Created
September 13, 2023 01:44
-
-
Save kyouheicf/b54fad669724890ea530b4e40717453a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": "8ac8bc2a661e475d940980f9317f28e1", | |
| "action": "score", | |
| "description": "911100: Method is not allowed by policy", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "53065ac9bd9449f3895f1865467a0e6a", | |
| "action": "score", | |
| "description": "913100: Found User-Agent associated with security scanner", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c22e77bece6a43f3aa437a5eda9953ce", | |
| "action": "score", | |
| "description": "913110: Found request header associated with security scanner", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "b38c7dde2d364cc2a943ffbe87d5f781", | |
| "action": "score", | |
| "description": "913120: Found request filename/argument associated with security scanner", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "e1dc43151aa34688bfa4c76b56bb8946", | |
| "action": "score", | |
| "description": "913101: Found User-Agent associated with scripting/generic HTTP client", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f29804c764374cc9958e6a39c4898c83", | |
| "action": "score", | |
| "description": "913102: Found User-Agent associated with web crawler/bot", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "bcdea4301f79449b96d4d568def6663a", | |
| "action": "score", | |
| "description": "920100: Invalid HTTP Request Line", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "366cfb3f04ee47c8b59a34908c08928c", | |
| "action": "score", | |
| "description": "920160: Content-Length HTTP header is not numeric", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "7683285d70b14023ac407b67eccbb280", | |
| "action": "score", | |
| "description": "920170: GET or HEAD Request with Body Content", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "29b8c5e3e2d54e959ae72abc58ccc9a7", | |
| "action": "score", | |
| "description": "920171: GET or HEAD Request with Transfer-Encoding", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "245d241b60b34b46be60c244f806e62a", | |
| "action": "score", | |
| "description": "920180: POST without Content-Length or Transfer-Encoding headers", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "7e22a50933244f18a3695e4e1fe97a48", | |
| "action": "score", | |
| "description": "920181: Content-Length and Transfer-Encoding headers present.", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "2bf10c44df3e4506959ed82d64218570", | |
| "action": "score", | |
| "description": "920210: Multiple/Conflicting Connection Header Data Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "c9097a1ef57d4c6d9bc56bc53ea7ea64", | |
| "action": "score", | |
| "description": "920260: Unicode Full/Half Width Abuse Attack Attempt", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "3500d96add324dcbbc0a93b2bd22c723", | |
| "action": "score", | |
| "description": "920270: Invalid character in request (null character)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "799ebd9b35cd4df29b8c70f0002870f6", | |
| "action": "score", | |
| "description": "920280: Request Missing a Host Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "1dee05151cbc450ea9979c7f524edc80", | |
| "action": "score", | |
| "description": "920290: Empty Host Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "15986447fef245bbb9a4d9767c37329d", | |
| "action": "score", | |
| "description": "920310: Request Has an Empty Accept Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "fcab8eef522e4d9fa9ebf0438f5d088e", | |
| "action": "score", | |
| "description": "920311: Request Has an Empty Accept Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "b0bc7b45e7184eb291804f710eafcfe3", | |
| "action": "score", | |
| "description": "920330: Empty User Agent Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "1873a216c3cc4318b71227943796564f", | |
| "action": "score", | |
| "description": "920340: Request Containing Content, but Missing Content-Type header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "51b8ffa2e4c04c7a9e7fc4c7ca652210", | |
| "action": "score", | |
| "description": "920350: Host header is a numeric IP address", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "b5290a5345f74bf3989c474e0eec6e4b", | |
| "action": "score", | |
| "description": "920470: Illegal Content-Type header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "596955b6baec4d4ba2a3f509956b7490", | |
| "action": "score", | |
| "description": "920420: Request content type is not allowed by policy", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "cbfb4e9bec214dd4a2d2a0a01753090b", | |
| "action": "score", | |
| "description": "920430: HTTP protocol version is not allowed by policy", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "7af6f9b6e3fc4876abb3bb4e5a170a91", | |
| "action": "score", | |
| "description": "920440: URL file extension is restricted by policy", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "74dde599db5340bf99fca8f152a801f4", | |
| "action": "score", | |
| "description": "920500: Attempt to access a backup or working file", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8038dcdca2854690bd61f4950f2c581c", | |
| "action": "score", | |
| "description": "920200: Range: Too many fields (6 or more)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "715b1459ffa3496b8f52618831bdd481", | |
