362
5435
  },
5363
5436
  "conditions": [
5364
5437
  {
@@ -5392,7 +5465,8 @@
5392
5465
  "category": "attack_attempt",
5393
5466
  "cwe": "98",
5394
5467
  "capec": "1000/152/175/253/193",
5395
- "confidence": "1"
5468
+ "confidence": "1",
5469
+ "module": "waf"
5396
5470
  },
5397
5471
  "conditions": [
5398
5472
  {
@@ -5436,7 +5510,8 @@
5436
5510
  "category": "attack_attempt",
5437
5511
  "cwe": "77",
5438
5512
  "capec": "1000/152/248/88",
5439
- "confidence": "0"
5513
+ "confidence": "0",
5514
+ "module": "waf"
5440
5515
  },
5441
5516
  "conditions": [
5442
5517
  {
@@ -5483,7 +5558,8 @@
5483
5558
  "category": "attack_attempt",
5484
5559
  "cwe": "91",
5485
5560
  "capec": "1000/152/248/250",
5486
- "confidence": "1"
5561
+ "confidence": "1",
5562
+ "module": "waf"
5487
5563
  },
5488
5564
  "conditions": [
5489
5565
  {
@@ -5521,7 +5597,8 @@
5521
5597
  "category": "attack_attempt",
5522
5598
  "cwe": "83",
5523
5599
  "capec": "1000/152/242/63/591/243",
5524
- "confidence": "1"
5600
+ "confidence": "1",
5601
+ "module": "waf"
5525
5602
  },
5526
5603
  "conditions": [
5527
5604
  {
@@ -5579,7 +5656,8 @@
5579
5656
  "category": "attack_attempt",
5580
5657
  "cwe": "83",
5581
5658
  "capec": "1000/152/242/63/591/243",
5582
- "confidence": "1"
5659
+ "confidence": "1",
5660
+ "module": "waf"
5583
5661
  },
5584
5662
  "conditions": [
5585
5663
  {
@@ -5866,7 +5944,8 @@
5866
5944
  "category": "attack_attempt",
5867
5945
  "cwe": "200",
5868
5946
  "capec": "1000/118/169",
5869
- "confidence": "1"
5947
+ "confidence": "1",
5948
+ "module": "waf"
5870
5949
  },
5871
5950
  "conditions": [
5872
5951
  {
@@ -5908,7 +5987,8 @@
5908
5987
  "category": "attack_attempt",
5909
5988
  "cwe": "200",
5910
5989
  "capec": "1000/118/169",
5911
- "confidence": "1"
5990
+ "confidence": "1",
5991
+ "module": "waf"
5912
5992
  },
5913
5993
  "conditions": [
5914
5994
  {
@@ -5950,7 +6030,8 @@
5950
6030
  "category": "attack_attempt",
5951
6031
  "cwe": "200",
5952
6032
  "capec": "1000/118/169",
5953
- "confidence": "1"
6033
+ "confidence": "1",
6034
+ "module": "waf"
5954
6035
  },
5955
6036
  "conditions": [
5956
6037
  {
@@ -5992,7 +6073,8 @@
5992
6073
  "category": "attack_attempt",
5993
6074
  "cwe": "200",
5994
6075
  "capec": "1000/118/169",
5995
- "confidence": "1"
6076
+ "confidence": "1",
6077
+ "module": "waf"
5996
6078
  },
5997
6079
  "conditions": [
5998
6080
  {
@@ -6034,7 +6116,8 @@
6034
6116
  "category": "attack_attempt",
6035
6117
  "cwe": "200",
6036
6118
  "capec": "1000/118/169",
6037
- "confidence": "1"
6119
+ "confidence": "1",
6120
+ "module": "waf"
6038
6121
  },
6039
6122
  "conditions": [
6040
6123
  {
@@ -6059,7 +6142,7 @@
6059
6142
  "address": "server.request.uri.raw"
6060
6143
  }
6061
