This section displays SIGMA rules belonging to category Web. It updates itself automatically when new commits are available in quasarops.
| Title | Apache Segmentation Fault |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_apache_segfault.yml |
| author | Florian Roth |
| status | |
| date | 2017/02/28 |
| description | Detects a segmentation fault error message caused by a creashing apacke worker process |
| tags |
| Title | Apache Threading Error |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_apache_threading_error.yml |
| author | Florian Roth |
| status | experimental |
| date | 2019/01/22 |
| description | Detects an issue in apache logs that reports threading related errors |
| tags |
| Title | Citrix Netscaler Attack CVE-2019-19781 |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml |
| author | Arnim Rupp, Florian Roth |
| status | experimental |
| date | 2020/01/02 |
| description | Detects CVE-2019-19781 exploitation attempt against Citrix Netscaler, Application Delivery Controller and Citrix Gateway Attack |
| tags |
| Title | Oracle WebLogic Exploit |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_cve_2018_2894_weblogic_exploit.yml |
| author | Florian Roth |
| status | experimental |
| date | 2018/07/22 |
| description | Detects access to a webshell droped into a keytore folder on the WebLogic server |
| tags | attack.t1100 attack.t1190 attack.initial_access attack.persistence attack.privilege_escalation cve.2018-2894 |
| Title | Multiple Suspicious Resp Codes Caused by Single Client |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_multiple_suspicious_resp_codes_single_source.yml |
| author | Thomas Patzke |
| status | |
| date | 2017/02/19 |
| description | Detects possible exploitation activity or bugs in a web application |
| tags |
| Title | Pulse Secure Attack CVE-2019-11510 |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_pulsesecure_cve-2019-11510.yml |
| author | Florian Roth |
| status | |
| date | 2019/11/18 |
| description | Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole |
| tags |
| Title | Source Code Enumeration Detection by Keyword |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_source_code_enumeration.yml |
| author | James Ahearn |
| status | |
| date | 2019/06/08 |
| description | Detects source code enumeration that use GET requests by keyword searches in URL strings |
| tags |
| Title | Webshell Detection by Keyword |
|---|---|
| rule_category | web |
| rule_url | https://github.com/Neo23x0/sigma/blob/master/rules/web/web_webshell_keyword.yml |
| author | Florian Roth |
| status | |
| date | 2017/02/19 |
| description | Detects webshells that use GET requests by keyword searches in URL strings |
| tags |