| "action": "score", | |
| "description": "920201: Range: Too many fields for pdf request (63 or more)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "1ba7e9fcfa5841559dc4b7a89447c501", | |
| "action": "score", | |
| "description": "920230: Multiple URL Encoding Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "4d887b5914c64b209697214d2059fd73", | |
| "action": "score", | |
| "description": "920300: Request Missing an Accept Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "a882bfdf91b3440b83020de61d8cf992", | |
| "action": "score", | |
| "description": "920271: Invalid character in request (non printable characters)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ad801cbf1e434f849dd076ec44550b20", | |
| "action": "score", | |
| "description": "920320: Missing User Agent Header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 2 | |
| } | |
| } | |
| { | |
| "id": "aab55f434252411cb5343dfd2a08b733", | |
| "action": "score", | |
| "description": "920341: Request Containing Content Requires Content-Type header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "6fac9ca10e764e06a0e242791813a269", | |
| "action": "score", | |
| "description": "920272: Invalid character in request (outside of printable chars below ascii 127)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "733bc4b3ea2a4df1bb44f8dbccc02be6", | |
| "action": "score", | |
| "description": "920490: Request header x-up-devcap-post-charset detected in combination with prefix \\'UP\\' to User-Agent", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8ad10484462342b6b77f533924b1fdae", | |
| "action": "score", | |
| "description": "920510: Invalid Cache-Control request header", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "84536c2f52de4cc09267bbb3d8d29acc", | |
| "action": "score", | |
| "description": "920202: Range: Too many fields for pdf request (6 or more)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "a6be45d4905042b9964ff81dc12e41d2", | |
| "action": "score", | |
| "description": "920273: Invalid character in request (outside of very strict set)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ac090cd641d742b3adba4ece7f4d7e64", | |
| "action": "score", | |
| "description": "920274: Invalid character in request headers (outside of very strict set)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3dd5a240315946b09a34024c5b721e3f", | |
| "action": "score", | |
| "description": "920275: Invalid character in request headers (outside of very strict set)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ee23c15ac9a046bbbb652a54d825920f", | |
| "action": "score", | |
| "description": "920460: Abnormal character escapes in request", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f79d0d6bf2c743d69d0302d97cd0f50f", | |
| "action": "score", | |
| "description": "921110: HTTP Request Smuggling Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "809de114b5484ce382acbabf0ee5592d", | |
| "action": "score", | |
| "description": "921120: HTTP Response Splitting Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "77bf0e8a7442485eaf2b155f481d7659", | |
| "action": "score", | |
| "description": "921130: HTTP Response Splitting Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "0126f1c6245f400399d82d39bcfd6659", | |
| "action": "score", | |
| "description": "921140: HTTP Header Injection Attack via headers", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "04116d14d7524986ba314d11c8a41e11", | |
| "action": "score", | |
| "description": "921150: HTTP Header Injection Attack via payload (CR/LF detected)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "963c45ed9f284bffb6f4ca511fe5e6cc", | |
| "action": "score", | |
| "description": "921160: HTTP Header Injection Attack via payload (CR/LF and header-name detected)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "51dd0e82b65d4d1f93dda58c5fae3f6b", | |
| "action": "score", | |
| "description": "921190: HTTP Splitting (CR/LF in request filename detected)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c966380737654b0abec157f24974ad9a", | |
| "action": "score", | |
| "description": "921200: LDAP Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ece59613164c46b89d51c29996bfe867", | |
| "action": "score", | |
| "description": "921151: HTTP Header Injection Attack via payload (CR/LF detected)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f7209af44d024fec8a3fa492db8054a8", | |
| "action": "score", | |
| "description": "930100: Path Traversal Attack (/../)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "46a47a212be64bd68fd432c1e6720c6f", | |
| "action": "score", | |
| "description": "930110: Path Traversal Attack (/../)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "afeddf10b4fe4f4692f9aaed600a4922", | |
| "action": "score", | |
| "description": "930120: OS File Access Attempt", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f53ef9d7124a4cfbbd0666013976d587", | |
| "action": "score", | |
| "description": "930130: Restricted File Access Attempt", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "55b58c71f653446fa0942cf7700f8c8e", | |
| "action": "score", | |
| "description": "931100: Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "b20b6eb6cd3e4a2cac31e0fc9e000392", | |
| "action": "score", | |
