dd-trace 2.25.1 → 2.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +50 -0
- package/package.json +1 -1
- package/packages/datadog-instrumentations/src/fs.js +350 -4
- package/packages/datadog-instrumentations/src/helpers/hooks.js +2 -0
- package/packages/datadog-instrumentations/src/jest.js +11 -1
- package/packages/datadog-instrumentations/src/mocha.js +3 -2
- package/packages/datadog-instrumentations/src/mysql.js +7 -1
- package/packages/datadog-instrumentations/src/mysql2.js +7 -1
- package/packages/datadog-instrumentations/src/playwright.js +236 -0
- package/packages/datadog-plugin-fs/src/index.js +37 -574
- package/packages/datadog-plugin-jest/src/index.js +45 -23
- package/packages/datadog-plugin-mocha/src/index.js +34 -6
- package/packages/datadog-plugin-mysql/src/index.js +8 -7
- package/packages/datadog-plugin-playwright/src/index.js +171 -0
- package/packages/dd-trace/src/appsec/callbacks/ddwaf.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +1 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js +60 -0
- package/packages/dd-trace/src/appsec/index.js +1 -1
- package/packages/dd-trace/src/appsec/recommended.json +247 -112
- package/packages/dd-trace/src/appsec/sdk/index.js +23 -0
- package/packages/dd-trace/src/appsec/sdk/noop.js +11 -0
- package/packages/dd-trace/src/appsec/sdk/track_event.js +74 -0
- package/packages/dd-trace/src/appsec/sdk/utils.js +10 -0
- package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +1 -1
- package/packages/dd-trace/src/config.js +7 -0
- package/packages/dd-trace/src/encode/agentless-ci-visibility.js +44 -4
- package/packages/dd-trace/src/encode/coverage-ci-visibility.js +52 -37
- package/packages/dd-trace/src/log/channels.js +47 -0
- package/packages/dd-trace/src/log/index.js +79 -0
- package/packages/dd-trace/src/log/writer.js +108 -0
- package/packages/dd-trace/src/noop/proxy.js +3 -0
- package/packages/dd-trace/src/plugins/index.js +1 -0
- package/packages/dd-trace/src/plugins/util/ci.js +13 -21
- package/packages/dd-trace/src/{appsec → plugins/util}/ip_blocklist.js +0 -0
- package/packages/dd-trace/src/{appsec → plugins/util}/ip_extractor.js +1 -1
- package/packages/dd-trace/src/plugins/util/test.js +27 -10
- package/packages/dd-trace/src/plugins/util/user-provided-git.js +2 -7
- package/packages/dd-trace/src/plugins/util/web.js +11 -0
- package/packages/dd-trace/src/proxy.js +2 -0
- package/packages/dd-trace/src/startup-log.js +1 -1
- package/scripts/check-proposal-labels.js +71 -0
- package/packages/dd-trace/src/log.js +0 -143
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.
|
|
4
|
+
"rules_version": "1.5.0"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -29,13 +29,39 @@
|
|
|
29
29
|
"block"
|
|
30
30
|
]
|
|
31
31
|
},
|
|
32
|
+
{
|
|
33
|
+
"id": "blk-001-002",
|
|
34
|
+
"name": "Block User Addresses",
|
|
35
|
+
"tags": {
|
|
36
|
+
"type": "block_user",
|
|
37
|
+
"category": "security_response"
|
|
38
|
+
},
|
|
39
|
+
"conditions": [
|
|
40
|
+
{
|
|
41
|
+
"parameters": {
|
|
42
|
+
"inputs": [
|
|
43
|
+
{
|
|
44
|
+
"address": "usr.id"
|
|
45
|
+
}
|
|
46
|
+
],
|
|
47
|
+
"data": "blocked_users"
|
|
48
|
+
},
|
|
49
|
+
"operator": "exact_match"
|
|
50
|
+
}
|
|
51
|
+
],
|
|
52
|
+
"transformers": [],
|
|
53
|
+
"on_match": [
|
|
54
|
+
"block"
|
|
55
|
+
]
|
|
56
|
+
},
|
|
32
57
|
{
|
|
33
58
|
"id": "crs-913-110",
|
|
34
59
|
"name": "Acunetix",
|
|
35
60
|
"tags": {
|
|
36
61
|
"type": "security_scanner",
|
|
37
62
|
"crs_id": "913110",
|
|
38
|
-
"category": "attack_attempt"
|
|
63
|
+
"category": "attack_attempt",
|
|
64
|
+
"confidence": "1"
|
|
39
65
|
},
|
|
40
66
|
"conditions": [
|
|
41
67
|
{
|
|
@@ -66,7 +92,8 @@
|
|
|
66
92
|
"tags": {
|
|
67
93
|
"type": "security_scanner",
|
|
68
94
|
"crs_id": "913120",
|
|
69
|
-
"category": "attack_attempt"
|
|
95
|
+
"category": "attack_attempt",
|
|
96
|
+
"confidence": "1"
|
|
70
97
|
},
|
|
71
98
|
"conditions": [
|
|
72
99
|
{
|
|
@@ -115,7 +142,8 @@
|
|
|
115
142
|
"tags": {
|
|
116
143
|
"type": "http_protocol_violation",
|
|
117
144
|
"crs_id": "920260",
|
|
118
|
-
"category": "attack_attempt"
|
|
145
|
+
"category": "attack_attempt",
|
|
146
|
+
"confidence": "0"
|
|
119
147
|
},
|
|
120
148
|
"conditions": [
|
|
121
149
|
{
|
|
@@ -236,7 +264,8 @@
|
|
|
236
264
|
"tags": {
|
|
237
265
|
"type": "lfi",
|
|
238
266
|
"crs_id": "930100",
|
|
239
|
-
"category": "attack_attempt"
|
|
267
|
+
"category": "attack_attempt",
|
|
268
|
+
"confidence": "1"
|
|
240
269
|
},
|
|
241
270
|
"conditions": [
|
|
242
271
|
{
|
|
@@ -267,7 +296,8 @@
|
|
|
267
296
|
"tags": {
|
|
268
297
|
"type": "lfi",
|
|
269
298
|
"crs_id": "930110",
|
|
270
|
-
"category": "attack_attempt"
|
|
299
|
+
"category": "attack_attempt",
|
|
300
|
+
"confidence": "1"
|
|
271
301
|
},
|
|
272
302
|
"conditions": [
|
|
273
303
|
{
|
|
@@ -299,7 +329,8 @@
|
|
|
299
329
|
"tags": {
|
|
300
330
|
"type": "lfi",
|
|
301
331
