Tag
Web Server Error Response Spike Indicating Reconnaissance
2 rules 2 TTPsAn unusual spike in web server error codes (500, 502, 503, 504) may indicate reconnaissance activities like vulnerability scanning or fuzzing, where attackers probe for weaknesses, potentially leading to exploitation of server-side issues.
Web Server Discovery or Fuzzing Activity Detection
2 rules 2 TTPsThis rule detects potential web server discovery or fuzzing activity by identifying a high volume of HTTP GET requests resulting in 404 or 403 status codes from a single source IP address within a short timeframe, indicating attackers discovering hidden resources for targeted attacks.
Web Server Discovery or Fuzzing Activity Detected
2 rules 2 TTPsDetection of web server discovery or fuzzing activity indicated by a high volume of HTTP GET requests resulting in 404 or 403 status codes originating from a single source IP address within a short timeframe, suggesting attempts to discover hidden resources.
Web Server Discovery or Fuzzing Activity
2 rules 2 TTPsDetection of potential web server discovery or fuzzing activity characterized by a high volume of HTTP GET requests resulting in 404 or 403 status codes originating from a single source IP address within a short timeframe, indicating attackers are probing for hidden resources.