| "description": "931110: Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a68a14c1111841fdb0e07aed8df18dab", | |
| "action": "score", | |
| "description": "931120: Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8798ef68f5144daa86219e082563548f", | |
| "action": "score", | |
| "description": "932100: Remote Command Execution: Unix Command Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "010cc6b1d9ed4cdc82b2dc8dce6f319a", | |
| "action": "score", | |
| "description": "932105: Remote Command Execution: Unix Command Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "71abdd796e944038ae34f8b885a1fee1", | |
| "action": "score", | |
| "description": "932110: Remote Command Execution: Windows Command Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "405028a67bf44e56b896558f6e8a82b0", | |
| "action": "score", | |
| "description": "932115: Remote Command Execution: Windows Command Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2ee28b69cd5e460f91e3770e685ae170", | |
| "action": "score", | |
| "description": "932120: Remote Command Execution: Windows PowerShell Command Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "0eb6bfdb8e914a07a95aa4e847bc28eb", | |
| "action": "score", | |
| "description": "932130: Remote Command Execution: Unix Shell Expression Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "61fe42e94df24ce3b22bed0539838bb3", | |
| "action": "score", | |
| "description": "932140: Remote Command Execution: Windows FOR/IF Command Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "05821a389ccc45c39542c3bbff3522c9", | |
| "action": "score", | |
| "description": "932150: Remote Command Execution: Direct Unix Command Execution", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "0dfffcdedb254300b4f0078a80860964", | |
| "action": "score", | |
| "description": "932160: Remote Command Execution: Unix Shell Code Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ecc715a155da406293a3652a02e4e1a4", | |
| "action": "score", | |
| "description": "932170: Remote Command Execution: Shellshock (CVE-2014-6271)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f5128babcdb643c38a616401b5e303ed", | |
| "action": "score", | |
| "description": "932180: Restricted File Upload Attempt", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "753c98e3a15f4a389ea0b196c91b7247", | |
| "action": "score", | |
| "description": "932200: RCE Bypass Technique", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "59b58cd4757e4b598d8aabe4f0095630", | |
| "action": "score", | |
| "description": "932106: Remote Command Execution: Unix Command Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "78553ddb21b44b62bf5697d80231690a", | |
| "action": "score", | |
| "description": "932190: Remote Command Execution: Wildcard bypass technique attempt", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "d57dfc4bce7349179de0c65e354c65f9", | |
| "action": "score", | |
| "description": "933100: PHP Injection Attack: PHP Open Tag Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5f2b69e24b054fbbbaa9ea76410079b3", | |
| "action": "score", | |
| "description": "933110: PHP Injection Attack: PHP Script File Upload Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "4fc1ab8904014ffda5e6424c9ee6587d", | |
| "action": "score", | |
| "description": "933120: PHP Injection Attack: Configuration Directive Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "4dae9ae162f34c319e78090550b39351", | |
| "action": "score", | |
| "description": "933130: PHP Injection Attack: Variables Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "498380511b414467bdbb0ad31d66560b", | |
| "action": "score", | |
| "description": "933140: PHP Injection Attack: I/O Stream Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8a0d418a372047178c25522d4da324d5", | |
| "action": "score", | |
| "description": "933200: PHP Injection Attack: Wrapper scheme detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8035f11c12204e0a8a6f947def52ea4a", | |
| "action": "score", | |
| "description": "933150: PHP Injection Attack: High-Risk PHP Function Name Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "80fb604fe2934cebacb62b40eb7e9ab8", | |
| "action": "score", | |
| "description": "933160: PHP Injection Attack: High-Risk PHP Function Call Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a3b3bf85a66f472b805d0b347978be5f", | |
| "action": "score", | |
| "description": "933170: PHP Injection Attack: Serialized Object Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "9ceb9ca06e344c4e9a2c0e9158cc3667", | |
| "action": "score", | |
| "description": "933180: PHP Injection Attack: Variable Function Call Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "89783961975749f0a1694572d4ebd4cf", | |
| "action": "score", | |
| "description": "933210: PHP Injection Attack: Variable Function Call Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "071840e2b29d4b7086d1bef299d72daa", | |
| "action": "score", | |
| "description": "933151: PHP Injection Attack: Medium-Risk PHP Function Name Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "1586137231f14060ac06cac3bc717a15", | |
| "action": "score", | |
| "description": "933131: PHP Injection Attack: Variables Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "83ab9971710a4444959dad71776b0bec", | |
| "action": "score", | |