|
"crs_id": "930120",
|
|
302
|
-
"category": "attack_attempt"
|
|
332
|
+
"category": "attack_attempt",
|
|
333
|
+
"confidence": "1"
|
|
303
334
|
},
|
|
304
335
|
"conditions": [
|
|
305
336
|
{
|
|
@@ -1760,7 +1791,8 @@
|
|
|
1760
1791
|
"tags": {
|
|
1761
1792
|
"type": "rfi",
|
|
1762
1793
|
"crs_id": "931110",
|
|
1763
|
-
"category": "attack_attempt"
|
|
1794
|
+
"category": "attack_attempt",
|
|
1795
|
+
"confidence": "1"
|
|
1764
1796
|
},
|
|
1765
1797
|
"conditions": [
|
|
1766
1798
|
{
|
|
@@ -1819,7 +1851,8 @@
|
|
|
1819
1851
|
"tags": {
|
|
1820
1852
|
"type": "command_injection",
|
|
1821
1853
|
"crs_id": "932160",
|
|
1822
|
-
"category": "attack_attempt"
|
|
1854
|
+
"category": "attack_attempt",
|
|
1855
|
+
"confidence": "1"
|
|
1823
1856
|
},
|
|
1824
1857
|
"conditions": [
|
|
1825
1858
|
{
|
|
@@ -2322,7 +2355,8 @@
|
|
|
2322
2355
|
"tags": {
|
|
2323
2356
|
"type": "command_injection",
|
|
2324
2357
|
"crs_id": "932171",
|
|
2325
|
-
"category": "attack_attempt"
|
|
2358
|
+
"category": "attack_attempt",
|
|
2359
|
+
"confidence": "1"
|
|
2326
2360
|
},
|
|
2327
2361
|
"conditions": [
|
|
2328
2362
|
{
|
|
@@ -2361,7 +2395,8 @@
|
|
|
2361
2395
|
"tags": {
|
|
2362
2396
|
"type": "command_injection",
|
|
2363
2397
|
"crs_id": "932180",
|
|
2364
|
-
"category": "attack_attempt"
|
|
2398
|
+
"category": "attack_attempt",
|
|
2399
|
+
"confidence": "1"
|
|
2365
2400
|
},
|
|
2366
2401
|
"conditions": [
|
|
2367
2402
|
{
|
|
@@ -2419,7 +2454,8 @@
|
|
|
2419
2454
|
"tags": {
|
|
2420
2455
|
"type": "unrestricted_file_upload",
|
|
2421
2456
|
"crs_id": "933111",
|
|
2422
|
-
"category": "attack_attempt"
|
|
2457
|
+
"category": "attack_attempt",
|
|
2458
|
+
"confidence": "1"
|
|
2423
2459
|
},
|
|
2424
2460
|
"conditions": [
|
|
2425
2461
|
{
|
|
@@ -2469,7 +2505,8 @@
|
|
|
2469
2505
|
"tags": {
|
|
2470
2506
|
"type": "php_code_injection",
|
|
2471
2507
|
"crs_id": "933130",
|
|
2472
|
-
"category": "attack_attempt"
|
|
2508
|
+
"category": "attack_attempt",
|
|
2509
|
+
"confidence": "1"
|
|
2473
2510
|
},
|
|
2474
2511
|
"conditions": [
|
|
2475
2512
|
{
|
|
@@ -2561,7 +2598,8 @@
|
|
|
2561
2598
|
"tags": {
|
|
2562
2599
|
"type": "php_code_injection",
|
|
2563
2600
|
"crs_id": "933140",
|
|
2564
|
-
"category": "attack_attempt"
|
|
2601
|
+
"category": "attack_attempt",
|
|
2602
|
+
"confidence": "1"
|
|
2565
2603
|
},
|
|
2566
2604
|
"conditions": [
|
|
2567
2605
|
{
|
|
@@ -2596,7 +2634,8 @@
|
|
|
2596
2634
|
"tags": {
|
|
2597
2635
|
"type": "php_code_injection",
|
|
2598
2636
|
"crs_id": "933150",
|
|
2599
|
-
"category": "attack_attempt"
|
|
2637
|
+
"category": "attack_attempt",
|
|
2638
|
+
"confidence": "1"
|
|
2600
2639
|
},
|
|
2601
2640
|
"conditions": [
|
|
2602
2641
|
{
|
|
@@ -2711,7 +2750,8 @@
|
|
|
2711
2750
|
"tags": {
|
|
2712
2751
|
"type": "php_code_injection",
|
|
2713
2752
|
"crs_id": "933170",
|
|
2714
|
-
"category": "attack_attempt"
|
|
2753
|
+
"category": "attack_attempt",
|
|
2754
|
+
"confidence": "1"
|
|
2715
2755
|
},
|
|
2716
2756
|
"conditions": [
|
|
2717
2757
|
{
|
|
@@ -2824,7 +2864,8 @@
|
|
|
2824
2864
|
"tags": {
|
|
2825
2865
|
"type": "js_code_injection",
|
|
2826
2866
|
"crs_id": "934101",
|
|
2827
|
-
"category": "attack_attempt"
|
|
2867
|
+
"category": "attack_attempt",
|
|
2868
|
+
"confidence": "1"
|
|
2828
2869
|
},
|
|
2829
2870
|
"conditions": [
|
|
2830
2871
|
{
|
|
@@ -2860,7 +2901,8 @@
|
|
|
2860
2901
|
"tags": {
|
|
2861
2902
|
"type": "xss",
|
|
2862
2903
|
"crs_id": "941110",
|
|
2863
|
-
"category": "attack_attempt"
|
|
2904
|
+
"category": "attack_attempt",
|
|
2905
|
+
"confidence": "1"
|
|
2864
2906
|
},
|
|
2865
2907
|
"conditions": [
|
|
2866
2908
|
{
|
|
@@ -2909,7 +2951,8 @@
|
|
|
2909
2951
|
"tags": {
|
|
2910
2952
|
"type": "xss",
|
|
2911
2953
|
"crs_id": "941120",
|
|
2912
|
-
"category": "attack_attempt"
|
|
2954
|
+
"category": "attack_attempt",
|
|
2955
|
+
"confidence": "1"
|
|
2913
2956
|
},
|
|
2914
2957
|
"conditions": [
|
|
2915
2958
|
{
|
|
@@ -2958,7 +3001,8 @@
|
|
|
2958
3001
|
"tags": {
|
|
2959
3002
|
"type": "xss",
|
|
2960
3003
|
"crs_id": "941140",
|
|
2961
|
-
"category": "attack_attempt"
|
|
3004
|
+
"category": "attack_attempt",
|
|
3005
|
+
"confidence": "1"
|
|
2962
3006
|
},
|
|
2963
3007
|
"conditions": [
|
|
2964
3008
|
{
|
|
@@ -3007,7 +3051,8 @@
|
|
|
3007
3051
|
"tags": {
|
|
3008
3052
|
"type": "xss",
|
|
3009
3053
|
"crs_id": "941170",
|
|
3010
|
-
"category": "attack_attempt"
|
|
3054
|
+
"category": "attack_attempt",
|
|
3055
|
+
"confidence": "1"
|
|
3011
3056
|
},
|
|
3012
3057
|
"conditions": [
|
|
3013
3058
|
{
|
|
@@ -3096,7 +3141,8 @@
|
|
|
3096
3141
|
"tags": {
|
|
3097
3142
|
"type": "xss",
|
|
3098
3143
|
"crs_id": "941200",
|
|
3099
|
-
"category": "attack_attempt"
|
|
3144
|
+
"category": "attack_attempt",
|
|
3145
|
+
"confidence": "1"
|
|
3100
3146
|
},
|
|
3101
3147
|
"conditions": [
|
|
3102
3148
|