6144
  ],
6062
- "regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)",
6145
+ "regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([?#&/]|$)",
6063
6146
  "options": {
6064
6147
  "case_sensitive": false
6065
6148
  }
@@ -6076,7 +6159,8 @@
6076
6159
  "category": "attack_attempt",
6077
6160
  "cwe": "200",
6078
6161
  "capec": "1000/118/169",
6079
- "confidence": "1"
6162
+ "confidence": "1",
6163
+ "module": "waf"
6080
6164
  },
6081
6165
  "conditions": [
6082
6166
  {
@@ -6118,7 +6202,8 @@
6118
6202
  "category": "attack_attempt",
6119
6203
  "cwe": "200",
6120
6204
  "capec": "1000/118/169",
6121
- "confidence": "1"
6205
+ "confidence": "1",
6206
+ "module": "waf"
6122
6207
  },
6123
6208
  "conditions": [
6124
6209
  {
@@ -6160,7 +6245,8 @@
6160
6245
  "category": "attack_attempt",
6161
6246
  "cwe": "200",
6162
6247
  "capec": "1000/118/169",
6163
- "confidence": "1"
6248
+ "confidence": "1",
6249
+ "module": "waf"
6164
6250
  },
6165
6251
  "conditions": [
6166
6252
  {
@@ -6202,7 +6288,8 @@
6202
6288
  "category": "attack_attempt",
6203
6289
  "cwe": "200",
6204
6290
  "capec": "1000/118/169",
6205
- "confidence": "0"
6291
+ "confidence": "0",
6292
+ "module": "waf"
6206
6293
  },
6207
6294
  "conditions": [
6208
6295
  {
@@ -6276,7 +6363,7 @@
6276
6363
  }
6277
6364
  ]
6278
6365
  },
6279
- "operator": "lfi_detector"
6366
+ "operator": "lfi_detector@v2"
6280
6367
  }
6281
6368
  ],
6282
6369
  "transformers": [],
@@ -6286,7 +6373,7 @@
6286
6373
  },
6287
6374
  {
6288
6375
  "id": "rasp-932-100",
6289
- "name": "Shell injection exploit",
6376
+ "name": "Shell command injection exploit",
6290
6377
  "tags": {
6291
6378
  "type": "command_injection",
6292
6379
  "category": "vulnerability_trigger",
@@ -6332,6 +6419,54 @@
6332
6419
  "stack_trace"
6333
6420
  ]
6334
6421
  },
6422
+ {
6423
+ "id": "rasp-932-110",
6424
+ "name": "OS command injection exploit",
6425
+ "tags": {
6426
+ "type": "command_injection",
6427
+ "category": "vulnerability_trigger",
6428
+ "cwe": "77",
6429
+ "capec": "1000/152/248/88",
6430
+ "confidence": "0",
6431
+ "module": "rasp"
6432
+ },
6433
+ "conditions": [
6434
+ {
6435
+ "parameters": {
6436
+ "resource": [
6437
+ {
6438
+ "address": "server.sys.exec.cmd"
6439
+ }
6440
+ ],
6441
+ "params": [
6442
+ {
6443
+ "address": "server.request.query"
6444
+ },
6445
+ {
6446
+ "address": "server.request.body"
6447
+ },
6448
+ {
6449
+ "address": "server.request.path_params"
6450
+ },
6451
+ {
6452
+ "address": "grpc.server.request.message"
6453
+ },
6454
+ {
6455
+ "address": "graphql.server.all_resolvers"
6456
+ },
6457
+ {
6458
+ "address": "graphql.server.resolver"
6459
+ }
6460
+ ]
6461
+ },
6462
+ "operator": "cmdi_detector"
6463
+ }
6464
+ ],
6465
