Product
Web Server Potential SQL Injection Attempt Detection
1 rule 6 TTPsThis brief details the detection of potential SQL injection (SQLi) attempts against web servers by identifying common SQLi patterns in URLs and query strings, used by threat actors for reconnaissance, data exfiltration, or command execution, aiming for sensitive information disclosure or system compromise.
Unusual Command Execution from Web Server Parent Process on Linux
2 rules 3 TTPsThis rule detects potential command execution from a web server parent process on a Linux host, indicating a possible web shell attack where adversaries exploit web server vulnerabilities to execute arbitrary commands.
Web Server Local File Inclusion Activity Detected
3 rules 4 TTPsDetection of potential Local File Inclusion (LFI) activity on web servers through HTTP GET requests attempting to access sensitive local files via directory traversal or known file paths, potentially leading to information disclosure and system compromise.
Web Server Request Command Injection Attempt
2 rules 5 TTPsDetection of potential command injection attempts via web server requests by identifying URLs containing suspicious patterns associated with command execution payloads, which attackers exploit to execute arbitrary commands on the server.
Web Server Local File Inclusion Activity
2 rules 1 TTPThis rule detects potential Local File Inclusion (LFI) exploitation on web servers by identifying HTTP GET requests attempting to access sensitive local files through directory traversal or known file paths, potentially leading to sensitive information disclosure.