| "description": "933161: PHP Injection Attack: Low-Value PHP Function Call Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "cf3863bd0bd84f6dbbeaa363e0f8b619", | |
| "action": "score", | |
| "description": "933111: PHP Injection Attack: PHP Script File Upload Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "1a85b4340ff94fa59b74e5507ab5b467", | |
| "action": "score", | |
| "description": "933190: PHP Injection Attack: PHP Closing Tag Found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "807e8b69772c4d8897552ad3a078d4ef", | |
| "action": "score", | |
| "description": "934100: Node.js Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "e358b09dbfa34f3194ee6e48fc1987a9", | |
| "action": "score", | |
| "description": "941110: XSS Filter - Category 1: Script Tag Vector", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "55c4e831224746f88fc5468aaf3caec7", | |
| "action": "score", | |
| "description": "941120: XSS Filter - Category 2: Event Handler Vector", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f05675accef84600bfcc33631c1b4904", | |
| "action": "score", | |
| "description": "941130: XSS Filter - Category 3: Attribute Vector", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "81349010fcc04a7ab02e0287f848d466", | |
| "action": "score", | |
| "description": "941140: XSS Filter - Category 4: Javascript URI Vector", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "1c2c87f990e34262a0fd890fa2bdaa68", | |
| "action": "score", | |
| "description": "941160: NoScript XSS InjectionChecker: HTML Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "97f826fe71714c429158b7cad3569598", | |
| "action": "score", | |
| "description": "941170: NoScript XSS InjectionChecker: Attribute Injection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "e5b16f0624ad4bf1b0349a9a48a9a2da", | |
| "action": "score", | |
| "description": "941180: Node-Validator Blacklist Keywords", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "7c87610a75a24761a8f58f9f20c01454", | |
| "action": "score", | |
| "description": "941190: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "e725efab86ac482ebb819775b4bb2f2c", | |
| "action": "score", | |
| "description": "941200: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ca605350967b4c2d9b448c83357ea949", | |
| "action": "score", | |
| "description": "941210: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a33a492fcfaa4ec988784084e1d9d3fd", | |
| "action": "score", | |
| "description": "941220: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2afa7cdd1bb9423797c800cac488ab51", | |
| "action": "score", | |
| "description": "941230: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "011b5927ccbc479087a35b5cfe899e02", | |
| "action": "score", | |
| "description": "941240: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a7c116436a1a45a99e22063603bfcbe3", | |
| "action": "score", | |
| "description": "941250: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "6cbd334e8d1a4a0287407c8a9768bc54", | |
| "action": "score", | |
| "description": "941260: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3d28c748710f4d84bc3b057c8239163c", | |
| "action": "score", | |
| "description": "941270: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8a4a5a051b944bffbf9cea2370d5ce94", | |
| "action": "score", | |
| "description": "941280: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8fefce3f52614257bddde5a8ff2d3c60", | |
| "action": "score", | |
| "description": "941290: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "38e4dd01723d408a82c26c0ebff07048", | |
| "action": "score", | |
| "description": "941300: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c4926d96b87647329947ec2ccbc01671", | |
| "action": "score", | |
| "description": "941310: US-ASCII Malformed Encoding XSS Filter - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "37a8495817db438e91914bca12704f45", | |
| "action": "score", | |
| "description": "941350: UTF-7 Encoding IE XSS - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "91bdd244810c4b2fb7868436973c7a5c", | |
| "action": "score", | |
| "description": "941360: JSFuck / Hieroglyphy obfuscation detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f3230cdf0c6e47cfa94a6211c9eb93e1", | |
| "action": "score", | |
| "description": "941370: JavaScript global variable found", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "68996db700bc4aaca4c22befaf661a66", | |
| "action": "score", | |
| "description": "941150: XSS Filter - Category 5: Disallowed HTML Attributes", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "1fd9e041e6944a5c9c080d19346650ed", | |
| "action": "score", | |
| "description": "941320: Possible XSS Attack Detected - HTML Tag Handler", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "efc7b690312c4488bb10d6bc565cd049", | |
| "action": "score", | |
| "description": "941330: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a2e88d6e0e604f05b9e660567fbedd30", | |
| "action": "score", | |
| "description": "941340: IE XSS Filters - Attack Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "936986e0d3c645f7ac4cfe3641521081", | |
| "action": "score", | |
| "description": "941380: AngularJS client side template injection detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2e8e540411f841ffa5f2e05748b74690", | |