+ "transformers": [],
6466
+ "on_match": [
6467
+ "stack_trace"
6468
+ ]
6469
+ },
6335
6470
  {
6336
6471
  "id": "rasp-934-100",
6337
6472
  "name": "Server-side request forgery exploit",
@@ -6422,7 +6557,7 @@
6422
6557
  }
6423
6558
  ]
6424
6559
  },
6425
- "operator": "sqli_detector"
6560
+ "operator": "sqli_detector@v2"
6426
6561
  }
6427
6562
  ],
6428
6563
  "transformers": [],
@@ -6438,7 +6573,8 @@
6438
6573
  "category": "attack_attempt",
6439
6574
  "cwe": "918",
6440
6575
  "capec": "1000/225/115/664",
6441
- "confidence": "1"
6576
+ "confidence": "1",
6577
+ "module": "waf"
6442
6578
  },
6443
6579
  "conditions": [
6444
6580
  {
@@ -6482,7 +6618,8 @@
6482
6618
  "type": "js_code_injection",
6483
6619
  "category": "attack_attempt",
6484
6620
  "cwe": "94",
6485
- "capec": "1000/152/242"
6621
+ "capec": "1000/152/242",
6622
+ "module": "waf"
6486
6623
  },
6487
6624
  "conditions": [
6488
6625
  {
@@ -6527,7 +6664,8 @@
6527
6664
  "category": "attack_attempt",
6528
6665
  "cwe": "78",
6529
6666
  "capec": "1000/152/248/88",
6530
- "confidence": "1"
6667
+ "confidence": "1",
6668
+ "module": "waf"
6531
6669
  },
6532
6670
  "conditions": [
6533
6671
  {
@@ -6570,7 +6708,8 @@
6570
6708
  "category": "attack_attempt",
6571
6709
  "cwe": "78",
6572
6710
  "capec": "1000/152/248/88",
6573
- "confidence": "1"
6711
+ "confidence": "1",
6712
+ "module": "waf"
6574
6713
  },
6575
6714
  "conditions": [
6576
6715
  {
@@ -6615,7 +6754,8 @@
6615
6754
  "category": "attack_attempt",
6616
6755
  "cwe": "78",
6617
6756
  "capec": "1000/152/248/88",
6618
- "confidence": "1"
6757
+ "confidence": "1",
6758
+ "module": "waf"
6619
6759
  },
6620
6760
  "conditions": [
6621
6761
  {
@@ -6658,7 +6798,8 @@
6658
6798
  "category": "attack_attempt",
6659
6799
  "cwe": "918",
6660
6800
  "capec": "1000/225/115/664",
6661
- "confidence": "1"
6801
+ "confidence": "1",
6802
+ "module": "waf"
6662
6803
  },
6663
6804
  "conditions": [
6664
6805
  {
@@ -6701,7 +6842,8 @@
6701
6842
  "category": "attack_attempt",
6702
6843
  "cwe": "918",
6703
6844
  "capec": "1000/225/115/664",
6704
- "confidence": "0"
6845
+ "confidence": "0",
6846
+ "module": "waf"
6705
6847
  },
6706
6848
  "conditions": [
6707
6849
  {
@@ -6743,7 +6885,8 @@
6743
6885
  "category": "attack_attempt",
6744
6886
  "cwe": "918",
6745
6887
  "capec": "1000/225/115/664",
6746
- "confidence": "0"
6888
+ "confidence": "0",
6889
+ "module": "waf"
6747
6890
  },
6748
6891
  "conditions": [
6749
6892
  {
@@ -6785,7 +6928,8 @@
6785
6928
  "category": "attack_attempt",
6786
6929
  "cwe": "918",
6787
6930
  "capec": "1000/225/115/664",
6788
- "confidence": "1"
6931
+ "confidence": "1",
6932
+ "module": "waf"
6789
6933
  },
6790
6934
  "conditions": [
6791
6935
  {