{
|
|
@@ -3134,7 +3180,8 @@
|
|
|
3134
3180
|
"tags": {
|
|
3135
3181
|
"type": "xss",
|
|
3136
3182
|
"crs_id": "941210",
|
|
3137
|
-
"category": "attack_attempt"
|
|
3183
|
+
"category": "attack_attempt",
|
|
3184
|
+
"confidence": "1"
|
|
3138
3185
|
},
|
|
3139
3186
|
"conditions": [
|
|
3140
3187
|
{
|
|
@@ -3172,7 +3219,8 @@
|
|
|
3172
3219
|
"tags": {
|
|
3173
3220
|
"type": "xss",
|
|
3174
3221
|
"crs_id": "941220",
|
|
3175
|
-
"category": "attack_attempt"
|
|
3222
|
+
"category": "attack_attempt",
|
|
3223
|
+
"confidence": "1"
|
|
3176
3224
|
},
|
|
3177
3225
|
"conditions": [
|
|
3178
3226
|
{
|
|
@@ -3210,7 +3258,8 @@
|
|
|
3210
3258
|
"tags": {
|
|
3211
3259
|
"type": "xss",
|
|
3212
3260
|
"crs_id": "941230",
|
|
3213
|
-
"category": "attack_attempt"
|
|
3261
|
+
"category": "attack_attempt",
|
|
3262
|
+
"confidence": "1"
|
|
3214
3263
|
},
|
|
3215
3264
|
"conditions": [
|
|
3216
3265
|
{
|
|
@@ -3247,7 +3296,8 @@
|
|
|
3247
3296
|
"tags": {
|
|
3248
3297
|
"type": "xss",
|
|
3249
3298
|
"crs_id": "941240",
|
|
3250
|
-
"category": "attack_attempt"
|
|
3299
|
+
"category": "attack_attempt",
|
|
3300
|
+
"confidence": "1"
|
|
3251
3301
|
},
|
|
3252
3302
|
"conditions": [
|
|
3253
3303
|
{
|
|
@@ -3323,7 +3373,8 @@
|
|
|
3323
3373
|
"tags": {
|
|
3324
3374
|
"type": "xss",
|
|
3325
3375
|
"crs_id": "941280",
|
|
3326
|
-
"category": "attack_attempt"
|
|
3376
|
+
"category": "attack_attempt",
|
|
3377
|
+
"confidence": "1"
|
|
3327
3378
|
},
|
|
3328
3379
|
"conditions": [
|
|
3329
3380
|
{
|
|
@@ -3360,7 +3411,8 @@
|
|
|
3360
3411
|
"tags": {
|
|
3361
3412
|
"type": "xss",
|
|
3362
3413
|
"crs_id": "941290",
|
|
3363
|
-
"category": "attack_attempt"
|
|
3414
|
+
"category": "attack_attempt",
|
|
3415
|
+
"confidence": "1"
|
|
3364
3416
|
},
|
|
3365
3417
|
"conditions": [
|
|
3366
3418
|
{
|
|
@@ -3397,7 +3449,8 @@
|
|
|
3397
3449
|
"tags": {
|
|
3398
3450
|
"type": "xss",
|
|
3399
3451
|
"crs_id": "941300",
|
|
3400
|
-
"category": "attack_attempt"
|
|
3452
|
+
"category": "attack_attempt",
|
|
3453
|
+
"confidence": "1"
|
|
3401
3454
|
},
|
|
3402
3455
|
"conditions": [
|
|
3403
3456
|
{
|
|
@@ -3434,7 +3487,8 @@
|
|
|
3434
3487
|
"tags": {
|
|
3435
3488
|
"type": "xss",
|
|
3436
3489
|
"crs_id": "941350",
|
|
3437
|
-
"category": "attack_attempt"
|
|
3490
|
+
"category": "attack_attempt",
|
|
3491
|
+
"confidence": "1"
|
|
3438
3492
|
},
|
|
3439
3493
|
"conditions": [
|
|
3440
3494
|
{
|
|
@@ -3506,7 +3560,8 @@
|
|
|
3506
3560
|
"tags": {
|
|
3507
3561
|
"type": "xss",
|
|
3508
3562
|
"crs_id": "941390",
|
|
3509
|
-
"category": "attack_attempt"
|
|
3563
|
+
"category": "attack_attempt",
|
|
3564
|
+
"confidence": "1"
|
|
3510
3565
|
},
|
|
3511
3566
|
"conditions": [
|
|
3512
3567
|
{
|
|
@@ -3575,7 +3630,8 @@
|
|
|
3575
3630
|
"tags": {
|
|
3576
3631
|
"type": "sql_injection",
|
|
3577
3632
|
"crs_id": "942160",
|
|
3578
|
-
"category": "attack_attempt"
|
|
3633
|
+
"category": "attack_attempt",
|
|
3634
|
+
"confidence": "1"
|
|
3579
3635
|
},
|
|
3580
3636
|
"conditions": [
|
|
3581
3637
|
{
|
|
@@ -3611,7 +3667,8 @@
|
|
|
3611
3667
|
"tags": {
|
|
3612
3668
|
"type": "sql_injection",
|
|
3613
3669
|
"crs_id": "942240",
|
|
3614
|
-
"category": "attack_attempt"
|
|
3670
|
+
"category": "attack_attempt",
|
|
3671
|
+
"confidence": "1"
|
|
3615
3672
|
},
|
|
3616
3673
|
"conditions": [
|
|
3617
3674
|
{
|
|
@@ -3717,7 +3774,8 @@
|
|
|
3717
3774
|
"tags": {
|
|
3718
3775
|
"type": "sql_injection",
|
|
3719
3776
|
"crs_id": "942280",
|
|
3720
|
-
"category": "attack_attempt"
|
|
3777
|
+
"category": "attack_attempt",
|
|
3778
|
+
"confidence": "1"
|
|
3721
3779
|
},
|
|
3722
3780
|
"conditions": [
|
|
3723
3781
|
{
|
|
@@ -3861,7 +3919,8 @@
|
|
|
3861
3919
|
"tags": {
|
|
3862
3920
|
"type": "http_protocol_violation",
|
|
3863
3921
|
"crs_id": "943100",
|
|
3864
|
-
"category": "attack_attempt"
|
|
3922
|
+
"category": "attack_attempt",
|
|
3923
|
+
"confidence": "1"
|
|
3865
3924
|
},
|
|
3866
3925
|
"conditions": [
|
|
3867
3926
|
{
|
|
@@ -3894,7 +3953,8 @@
|
|
|
3894
3953
|
"tags": {
|
|
3895
3954
|
"type": "java_code_injection",
|
|
3896
3955
|
"crs_id": "944100",
|
|
3897
|
-
"category": "attack_attempt"
|
|
3956
|
+
"category": "attack_attempt",
|
|
3957
|
+
"confidence": "1"
|
|
3898
3958
|
},
|
|
3899
3959
|
"conditions": [
|
|
3900
3960
|
{
|
|
@@ -4084,7 +4144,8 @@
|
|
|
4084
4144
|
"tags": {
|
|
4085
4145
|
"type": "java_code_injection",
|
|
4086
4146
|
"crs_id": "944260",
|
|
4087
|
-
"category": "attack_attempt"
|
|
4147
|
+
"category": "attack_attempt",
|
|
4148
|
+
"confidence": "1"
|
|
4088
4149
|
},
|
|
4089
4150
|
"conditions": [
|
|
4090
4151
|
{
|
|
@@ -4192,7 +4253,8 @@
|
|
|
4192
4253
|
"name": "OGNL - Detect OGNL exploitation primitives",
|
|
4193
4254
|
"tags": {
|
|
4194
4255
|
"type": "java_code_injection",
|
|
4195
|
-
"category": "attack_attempt"
|
|
4256
|
+
"category": "attack_attempt",