| "action": "score", | |
| "description": "942100: SQL Injection Attack Detected via libinjection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "4a3fe7d22e0a4e0b8e66185b5acbfda4", | |
| "action": "score", | |
| "description": "942140: SQL Injection Attack: Common DB Names Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3a4828c8eb194b6db704c9b109c81105", | |
| "action": "score", | |
| "description": "942160: Detects blind sqli tests using sleep() or benchmark()", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "05a63d594d0f410ab35731d9028d59c5", | |
| "action": "score", | |
| "description": "942170: Detects SQL benchmark and sleep injection attempts including conditional queries", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "fa54f3d75ed446e78c22b4ea57b90acf", | |
| "action": "score", | |
| "description": "942190: Detects MSSQL code execution and information gathering attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "91f8507e462d4b8f8291eeaf7d0b2a27", | |
| "action": "score", | |
| "description": "942220: Looking for integer overflow attacks, these are taken from skipfish, except 3.0.00738585072007e-308 is the \\\"magic number\\\" crash", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "6c46d3795dca470d864687c7061ad7e1", | |
| "action": "score", | |
| "description": "942230: Detects conditional SQL injection attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5e5cebbac3104e338fbe91e12c32e392", | |
| "action": "score", | |
| "description": "942240: Detects MySQL charset switch and MSSQL DoS attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5905ad3b31c649c897b8099b648b7ba5", | |
| "action": "score", | |
| "description": "942250: Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2769ac94194942ee90c6d4f2a17d0e69", | |
| "action": "score", | |
| "description": "942270: Looking for basic sql injection. Common attack string for mysql, oracle and others", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a3f7f2ca7ede4a699ceffa46e0f713b4", | |
| "action": "score", | |
| "description": "942280: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "871f89ed2698469498a32c9e40724167", | |
| "action": "score", | |
| "description": "942290: Finds basic MongoDB SQL injection attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8b1606aaf43441a394b46391a76b1a88", | |
| "action": "score", | |
| "description": "942320: Detects MySQL and PostgreSQL stored procedure/function injections", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "dd0ca027d8a04a6b9cd9df11e77302e4", | |
| "action": "score", | |
| "description": "942350: Detects MySQL UDF injection and other data/structure manipulation attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ec42fac3279943388b6be5ee9182835e", | |
| "action": "score", | |
| "description": "942360: Detects concatenated basic SQL injection and SQLLFI attempts", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "b51fdb68b2f24e43b75baf14be5fa997", | |
| "action": "score", | |
| "description": "942500: MySQL in-line comment detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "37da7855d2f94f69865365d894a556a4", | |
| "action": "score", | |
| "description": "942110: SQL Injection Attack: Common Injection Testing Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "be337f9e5266487a8e67c008d732161b", | |
| "action": "score", | |
| "description": "942120: SQL Injection Attack: SQL Operator Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "79239a25d12f4ced90b9beade71d0764", | |
| "action": "score", | |
| "description": "942150: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "d35ea11d661544ed8e89306d9e061819", | |
| "action": "score", | |
| "description": "942180: Detects basic SQL authentication bypass attempts 1/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f2db062052cf453fbe9e93f058ecf7e7", | |
| "action": "score", | |
| "description": "942200: Detects MySQL comment-/space-obfuscated injections and backtick termination", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "ca91aad280fd4250ad58aaa03b97c544", | |
| "action": "score", | |
| "description": "942210: Detects chained SQL injection attempts 1/2", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "6afe6795ee6a48d6a1dfe59255395a78", | |
| "action": "score", | |
| "description": "942260: Detects basic SQL authentication bypass attempts 2/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "cda7fcb45e304a589567d2021821e480", | |
| "action": "score", | |
| "description": "942300: Detects MySQL comments, conditions and ch(a)r injections", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2ebcf6102fe745eeb8317e2f4d2804f5", | |
| "action": "score", | |
| "description": "942310: Detects chained SQL injection attempts 2/2", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "293e73c033b34a2290481c4718a93bb2", | |
| "action": "score", | |
| "description": "942330: Detects classic SQL injection probings 1/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f394c2277cba4406b408c9d1feb8fadb", | |
| "action": "score", | |
| "description": "942340: Detects basic SQL authentication bypass attempts 3/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "9a51a1ae8bed4f19bcd6a744926e411e", | |
| "action": "score", | |