@@ -6828,7 +6972,8 @@
6828
6972
  "category": "attack_attempt",
6829
6973
  "cwe": "918",
6830
6974
  "capec": "1000/225/115/664",
6831
- "confidence": "0"
6975
+ "confidence": "0",
6976
+ "module": "waf"
6832
6977
  },
6833
6978
  "conditions": [
6834
6979
  {
@@ -6870,7 +7015,8 @@
6870
7015
  "category": "attack_attempt",
6871
7016
  "cwe": "94",
6872
7017
  "capec": "1000/152/242",
6873
- "confidence": "1"
7018
+ "confidence": "1",
7019
+ "module": "waf"
6874
7020
  },
6875
7021
  "conditions": [
6876
7022
  {
@@ -6916,7 +7062,8 @@
6916
7062
  "cwe": "200",
6917
7063
  "capec": "1000/118/169",
6918
7064
  "tool_name": "Joomla exploitation tool",
6919
- "confidence": "1"
7065
+ "confidence": "1",
7066
+ "module": "waf"
6920
7067
  },
6921
7068
  "conditions": [
6922
7069
  {
@@ -6945,7 +7092,8 @@
6945
7092
  "cwe": "200",
6946
7093
  "capec": "1000/118/169",
6947
7094
  "tool_name": "Nessus",
6948
- "confidence": "1"
7095
+ "confidence": "1",
7096
+ "module": "waf"
6949
7097
  },
6950
7098
  "conditions": [
6951
7099
  {
@@ -6974,7 +7122,8 @@
6974
7122
  "cwe": "200",
6975
7123
  "capec": "1000/118/169",
6976
7124
  "tool_name": "Arachni",
6977
- "confidence": "1"
7125
+ "confidence": "1",
7126
+ "module": "waf"
6978
7127
  },
6979
7128
  "conditions": [
6980
7129
  {
@@ -7003,7 +7152,8 @@
7003
7152
  "cwe": "200",
7004
7153
  "capec": "1000/118/169",
7005
7154
  "tool_name": "Jorgee",
7006
- "confidence": "1"
7155
+ "confidence": "1",
7156
+ "module": "waf"
7007
7157
  },
7008
7158
  "conditions": [
7009
7159
  {
@@ -7032,7 +7182,8 @@
7032
7182
  "cwe": "200",
7033
7183
  "capec": "1000/118/169",
7034
7184
  "tool_name": "Probely",
7035
- "confidence": "0"
7185
+ "confidence": "0",
7186
+ "module": "waf"
7036
7187
  },
7037
7188
  "conditions": [
7038
7189
  {
@@ -7061,7 +7212,8 @@
7061
7212
  "cwe": "200",
7062
7213
  "capec": "1000/118/169",
7063
7214
  "tool_name": "Metis",
7064
- "confidence": "1"
7215
+ "confidence": "1",
7216
+ "module": "waf"
7065
7217
  },
7066
7218
  "conditions": [
7067
7219
  {
@@ -7090,7 +7242,8 @@
7090
7242
  "cwe": "200",
7091
7243
  "capec": "1000/118/169",
7092
7244
  "tool_name": "SQLPowerInjector",
7093
- "confidence": "1"
7245
+ "confidence": "1",
7246
+ "module": "waf"
7094
7247
  },
7095
7248
  "conditions": [
7096
7249
  {
@@ -7119,7 +7272,8 @@
7119
7272
  "cwe": "200",
7120
7273
  "capec": "1000/118/169",
7121
7274
  "tool_name": "N-Stealth",
7122
- "confidence": "1"
7275
+ "confidence": "1",
7276
+ "module": "waf"
7123
7277
  },
7124
7278
  "conditions": [
7125
7279
  {
@@ -7148,7 +7302,8 @@
7148
7302
  "cwe": "200",
7149
7303
  "capec": "1000/118/169",
7150
7304
  "tool_name": "Brutus",
7151
- "confidence": "1"
7305
+ "confidence": "1",
7306
+ "module": "waf"
7152
7307