|
|
4257
|
+
"confidence": "1"
|
|
4196
4258
|
},
|
|
4197
4259
|
"conditions": [
|
|
4198
4260
|
{
|
|
@@ -4229,7 +4291,8 @@
|
|
|
4229
4291
|
"name": "Spring4Shell - Attempts to exploit the Spring4shell vulnerability",
|
|
4230
4292
|
"tags": {
|
|
4231
4293
|
"type": "exploit_detection",
|
|
4232
|
-
"category": "attack_attempt"
|
|
4294
|
+
"category": "attack_attempt",
|
|
4295
|
+
"confidence": "1"
|
|
4233
4296
|
},
|
|
4234
4297
|
"conditions": [
|
|
4235
4298
|
{
|
|
@@ -4256,7 +4319,8 @@
|
|
|
4256
4319
|
"name": "Node.js: Prototype pollution through __proto__",
|
|
4257
4320
|
"tags": {
|
|
4258
4321
|
"type": "js_code_injection",
|
|
4259
|
-
"category": "attack_attempt"
|
|
4322
|
+
"category": "attack_attempt",
|
|
4323
|
+
"confidence": "1"
|
|
4260
4324
|
},
|
|
4261
4325
|
"conditions": [
|
|
4262
4326
|
{
|
|
@@ -4283,7 +4347,8 @@
|
|
|
4283
4347
|
"name": "Node.js: Prototype pollution through constructor.prototype",
|
|
4284
4348
|
"tags": {
|
|
4285
4349
|
"type": "js_code_injection",
|
|
4286
|
-
"category": "attack_attempt"
|
|
4350
|
+
"category": "attack_attempt",
|
|
4351
|
+
"confidence": "1"
|
|
4287
4352
|
},
|
|
4288
4353
|
"conditions": [
|
|
4289
4354
|
{
|
|
@@ -4324,7 +4389,8 @@
|
|
|
4324
4389
|
"name": "Server side template injection: Velocity & Freemarker",
|
|
4325
4390
|
"tags": {
|
|
4326
4391
|
"type": "java_code_injection",
|
|
4327
|
-
"category": "attack_attempt"
|
|
4392
|
+
"category": "attack_attempt",
|
|
4393
|
+
"confidence": "1"
|
|
4328
4394
|
},
|
|
4329
4395
|
"conditions": [
|
|
4330
4396
|
{
|
|
@@ -4358,7 +4424,8 @@
|
|
|
4358
4424
|
"name": "RFI: URL Payload to well known RFI target",
|
|
4359
4425
|
"tags": {
|
|
4360
4426
|
"type": "rfi",
|
|
4361
|
-
"category": "attack_attempt"
|
|
4427
|
+
"category": "attack_attempt",
|
|
4428
|
+
"confidence": "1"
|
|
4362
4429
|
},
|
|
4363
4430
|
"conditions": [
|
|
4364
4431
|
{
|
|
@@ -4390,7 +4457,8 @@
|
|
|
4390
4457
|
"name": "Detect common directory discovery scans",
|
|
4391
4458
|
"tags": {
|
|
4392
4459
|
"type": "security_scanner",
|
|
4393
|
-
"category": "attack_attempt"
|
|
4460
|
+
"category": "attack_attempt",
|
|
4461
|
+
"confidence": "1"
|
|
4394
4462
|
},
|
|
4395
4463
|
"conditions": [
|
|
4396
4464
|
{
|
|
@@ -4624,7 +4692,8 @@
|
|
|
4624
4692
|
"name": "Detect failed attempt to fetch readme files",
|
|
4625
4693
|
"tags": {
|
|
4626
4694
|
"type": "security_scanner",
|
|
4627
|
-
"category": "attack_attempt"
|
|
4695
|
+
"category": "attack_attempt",
|
|
4696
|
+
"confidence": "1"
|
|
4628
4697
|
},
|
|
4629
4698
|
"conditions": [
|
|
4630
4699
|
{
|
|
@@ -4663,7 +4732,8 @@
|
|
|
4663
4732
|
"name": "Detect failed attempt to fetch Java EE resource files",
|
|
4664
4733
|
"tags": {
|
|
4665
4734
|
"type": "security_scanner",
|
|
4666
|
-
"category": "attack_attempt"
|
|
4735
|
+
"category": "attack_attempt",
|
|
4736
|
+
"confidence": "1"
|
|
4667
4737
|
},
|
|
4668
4738
|
"conditions": [
|
|
4669
4739
|
{
|
|
@@ -4702,7 +4772,8 @@
|
|
|
4702
4772
|
"name": "Detect failed attempt to fetch code files",
|
|
4703
4773
|
"tags": {
|
|
4704
4774
|
"type": "security_scanner",
|
|
4705
|
-
"category": "attack_attempt"
|
|
4775
|
+
"category": "attack_attempt",
|
|
4776
|
+
"confidence": "1"
|
|
4706
4777
|
},
|
|
4707
4778
|
"conditions": [
|
|
4708
4779
|
{
|
|
@@ -4741,7 +4812,8 @@
|
|
|
4741
4812
|
"name": "Detect failed attempt to fetch source code archives",
|
|
4742
4813
|
"tags": {
|
|
4743
4814
|
"type": "security_scanner",
|
|
4744
|
-
"category": "attack_attempt"
|
|
4815
|
+
"category": "attack_attempt",
|
|
4816
|
+
"confidence": "1"
|
|
4745
4817
|
},
|
|
4746
4818
|
"conditions": [
|
|
4747
4819
|
{
|
|
@@ -4780,7 +4852,8 @@
|
|
|
4780
4852
|
"name": "Detect failed attempt to fetch sensitive files",
|
|
4781
4853
|
"tags": {
|
|
4782
4854
|
"type": "security_scanner",
|
|
4783
|
-
"category": "attack_attempt"
|
|
4855
|
+
"category": "attack_attempt",
|
|
4856
|
+
"confidence": "1"
|
|
4784
4857
|
},
|
|
4785
4858
|
"conditions": [
|
|
4786
4859
|
{
|
|
@@ -4819,7 +4892,8 @@
|
|
|
4819
4892
|
"name": "Detect failed attempt to fetch archives",
|
|
4820
4893
|
"tags": {
|
|
4821
4894
|
"type": "security_scanner",
|
|
4822
|
-
"category": "attack_attempt"
|
|
4895
|
+
"category": "attack_attempt",
|
|
4896
|
+
"confidence": "1"
|
|
4823
4897
|
},
|
|
4824
4898
|
"conditions": [
|
|
4825
4899
|
{
|
|
@@ -4858,7 +4932,8 @@
|
|
|
4858
4932
|
"name": "Detect failed attempt to trigger incorrect application behavior",
|
|
4859
4933
|
"tags": {
|
|
4860
4934
|
"type": "security_scanner",
|
|
4861
|
-
"category": "attack_attempt"
|
|
4935
|
+
"category": "attack_attempt",
|
|
4936
|
+
"confidence": "1"
|
|
4862
4937
|
},
|
|
4863
4938
|
"conditions": [
|
|
4864
4939
|
{
|
|
@@ -4897,7 +4972,8 @@
|
|
|
4897
4972
|
"name": "Detect failed attempt to leak the structure of the application",
|
|
4898
4973
|
"tags": {
|
|
4899
4974
|
"type": "security_scanner",
|
|
4900
|
-
"category": "attack_attempt"
|
|
4975
|
+
"category": "attack_attempt",
|
|
4976
|
+
"confidence": "1"
|
|
4901
4977
|
},
|
|
4902
4978
|
"conditions": [
|
|
4903
4979
|
{
|
|
@@ -4936,7 +5012,8 @@
|
|
|
4936
5012
|
"name": "SSRF: Try to access the credential manager of the main cloud services",
|
|
4937
5013
|
"tags": {
|
|
4938
5014
|
"type": "ssrf",
|
|
4939
|
-
"category": "attack_attempt"
|
|
5015
|
+
"category": "attack_attempt",
|
|
5016
|
+
"confidence": "1"
|
|
4940
5017
|
},
|
|
4941
5018
|
"conditions": [
|
|
4942
5019
|
{
|
|
@@ -5038,7 +5115,8 @@
|
|
|
5038
5115
|
"name": "Windows: Detect attempts to exfiltrate .ini files",
|
|
5039
5116
|
"tags": {
|
|
5040
5117
|
"type": "command_injection",
|
|
5041
|
-
"category": "attack_attempt"
|
|
5118
|
+
"category": "attack_attempt",
|
|
5119
|
+
"confidence": "1"
|
|
5042
5120
|
},
|
|
5043
5121
|
"conditions": [
|
|
5044
5122
|
{
|
|
@@ -5072,7 +5150,8 @@
|
|
|
5072
5150
|
"name": "Linux: Detect attempts to exfiltrate passwd files",
|
|
5073
5151
|
"tags": {
|
|
5074
5152
|
"type": "command_injection",
|
|
5075
|
-
"category": "attack_attempt"
|
|
5153
|
+
"category": "attack_attempt",
|
|
5154
|
+
"confidence": "1"
|
|
5076
5155
|
},
|
|
5077
5156
|
"conditions": [
|
|
5078
5157
|
{
|
|
@@ -5106,7 +5185,8 @@
|
|
|
5106
5185
|
"name": "Windows: Detect attempts to timeout a shell",
|
|
5107
5186
|
"tags": {
|
|
5108
5187
|
"type": "command_injection",
|
|
5109
|
-
"category": "attack_attempt"
|
|
5188
|
+
"category": "attack_attempt",
|
|
5189
|
+
"confidence": "1"
|
|
5110
5190
|
},
|
|
5111
5191
|
"conditions": [
|
|
5112
5192
|
{
|
|
@@ -5140,7 +5220,8 @@
|
|
|
5140
5220
|
"name": "SSRF: Try to access internal OMI service (CVE-2021-38647)",
|
|
5141
5221
|
"tags": {
|
|
5142
5222
|
"type": "ssrf",
|
|
5143
|
-
"category": "attack_attempt"
|
|
5223
|
+
"category": "attack_attempt",
|
|
5224
|
+
"confidence": "1"
|
|
5144
5225
|
},
|
|
5145
5226
|
"conditions": [
|
|
5146
5227
|
{
|
|
@@ -5174,7 +5255,8 @@
|
|
|
5174
5255
|
"name": "SSRF: Detect SSRF attempt on internal service",
|
|
5175
5256
|
"tags": {
|
|
5176
5257
|
"type": "ssrf",
|
|
5177
|
-
"category": "attack_attempt"
|
|
5258
|
+
"category": "attack_attempt",
|
|
5259
|
+
"confidence": "0"
|
|
5178
5260
|
},
|
|
5179
5261
|
"conditions": [
|
|
5180
5262
|
{
|
|
@@ -5207,7 +5289,8 @@
|
|
|
5207
5289
|
"name": "SSRF: Detect SSRF attempts using IPv6 or octal/hexdecimal obfuscation",
|
|
5208
5290
|
"tags": {
|
|
5209
5291
|
"type": "ssrf",
|
|
5210
|
-
"category": "attack_attempt"
|
|
5292
|
+
"category": "attack_attempt",
|
|
5293
|
+
"confidence": "0"
|
|
5211
5294
|
},
|
|
5212
5295
|
"conditions": [
|
|
5213
5296
|
{
|
|
@@ -5240,7 +5323,8 @@
|
|
|
5240
5323
|
"name": "SSRF: Detect SSRF domain redirection bypass",
|
|
5241
5324
|
"tags": {
|
|
5242
5325
|
"type": "ssrf",
|
|
5243
|
-
"category": "attack_attempt"
|
|
5326
|
+
"category": "attack_attempt",
|
|
5327
|
+
"confidence": "1"
|
|
5244
5328
|
},
|
|
5245
5329
|
"conditions": [
|
|
5246
5330
|
{
|
|
@@ -5276,7 +5360,8 @@
|
|
|
5276
5360
|
"name": "SSRF: Detect SSRF attempt using non HTTP protocol",
|
|
5277
5361
|
"tags": {
|
|
5278
5362
|
"type": "ssrf",
|
|
5279
|
-
"category": "attack_attempt"
|
|
5363
|
+
"category": "attack_attempt",
|
|
5364
|
+
"confidence": "0"
|
|
5280
5365
|
},
|
|
5281
5366
|
"conditions": [
|
|
5282
5367
|
{
|
|
@@ -5312,7 +5397,8 @@
|
|
|
5312
5397
|
"name": "Log4shell: Attempt to exploit log4j CVE-2021-44228",
|
|
5313
5398
|
"tags": {
|
|
5314
5399
|
"type": "exploit_detection",
|
|
5315
|
-
"category": "attack_attempt"
|
|
5400
|
+
"category": "attack_attempt",
|
|
5401
|
+
"confidence": "1"
|
|
5316
5402
|
},
|
|
5317
5403
|
"conditions": [
|
|
5318
5404
|
{
|
|
@@ -5349,7 +5435,8 @@
|
|
|
5349
5435
|
"name": "Joomla exploitation tool",
|
|
5350
5436
|
"tags": {
|
|
5351
5437
|
"type": "security_scanner",
|
|
5352
|
-
"category": "attack_attempt"
|
|
5438
|
+
"category": "attack_attempt",
|
|
5439
|
+
"confidence": "1"
|
|
5353
5440
|
},
|
|
5354
5441
|
"conditions": [
|
|
5355
5442
|
{
|
|
@@ -5374,7 +5461,8 @@
|
|
|
5374
5461
|
"name": "Nessus",
|
|
5375
5462
|
"tags": {
|
|
5376
5463
|
"type": "security_scanner",
|
|
5377
|
-
"category": "attack_attempt"
|
|
5464
|
+
"category": "attack_attempt",
|
|
5465
|
+
"confidence": "1"
|
|
5378
5466
|
},
|
|
5379
5467
|
"conditions": [
|
|
5380
5468
|
{
|
|
@@ -5399,7 +5487,8 @@
|
|
|
5399
5487
|
"name": "Arachni",
|
|
5400
5488
|
"tags": {
|
|
5401
5489
|
"type": "security_scanner",
|
|
5402
|
-
"category": "attack_attempt"
|
|
5490
|
+
"category": "attack_attempt",
|
|
5491
|
+
"confidence": "1"
|
|
5403
5492
|
},
|
|
5404
5493
|
"conditions": [
|
|
5405
5494
|
{
|
|
@@ -5424,7 +5513,8 @@
|
|
|
5424
5513
|
"name": "Jorgee",
|
|
5425
5514
|
"tags": {
|
|
5426
5515
|
"type": "security_scanner",
|
|
5427
|
-
"category": "attack_attempt"