  },
7153
7308
  "conditions": [
7154
7309
  {
@@ -7176,7 +7331,8 @@
7176
7331
  "category": "attack_attempt",
7177
7332
  "cwe": "200",
7178
7333
  "capec": "1000/118/169",
7179
- "confidence": "1"
7334
+ "confidence": "1",
7335
+ "module": "waf"
7180
7336
  },
7181
7337
  "conditions": [
7182
7338
  {
@@ -7205,7 +7361,8 @@
7205
7361
  "cwe": "200",
7206
7362
  "capec": "1000/118/169",
7207
7363
  "tool_name": "Netsparker",
7208
- "confidence": "0"
7364
+ "confidence": "0",
7365
+ "module": "waf"
7209
7366
  },
7210
7367
  "conditions": [
7211
7368
  {
@@ -7234,7 +7391,8 @@
7234
7391
  "cwe": "200",
7235
7392
  "capec": "1000/118/169",
7236
7393
  "tool_name": "JAASCois",
7237
- "confidence": "1"
7394
+ "confidence": "1",
7395
+ "module": "waf"
7238
7396
  },
7239
7397
  "conditions": [
7240
7398
  {
@@ -7263,7 +7421,8 @@
7263
7421
  "cwe": "200",
7264
7422
  "capec": "1000/118/169",
7265
7423
  "tool_name": "Nsauditor",
7266
- "confidence": "1"
7424
+ "confidence": "1",
7425
+ "module": "waf"
7267
7426
  },
7268
7427
  "conditions": [
7269
7428
  {
@@ -7292,7 +7451,8 @@
7292
7451
  "cwe": "200",
7293
7452
  "capec": "1000/118/169",
7294
7453
  "tool_name": "Paros",
7295
- "confidence": "1"
7454
+ "confidence": "1",
7455
+ "module": "waf"
7296
7456
  },
7297
7457
  "conditions": [
7298
7458
  {
@@ -7321,7 +7481,8 @@
7321
7481
  "cwe": "200",
7322
7482
  "capec": "1000/118/169",
7323
7483
  "tool_name": "DirBuster",
7324
- "confidence": "1"
7484
+ "confidence": "1",
7485
+ "module": "waf"
7325
7486
  },
7326
7487
  "conditions": [
7327
7488
  {
@@ -7350,7 +7511,8 @@
7350
7511
  "cwe": "200",
7351
7512
  "capec": "1000/118/169",
7352
7513
  "tool_name": "Pangolin",
7353
- "confidence": "1"
7514
+ "confidence": "1",
7515
+ "module": "waf"
7354
7516
  },
7355
7517
  "conditions": [
7356
7518
  {
@@ -7379,7 +7541,8 @@
7379
7541
  "cwe": "200",
7380
7542
  "capec": "1000/118/169",
7381
7543
  "tool_name": "Qualys",
7382
- "confidence": "0"
7544
+ "confidence": "0",
7545
+ "module": "waf"
7383
7546
  },
7384
7547
  "conditions": [
7385
7548
  {
@@ -7408,7 +7571,8 @@
7408
7571
  "cwe": "200",
7409
7572
  "capec": "1000/118/169",
7410
7573
  "tool_name": "SQLNinja",
7411
- "confidence": "1"
7574
+ "confidence": "1",
7575
+ "module": "waf"
7412
7576
  },
7413
7577
  "conditions": [
7414
7578
  {
@@ -7437,7 +7601,8 @@
7437
7601
  "cwe": "200",
7438
7602
  "capec": "1000/118/169",
7439
7603
  "tool_name": "Nikto",
7440
- "confidence": "1"
7604
+ "confidence": "1",
7605
+ "module": "waf"
7441
7606
  },
7442
7607
  "conditions": [
7443
7608
  {
@@ -7466,7 +7631,8 @@
7466
7631
  "cwe": "200",
7467
7632
  "capec": "1000/118/169",
7468
7633
  "tool_name": "BlackWidow",
7469
- "confidence": "1"
7634
+ "confidence": "1",
7635