|
|
5516
|
+
"category": "attack_attempt",
|
|
5517
|
+
"confidence": "1"
|
|
5428
5518
|
},
|
|
5429
5519
|
"conditions": [
|
|
5430
5520
|
{
|
|
@@ -5449,7 +5539,8 @@
|
|
|
5449
5539
|
"name": "Probely",
|
|
5450
5540
|
"tags": {
|
|
5451
5541
|
"type": "security_scanner",
|
|
5452
|
-
"category": "attack_attempt"
|
|
5542
|
+
"category": "attack_attempt",
|
|
5543
|
+
"confidence": "1"
|
|
5453
5544
|
},
|
|
5454
5545
|
"conditions": [
|
|
5455
5546
|
{
|
|
@@ -5474,7 +5565,8 @@
|
|
|
5474
5565
|
"name": "Metis",
|
|
5475
5566
|
"tags": {
|
|
5476
5567
|
"type": "security_scanner",
|
|
5477
|
-
"category": "attack_attempt"
|
|
5568
|
+
"category": "attack_attempt",
|
|
5569
|
+
"confidence": "1"
|
|
5478
5570
|
},
|
|
5479
5571
|
"conditions": [
|
|
5480
5572
|
{
|
|
@@ -5499,7 +5591,8 @@
|
|
|
5499
5591
|
"name": "SQL power injector",
|
|
5500
5592
|
"tags": {
|
|
5501
5593
|
"type": "security_scanner",
|
|
5502
|
-
"category": "attack_attempt"
|
|
5594
|
+
"category": "attack_attempt",
|
|
5595
|
+
"confidence": "1"
|
|
5503
5596
|
},
|
|
5504
5597
|
"conditions": [
|
|
5505
5598
|
{
|
|
@@ -5524,7 +5617,8 @@
|
|
|
5524
5617
|
"name": "N-Stealth",
|
|
5525
5618
|
"tags": {
|
|
5526
5619
|
"type": "security_scanner",
|
|
5527
|
-
"category": "attack_attempt"
|
|
5620
|
+
"category": "attack_attempt",
|
|
5621
|
+
"confidence": "1"
|
|
5528
5622
|
},
|
|
5529
5623
|
"conditions": [
|
|
5530
5624
|
{
|
|
@@ -5549,7 +5643,8 @@
|
|
|
5549
5643
|
"name": "Brutus",
|
|
5550
5644
|
"tags": {
|
|
5551
5645
|
"type": "security_scanner",
|
|
5552
|
-
"category": "attack_attempt"
|
|
5646
|
+
"category": "attack_attempt",
|
|
5647
|
+
"confidence": "1"
|
|
5553
5648
|
},
|
|
5554
5649
|
"conditions": [
|
|
5555
5650
|
{
|
|
@@ -5574,7 +5669,8 @@
|
|
|
5574
5669
|
"name": "Shellshock exploitation tool",
|
|
5575
5670
|
"tags": {
|
|
5576
5671
|
"type": "security_scanner",
|
|
5577
|
-
"category": "attack_attempt"
|
|
5672
|
+
"category": "attack_attempt",
|
|
5673
|
+
"confidence": "1"
|
|
5578
5674
|
},
|
|
5579
5675
|
"conditions": [
|
|
5580
5676
|
{
|
|
@@ -5599,7 +5695,8 @@
|
|
|
5599
5695
|
"name": "Netsparker",
|
|
5600
5696
|
"tags": {
|
|
5601
5697
|
"type": "security_scanner",
|
|
5602
|
-
"category": "attack_attempt"
|
|
5698
|
+
"category": "attack_attempt",
|
|
5699
|
+
"confidence": "1"
|
|
5603
5700
|
},
|
|
5604
5701
|
"conditions": [
|
|
5605
5702
|
{
|
|
@@ -5624,7 +5721,8 @@
|
|
|
5624
5721
|
"name": "JAASCois",
|
|
5625
5722
|
"tags": {
|
|
5626
5723
|
"type": "security_scanner",
|
|
5627
|
-
"category": "attack_attempt"
|
|
5724
|
+
"category": "attack_attempt",
|
|
5725
|
+
"confidence": "1"
|
|
5628
5726
|
},
|
|
5629
5727
|
"conditions": [
|
|
5630
5728
|
{
|
|
@@ -5649,7 +5747,8 @@
|
|
|
5649
5747
|
"name": "PMAFind",
|
|
5650
5748
|
"tags": {
|
|
5651
5749
|
"type": "security_scanner",
|
|
5652
|
-
"category": "attack_attempt"
|
|
5750
|
+
"category": "attack_attempt",
|
|
5751
|
+
"confidence": "1"
|
|
5653
5752
|
},
|
|
5654
5753
|
"conditions": [
|
|
5655
5754
|
{
|
|
@@ -5674,7 +5773,8 @@
|
|
|
5674
5773
|
"name": "Webtrends",
|
|
5675
5774
|
"tags": {
|
|
5676
5775
|
"type": "security_scanner",
|
|
5677
|
-
"category": "attack_attempt"
|
|
5776
|
+
"category": "attack_attempt",
|
|
5777
|
+
"confidence": "1"
|
|
5678
5778
|
},
|
|
5679
5779
|
"conditions": [
|
|
5680
5780
|
{
|
|
@@ -5699,7 +5799,8 @@
|
|
|
5699
5799
|
"name": "Nsauditor",
|
|
5700
5800
|
"tags": {
|
|
5701
5801
|
"type": "security_scanner",
|
|
5702
|
-
"category": "attack_attempt"
|
|
5802
|
+
"category": "attack_attempt",
|
|
5803
|
+
"confidence": "1"
|
|
5703
5804
|
},
|
|
5704
5805
|
"conditions": [
|
|
5705
5806
|
{
|
|
@@ -5724,7 +5825,8 @@
|
|
|
5724
5825
|
"name": "Paros",
|
|
5725
5826
|
"tags": {
|
|
5726
5827
|
"type": "security_scanner",
|
|
5727
|
-
"category": "attack_attempt"
|
|
5828
|
+
"category": "attack_attempt",
|
|
5829
|
+
"confidence": "1"
|
|
5728
5830
|
},
|
|
5729
5831
|
"conditions": [
|
|
5730
5832
|
{
|
|
@@ -5749,7 +5851,8 @@
|
|
|
5749
5851
|
"name": "DirBuster",
|
|
5750
5852
|
"tags": {
|
|
5751
5853
|
"type": "security_scanner",
|
|
5752
|
-
"category": "attack_attempt"
|
|
5854
|
+
"category": "attack_attempt",
|
|
5855
|
+
"confidence": "1"
|
|
5753
5856
|
},
|
|
5754
5857
|
"conditions": [
|
|
5755
5858
|
{
|
|
@@ -5774,7 +5877,8 @@
|
|
|
5774
5877
|
"name": "Pangolin",
|
|
5775
5878
|
"tags": {
|
|
5776
5879
|
"type": "security_scanner",
|
|
5777
|
-
"category": "attack_attempt"
|
|
5880
|
+
"category": "attack_attempt",
|
|
5881
|
+
"confidence": "1"
|
|
5778
5882
|
},
|
|
5779
5883
|
"conditions": [
|
|
5780
5884
|
{
|
|
@@ -5799,7 +5903,8 @@
|
|
|
5799
5903
|
"name": "Qualys",
|
|
5800
5904
|
"tags": {
|
|
5801
5905
|
"type": "security_scanner",
|
|
5802
|
-
"category": "attack_attempt"
|
|
5906
|
+
"category": "attack_attempt",
|
|
5907
|
+
"confidence": "1"
|
|
5803
5908
|
},
|
|
5804