+ "module": "waf"
7470
7636
  },
7471
7637
  "conditions": [
7472
7638
  {
@@ -7495,7 +7661,8 @@
7495
7661
  "cwe": "200",
7496
7662
  "capec": "1000/118/169",
7497
7663
  "tool_name": "Grendel-Scan",
7498
- "confidence": "1"
7664
+ "confidence": "1",
7665
+ "module": "waf"
7499
7666
  },
7500
7667
  "conditions": [
7501
7668
  {
@@ -7524,7 +7691,8 @@
7524
7691
  "cwe": "200",
7525
7692
  "capec": "1000/118/169",
7526
7693
  "tool_name": "Havij",
7527
- "confidence": "1"
7694
+ "confidence": "1",
7695
+ "module": "waf"
7528
7696
  },
7529
7697
  "conditions": [
7530
7698
  {
@@ -7553,7 +7721,8 @@
7553
7721
  "cwe": "200",
7554
7722
  "capec": "1000/118/169",
7555
7723
  "tool_name": "w3af",
7556
- "confidence": "1"
7724
+ "confidence": "1",
7725
+ "module": "waf"
7557
7726
  },
7558
7727
  "conditions": [
7559
7728
  {
@@ -7582,7 +7751,8 @@
7582
7751
  "cwe": "200",
7583
7752
  "capec": "1000/118/169",
7584
7753
  "tool_name": "Nmap",
7585
- "confidence": "1"
7754
+ "confidence": "1",
7755
+ "module": "waf"
7586
7756
  },
7587
7757
  "conditions": [
7588
7758
  {
@@ -7611,7 +7781,8 @@
7611
7781
  "cwe": "200",
7612
7782
  "capec": "1000/118/169",
7613
7783
  "tool_name": "Nessus",
7614
- "confidence": "1"
7784
+ "confidence": "1",
7785
+ "module": "waf"
7615
7786
  },
7616
7787
  "conditions": [
7617
7788
  {
@@ -7640,7 +7811,8 @@
7640
7811
  "cwe": "200",
7641
7812
  "capec": "1000/118/169",
7642
7813
  "tool_name": "EvilScanner",
7643
- "confidence": "1"
7814
+ "confidence": "1",
7815
+ "module": "waf"
7644
7816
  },
7645
7817
  "conditions": [
7646
7818
  {
@@ -7669,7 +7841,8 @@
7669
7841
  "cwe": "200",
7670
7842
  "capec": "1000/118/169",
7671
7843
  "tool_name": "WebFuck",
7672
- "confidence": "1"
7844
+ "confidence": "1",
7845
+ "module": "waf"
7673
7846
  },
7674
7847
  "conditions": [
7675
7848
  {
@@ -7698,7 +7871,8 @@
7698
7871
  "cwe": "200",
7699
7872
  "capec": "1000/118/169",
7700
7873
  "tool_name": "OpenVAS",
7701
- "confidence": "1"
7874
+ "confidence": "1",
7875
+ "module": "waf"
7702
7876
  },
7703
7877
  "conditions": [
7704
7878
  {
@@ -7727,7 +7901,8 @@
7727
7901
  "cwe": "200",
7728
7902
  "capec": "1000/118/169",
7729
7903
  "tool_name": "Spider-Pig",
7730
- "confidence": "1"
7904
+ "confidence": "1",
7905
+ "module": "waf"
7731
7906
  },
7732
7907
  "conditions": [
7733
7908
  {
@@ -7756,7 +7931,8 @@
7756
7931
  "cwe": "200",
7757
7932
  "capec": "1000/118/169",
7758
7933
  "tool_name": "Zgrab",
7759
- "confidence": "1"
7934
+ "confidence": "1",
7935
+ "module": "waf"
7760
7936
  },
7761
7937
  "conditions": [
7762
7938
  {
@@ -7785,7 +7961,8 @@
7785
7961
  "cwe": "200",
7786
7962
  "capec": "1000/118/169",
7787
7963
  "tool_name": "Zmeu",
7788
- "confidence": "1"
7964