5909
|
"conditions": [
|
|
5805
5910
|
{
|
|
@@ -5824,7 +5929,8 @@
|
|
|
5824
5929
|
"name": "SQLNinja",
|
|
5825
5930
|
"tags": {
|
|
5826
5931
|
"type": "security_scanner",
|
|
5827
|
-
"category": "attack_attempt"
|
|
5932
|
+
"category": "attack_attempt",
|
|
5933
|
+
"confidence": "1"
|
|
5828
5934
|
},
|
|
5829
5935
|
"conditions": [
|
|
5830
5936
|
{
|
|
@@ -5849,7 +5955,8 @@
|
|
|
5849
5955
|
"name": "Nikto",
|
|
5850
5956
|
"tags": {
|
|
5851
5957
|
"type": "security_scanner",
|
|
5852
|
-
"category": "attack_attempt"
|
|
5958
|
+
"category": "attack_attempt",
|
|
5959
|
+
"confidence": "1"
|
|
5853
5960
|
},
|
|
5854
5961
|
"conditions": [
|
|
5855
5962
|
{
|
|
@@ -5874,7 +5981,8 @@
|
|
|
5874
5981
|
"name": "WebInspect",
|
|
5875
5982
|
"tags": {
|
|
5876
5983
|
"type": "security_scanner",
|
|
5877
|
-
"category": "attack_attempt"
|
|
5984
|
+
"category": "attack_attempt",
|
|
5985
|
+
"confidence": "1"
|
|
5878
5986
|
},
|
|
5879
5987
|
"conditions": [
|
|
5880
5988
|
{
|
|
@@ -5899,7 +6007,8 @@
|
|
|
5899
6007
|
"name": "BlackWidow",
|
|
5900
6008
|
"tags": {
|
|
5901
6009
|
"type": "security_scanner",
|
|
5902
|
-
"category": "attack_attempt"
|
|
6010
|
+
"category": "attack_attempt",
|
|
6011
|
+
"confidence": "1"
|
|
5903
6012
|
},
|
|
5904
6013
|
"conditions": [
|
|
5905
6014
|
{
|
|
@@ -5924,7 +6033,8 @@
|
|
|
5924
6033
|
"name": "Grendel-Scan",
|
|
5925
6034
|
"tags": {
|
|
5926
6035
|
"type": "security_scanner",
|
|
5927
|
-
"category": "attack_attempt"
|
|
6036
|
+
"category": "attack_attempt",
|
|
6037
|
+
"confidence": "1"
|
|
5928
6038
|
},
|
|
5929
6039
|
"conditions": [
|
|
5930
6040
|
{
|
|
@@ -5949,7 +6059,8 @@
|
|
|
5949
6059
|
"name": "Havij",
|
|
5950
6060
|
"tags": {
|
|
5951
6061
|
"type": "security_scanner",
|
|
5952
|
-
"category": "attack_attempt"
|
|
6062
|
+
"category": "attack_attempt",
|
|
6063
|
+
"confidence": "1"
|
|
5953
6064
|
},
|
|
5954
6065
|
"conditions": [
|
|
5955
6066
|
{
|
|
@@ -5974,7 +6085,8 @@
|
|
|
5974
6085
|
"name": "w3af",
|
|
5975
6086
|
"tags": {
|
|
5976
6087
|
"type": "security_scanner",
|
|
5977
|
-
"category": "attack_attempt"
|
|
6088
|
+
"category": "attack_attempt",
|
|
6089
|
+
"confidence": "1"
|
|
5978
6090
|
},
|
|
5979
6091
|
"conditions": [
|
|
5980
6092
|
{
|
|
@@ -5999,7 +6111,8 @@
|
|
|
5999
6111
|
"name": "Nmap",
|
|
6000
6112
|
"tags": {
|
|
6001
6113
|
"type": "security_scanner",
|
|
6002
|
-
"category": "attack_attempt"
|
|
6114
|
+
"category": "attack_attempt",
|
|
6115
|
+
"confidence": "1"
|
|
6003
6116
|
},
|
|
6004
6117
|
"conditions": [
|
|
6005
6118
|
{
|
|
@@ -6024,7 +6137,8 @@
|
|
|
6024
6137
|
"name": "Nessus Scripted",
|
|
6025
6138
|
"tags": {
|
|
6026
6139
|
"type": "security_scanner",
|
|
6027
|
-
"category": "attack_attempt"
|
|
6140
|
+
"category": "attack_attempt",
|
|
6141
|
+
"confidence": "1"
|
|
6028
6142
|
},
|
|
6029
6143
|
"conditions": [
|
|
6030
6144
|
{
|
|
@@ -6049,7 +6163,8 @@
|
|
|
6049
6163
|
"name": "Evil Scanner",
|
|
6050
6164
|
"tags": {
|
|
6051
6165
|
"type": "security_scanner",
|
|
6052
|
-
"category": "attack_attempt"
|
|
6166
|
+
"category": "attack_attempt",
|
|
6167
|
+
"confidence": "1"
|
|
6053
6168
|
},
|
|
6054
6169
|
"conditions": [
|
|
6055
6170
|
{
|
|
@@ -6074,7 +6189,8 @@
|
|
|
6074
6189
|
"name": "WebFuck",
|
|
6075
6190
|
"tags": {
|
|
6076
6191
|
"type": "security_scanner",
|
|
6077
|
-
"category": "attack_attempt"
|
|
6192
|
+
"category": "attack_attempt",
|
|
6193
|
+
"confidence": "1"
|
|
6078
6194
|
},
|
|
6079
6195
|
"conditions": [
|
|
6080
6196
|
{
|
|
@@ -6099,7 +6215,8 @@
|
|
|
6099
6215
|
"name": "OpenVAS",
|
|
6100
6216
|
"tags": {
|
|
6101
6217
|
"type": "security_scanner",
|
|
6102
|
-
"category": "attack_attempt"
|
|
6218
|
+
"category": "attack_attempt",
|
|
6219
|
+
"confidence": "1"
|
|
6103
6220
|
},
|
|
6104
6221
|
"conditions": [
|
|
6105
6222
|
{
|
|
@@ -6124,7 +6241,8 @@
|
|
|
6124
6241
|
"name": "Spider-Pig",
|
|
6125
6242
|
"tags": {
|
|
6126
6243
|
"type": "security_scanner",
|
|
6127
|
-
"category": "attack_attempt"
|
|
6244
|
+
"category": "attack_attempt",
|
|
6245
|
+
"confidence": "1"
|
|
6128
6246
|
},
|
|
6129
6247
|
"conditions": [
|
|
6130
6248
|
{
|
|
@@ -6149,7 +6267,8 @@
|
|
|
6149
6267
|
"name": "Zgrab",
|
|
6150
6268
|
"tags": {
|
|
6151
6269
|
"type": "security_scanner",
|
|
6152
|
-
"category": "attack_attempt"
|
|
6270
|
+
"category": "attack_attempt",
|
|
6271
|
+
"confidence": "1"
|
|
6153
6272
|
},
|
|
6154
6273
|
"conditions": [
|
|
6155
6274
|
{
|
|
@@ -6174,7 +6293,8 @@
|
|
|
6174
6293
|
"name": "Zmeu",
|
|
6175
6294
|
"tags": {
|
|
6176
6295
|
"type": "security_scanner",
|
|
6177
|
-
"category": "attack_attempt"
|
|
6296
|
+
"category": "attack_attempt",
|
|
6297
|
+
"confidence": "1"
|
|
6178
6298
|
},
|
|
6179
6299
|
"conditions": [
|
|
6180
6300
|
{
|
|
@@ -6199,7 +6319,8 @@
|
|
|
6199
6319
|
"name": "Crowdstrike",
|
|
6200
6320
|
"tags": {
|
|
6201