+ "confidence": "1",
7965
+ "module": "waf"
7789
7966
  },
7790
7967
  "conditions": [
7791
7968
  {
@@ -7814,7 +7991,8 @@
7814
7991
  "cwe": "200",
7815
7992
  "capec": "1000/118/169",
7816
7993
  "tool_name": "GoogleSecurityScanner",
7817
- "confidence": "0"
7994
+ "confidence": "0",
7995
+ "module": "waf"
7818
7996
  },
7819
7997
  "conditions": [
7820
7998
  {
@@ -7843,7 +8021,8 @@
7843
8021
  "cwe": "200",
7844
8022
  "capec": "1000/118/169",
7845
8023
  "tool_name": "Commix",
7846
- "confidence": "1"
8024
+ "confidence": "1",
8025
+ "module": "waf"
7847
8026
  },
7848
8027
  "conditions": [
7849
8028
  {
@@ -7872,7 +8051,8 @@
7872
8051
  "cwe": "200",
7873
8052
  "capec": "1000/118/169",
7874
8053
  "tool_name": "Gobuster",
7875
- "confidence": "1"
8054
+ "confidence": "1",
8055
+ "module": "waf"
7876
8056
  },
7877
8057
  "conditions": [
7878
8058
  {
@@ -7901,7 +8081,8 @@
7901
8081
  "cwe": "200",
7902
8082
  "capec": "1000/118/169",
7903
8083
  "tool_name": "CGIchk",
7904
- "confidence": "1"
8084
+ "confidence": "1",
8085
+ "module": "waf"
7905
8086
  },
7906
8087
  "conditions": [
7907
8088
  {
@@ -7930,7 +8111,8 @@
7930
8111
  "cwe": "200",
7931
8112
  "capec": "1000/118/169",
7932
8113
  "tool_name": "FFUF",
7933
- "confidence": "1"
8114
+ "confidence": "1",
8115
+ "module": "waf"
7934
8116
  },
7935
8117
  "conditions": [
7936
8118
  {
@@ -7959,7 +8141,8 @@
7959
8141
  "cwe": "200",
7960
8142
  "capec": "1000/118/169",
7961
8143
  "tool_name": "Nuclei",
7962
- "confidence": "1"
8144
+ "confidence": "1",
8145
+ "module": "waf"
7963
8146
  },
7964
8147
  "conditions": [
7965
8148
  {
@@ -7988,7 +8171,8 @@
7988
8171
  "cwe": "200",
7989
8172
  "capec": "1000/118/169",
7990
8173
  "tool_name": "Tsunami",
7991
- "confidence": "1"
8174
+ "confidence": "1",
8175
+ "module": "waf"
7992
8176
  },
7993
8177
  "conditions": [
7994
8178
  {
@@ -8017,7 +8201,8 @@
8017
8201
  "cwe": "200",
8018
8202
  "capec": "1000/118/169",
8019
8203
  "tool_name": "Nimbostratus",
8020
- "confidence": "1"
8204
+ "confidence": "1",
8205
+ "module": "waf"
8021
8206
  },
8022
8207
  "conditions": [
8023
8208
  {
@@ -8046,7 +8231,8 @@
8046
8231
  "cwe": "200",
8047
8232
  "capec": "1000/118/169",
8048
8233
  "tool_name": "Datadog Canary Test",
8049
- "confidence": "1"
8234
+ "confidence": "1",
8235
+ "module": "waf"
8050
8236
  },
8051
8237
  "conditions": [
8052
8238
  {
@@ -8081,7 +8267,8 @@
8081
8267
  "cwe": "200",
8082
8268
  "capec": "1000/118/169",
8083
8269
  "tool_name": "Datadog Canary Test",
8084
- "confidence": "1"
8270
+ "confidence": "1",
8271
+ "module": "waf"
8085
8272
  },
8086
8273
  "conditions": [
8087
8274
  {
@@ -8119,7 +8306,8 @@
8119
8306
  "cwe": "200",
8120
8307
  "capec": "1000/118/169",
8121
8308
  "tool_name": "AlertLogic",
8122
- "confidence": "0"
8309
+ "confidence": "0",
8310
+ "module": "waf"
8123
8311
  },
8124
8312
  "conditions": [
8125
8313
  {
@@ -8148,7 +8336,8 @@
8148
8336
  "cwe": "200",
8149
8337
  "capec": "1000/118/169",
8150
8338
  "tool_name": "wfuzz",
8151
- "confidence": "1"
8339
+ "confidence": "1",
8340
+ "module": "waf"
8152
8341
  },
8153
8342
  "conditions": [
8154
8343
  {
@@ -8177,7 +8366,8 @@
8177
8366
  "cwe": "200",
8178
8367
  "capec": "1000/118/169",
8179
8368
  "tool_name": "Detectify",
8180
- "confidence": "0"
8369
+ "confidence": "0",
8370
+ "module": "waf"
8181
8371
  },
8182
8372
  "conditions": [
8183
8373
  {
@@ -8206,7 +8396,8 @@
8206
8396
  "cwe": "200",
8207
8397
  "capec": "1000/118/169",
8208
8398
  "tool_name": "BSQLBF",
8209
- "confidence": "1"
8399
+ "confidence": "1",
8400
+ "module": "waf"
8210
8401
  },
8211
8402
  "conditions": [
8212
8403
  {
@@ -8235,7 +8426,8 @@
8235
8426
  "cwe": "200",
8236
8427
  "capec": "1000/118/169",
8237
8428
  "tool_name": "masscan",
8238
- "confidence": "1"
8429
+ "confidence": "1",
8430
+ "module": "waf"
8239
8431
  },
8240
8432
  "conditions": [
8241
8433
  {
@@ -8264,7 +8456,8 @@
8264
8456
  "cwe": "200",
8265
8457
  "capec": "1000/118/169",
8266
8458
  "tool_name": "WPScan",
8267
- "confidence": "1"
8459
+ "confidence": "1",
8460
+ "module": "waf"
8268
8461
  },
8269
8462
  "conditions": [
8270
8463
  {
@@ -8293,7 +8486,8 @@
8293
8486
  "cwe": "200",
8294
8487
  "capec": "1000/118/169",
8295
8488
  "tool_name": "Aon",
8296
- "confidence": "0"
8489
+ "confidence": "0",
8490
+ "module": "waf"
8297
8491
  },
8298
8492
  "conditions": [
8299
8493
  {
@@ -8322,7 +8516,8 @@
8322
8516
  "cwe": "200",
8323
8517
  "capec": "1000/118/169",
8324
8518
  "tool_name": "feroxbuster",
8325
- "confidence": "1"
8519
+ "confidence": "1",
8520
+ "module": "waf"
8326
8521
  },
8327
8522
  "conditions": [
8328
8523
  {
@@ -8350,7 +8545,8 @@
8350
8545
  "category": "attack_attempt",
8351
8546
  "cwe": "200",
8352
8547
  "capec": "1000/118/169",
8353
- "confidence": "1"
8548
+ "confidence": "1",
8549
+ "module": "waf"
8354
8550
  },
8355
8551
  "conditions": [
8356
8552
  {
@@ -8382,7 +8578,8 @@
8382
8578
  "cwe": "200",
8383
8579
  "capec": "1000/118/169",
8384
8580
  "tool_name": "SQLmap",
8385
- "confidence": "1"
8581
+ "confidence": "1",
8582
+ "module": "waf"
8386
8583
  },
8387
8584
  "conditions": [
8388
8585
  {
@@ -8411,7 +8608,8 @@
8411
8608
  "cwe": "200",
8412
8609
  "capec": "1000/118/169",
8413
8610
  "tool_name": "Skipfish",
8414
- "confidence": "1"
8611
+ "confidence": "1",
8612
+ "module": "waf"
8415
8613
  },
8416
8614
  "conditions": [
8417
8615
  {
@@ -9776,4 +9974,4 @@
9776
9974
  }
9777
9975
  }
9778
9976
  ]
9779
- }
9977
+ }