6321
|
"type": "security_scanner",
|
|
6202
|
-
"category": "attack_attempt"
|
|
6322
|
+
"category": "attack_attempt",
|
|
6323
|
+
"confidence": "1"
|
|
6203
6324
|
},
|
|
6204
6325
|
"conditions": [
|
|
6205
6326
|
{
|
|
@@ -6224,7 +6345,8 @@
|
|
|
6224
6345
|
"name": "GoogleSecurityScanner",
|
|
6225
6346
|
"tags": {
|
|
6226
6347
|
"type": "security_scanner",
|
|
6227
|
-
"category": "attack_attempt"
|
|
6348
|
+
"category": "attack_attempt",
|
|
6349
|
+
"confidence": "1"
|
|
6228
6350
|
},
|
|
6229
6351
|
"conditions": [
|
|
6230
6352
|
{
|
|
@@ -6249,7 +6371,8 @@
|
|
|
6249
6371
|
"name": "Commix",
|
|
6250
6372
|
"tags": {
|
|
6251
6373
|
"type": "security_scanner",
|
|
6252
|
-
"category": "attack_attempt"
|
|
6374
|
+
"category": "attack_attempt",
|
|
6375
|
+
"confidence": "1"
|
|
6253
6376
|
},
|
|
6254
6377
|
"conditions": [
|
|
6255
6378
|
{
|
|
@@ -6274,7 +6397,8 @@
|
|
|
6274
6397
|
"name": "Gobuster",
|
|
6275
6398
|
"tags": {
|
|
6276
6399
|
"type": "security_scanner",
|
|
6277
|
-
"category": "attack_attempt"
|
|
6400
|
+
"category": "attack_attempt",
|
|
6401
|
+
"confidence": "1"
|
|
6278
6402
|
},
|
|
6279
6403
|
"conditions": [
|
|
6280
6404
|
{
|
|
@@ -6299,7 +6423,8 @@
|
|
|
6299
6423
|
"name": "CGIchk",
|
|
6300
6424
|
"tags": {
|
|
6301
6425
|
"type": "security_scanner",
|
|
6302
|
-
"category": "attack_attempt"
|
|
6426
|
+
"category": "attack_attempt",
|
|
6427
|
+
"confidence": "1"
|
|
6303
6428
|
},
|
|
6304
6429
|
"conditions": [
|
|
6305
6430
|
{
|
|
@@ -6324,7 +6449,8 @@
|
|
|
6324
6449
|
"name": "FFUF",
|
|
6325
6450
|
"tags": {
|
|
6326
6451
|
"type": "security_scanner",
|
|
6327
|
-
"category": "attack_attempt"
|
|
6452
|
+
"category": "attack_attempt",
|
|
6453
|
+
"confidence": "1"
|
|
6328
6454
|
},
|
|
6329
6455
|
"conditions": [
|
|
6330
6456
|
{
|
|
@@ -6349,7 +6475,8 @@
|
|
|
6349
6475
|
"name": "Nuclei",
|
|
6350
6476
|
"tags": {
|
|
6351
6477
|
"type": "security_scanner",
|
|
6352
|
-
"category": "attack_attempt"
|
|
6478
|
+
"category": "attack_attempt",
|
|
6479
|
+
"confidence": "1"
|
|
6353
6480
|
},
|
|
6354
6481
|
"conditions": [
|
|
6355
6482
|
{
|
|
@@ -6374,7 +6501,8 @@
|
|
|
6374
6501
|
"name": "Tsunami",
|
|
6375
6502
|
"tags": {
|
|
6376
6503
|
"type": "security_scanner",
|
|
6377
|
-
"category": "attack_attempt"
|
|
6504
|
+
"category": "attack_attempt",
|
|
6505
|
+
"confidence": "1"
|
|
6378
6506
|
},
|
|
6379
6507
|
"conditions": [
|
|
6380
6508
|
{
|
|
@@ -6399,7 +6527,8 @@
|
|
|
6399
6527
|
"name": "Nimbostratus",
|
|
6400
6528
|
"tags": {
|
|
6401
6529
|
"type": "security_scanner",
|
|
6402
|
-
"category": "attack_attempt"
|
|
6530
|
+
"category": "attack_attempt",
|
|
6531
|
+
"confidence": "1"
|
|
6403
6532
|
},
|
|
6404
6533
|
"conditions": [
|
|
6405
6534
|
{
|
|
@@ -6424,7 +6553,8 @@
|
|
|
6424
6553
|
"name": "Datadog test scanner: user-agent",
|
|
6425
6554
|
"tags": {
|
|
6426
6555
|
"type": "security_scanner",
|
|
6427
|
-
"category": "attack_attempt"
|
|
6556
|
+
"category": "attack_attempt",
|
|
6557
|
+
"confidence": "1"
|
|
6428
6558
|
},
|
|
6429
6559
|
"conditions": [
|
|
6430
6560
|
{
|
|
@@ -6455,7 +6585,8 @@
|
|
|
6455
6585
|
"name": "Datadog test scanner - blocking version: user-agent",
|
|
6456
6586
|
"tags": {
|
|
6457
6587
|
"type": "security_scanner",
|
|
6458
|
-
"category": "attack_attempt"
|
|
6588
|
+
"category": "attack_attempt",
|
|
6589
|
+
"confidence": "1"
|
|
6459
6590
|
},
|
|
6460
6591
|
"conditions": [
|
|
6461
6592
|
{
|
|
@@ -6489,7 +6620,8 @@
|
|
|
6489
6620
|
"name": "Blind SQL Injection Brute Forcer",
|
|
6490
6621
|
"tags": {
|
|
6491
6622
|
"type": "security_scanner",
|
|
6492
|
-
"category": "attack_attempt"
|
|
6623
|
+
"category": "attack_attempt",
|
|
6624
|
+
"confidence": "1"
|
|
6493
6625
|
},
|
|
6494
6626
|
"conditions": [
|
|
6495
6627
|
{
|
|
@@ -6514,7 +6646,8 @@
|
|
|
6514
6646
|
"name": "Suspicious user agent",
|
|
6515
6647
|
"tags": {
|
|
6516
6648
|
"type": "security_scanner",
|
|
6517
|
-
"category": "attack_attempt"
|
|
6649
|
+
"category": "attack_attempt",
|
|
6650
|
+
"confidence": "1"
|
|
6518
6651
|
},
|
|
6519
6652
|
"conditions": [
|
|
6520
6653
|
{
|
|
@@ -6539,7 +6672,8 @@
|
|
|
6539
6672
|
"name": "SQLmap",
|
|
6540
6673
|
"tags": {
|
|
6541
6674
|
"type": "security_scanner",
|
|
6542
|
-
"category": "attack_attempt"
|
|
6675
|
+
"category": "attack_attempt",
|
|
6676
|
+
"confidence": "1"
|
|
6543
6677
|
},
|
|
6544
6678
|
"conditions": [
|
|
6545
6679
|
{
|
|
@@ -6564,7 +6698,8 @@
|
|
|
6564
6698
|
"name": "Skipfish",
|
|
6565
6699
|
"tags": {
|
|
6566
6700
|
"type": "security_scanner",
|
|
6567
|
-
"category": "attack_attempt"
|
|
6701
|
+
"category": "attack_attempt",
|
|
6702
|
+
"confidence": "1"
|
|
6568
6703
|
},
|
|
6569
6704
|
"conditions": [
|
|
6570
6705
|
{
|
|
@@ -6585,4 +6720,4 @@
|
|
|
6585
6720
|
"transformers": []
|
|
6586
6721
|
}
|
|
6587
6722
|
]
|
|
6588
|
-
}
|
|
6723
|
+
}
|