| "description": "942361: Detects basic SQL injection based on keyword alter or union", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5a6f5a57cde8428ab0668ce17cdec0c8", | |
| "action": "score", | |
| "description": "942370: Detects classic SQL injection probings 2/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "166952cef06c4a63b17b671f8500cf80", | |
| "action": "score", | |
| "description": "942380: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5f4a92f3cebb430a85ffc23c953cedea", | |
| "action": "score", | |
| "description": "942390: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "d90baf533c5540389362e3a1d4abedad", | |
| "action": "score", | |
| "description": "942400: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "a1e6edf90e6541948dc86318d90595f6", | |
| "action": "score", | |
| "description": "942410: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "8e8a960a4bc94c6ca510154b096a53e6", | |
| "action": "score", | |
| "description": "942470: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "9633cebcb3714e98b977ce91fea7997d", | |
| "action": "score", | |
| "description": "942480: SQL Injection Attack", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "5e4903d6afa841c9b88b96203297003f", | |
| "action": "score", | |
| "description": "942430: Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "d12ad6d1bc0c42b3affe0cee682bb405", | |
| "action": "score", | |
| "description": "942440: SQL Comment Sequence Detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "052dcdf764834ffa997afbf2276a6986", | |
| "action": "score", | |
| "description": "942450: SQL Hex Encoding Identified", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3ecd29ca214948fd9528ef25cdeda7d1", | |
| "action": "score", | |
| "description": "942510: SQLi bypass attempt by ticks or backticks detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c2bc655a18b6487d9351c8d3394d60ed", | |
| "action": "score", | |
| "description": "942251: Detects HAVING injections", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "2380cd409b604c2a9273042f3eb29c4e", | |
| "action": "score", | |
| "description": "942490: Detects classic SQL injection probings 3/3", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "02a11d6fc5c74dbc911455294b629ea8", | |
| "action": "score", | |
| "description": "942420: Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "f5aebedc99a14c8d9e8cfa2ce5f94216", | |
| "action": "score", | |
| "description": "942431: Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "edf8c37cc81747d382690b3c77e82ce4", | |
| "action": "score", | |
| "description": "942460: Meta-Character Anomaly Detection Alert - Repetitive Non-Word Characters", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "af1f655b71d84d86a3dbc652fc8d8e8b", | |
| "action": "score", | |
| "description": "942101: SQL Injection Attack Detected via libinjection", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3e032e0fd1d34bbeb63eb77050e2c244", | |
| "action": "score", | |
| "description": "942511: SQLi bypass attempt by ticks detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "04c20a9fe50742bbac9e480fb00a383d", | |
| "action": "score", | |
| "description": "942421: Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "1129dfb383bb42e48466488cf3b37cb1", | |
| "action": "score", | |
| "description": "942432: Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 3 | |
| } | |
| } | |
| { | |
| "id": "72b15dd284824655b079a2a7c3dda6be", | |
| "action": "score", | |
| "description": "943100: Possible Session Fixation Attack: Setting Cookie Values in HTML", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "de20459d52e845fc829007c6537deb80", | |
| "action": "score", | |
| "description": "943120: Possible Session Fixation Attack: SessionID Parameter Name with No Referer", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "1c667c5364e04999bb5be82aaf347fde", | |
| "action": "score", | |
| "description": "944100: Remote Command Execution: Suspicious Java class detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "b94406492a774c578f7b455c9fae472b", | |
| "action": "score", | |
| "description": "944110: Remote Command Execution: Java process spawn (CVE-2017-9805)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "3b2ee0c70ce44f198219a61d5ab75703", | |
| "action": "score", | |
| "description": "944120: Remote Command Execution: Java serialization (CVE-2015-4852)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "340f6d09ce334919a2952adcdadd51e1", | |
| "action": "score", | |
| "description": "944130: Suspicious Java class detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "b8514202698b4e2db36dadeb686a9c27", | |
| "action": "score", | |
| "description": "944200: Magic bytes Detected, probable java serialization in use", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c55bf4de0a8247249120c93073cd4e53", | |
| "action": "score", | |
| "description": "944210: Magic bytes Detected Base64 Encoded, probable java serialization in use", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "91b54b1b505f489a87644a597a9ee4ce", | |
| "action": "score", | |
| "description": "944240: Remote Command Execution: Java serialization (CVE-2015-4852)", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "397f1f437b2b4741aaebf8010cc3ea5a", | |
| "action": "score", | |
| "description": "944250: Remote Command Execution: Suspicious Java method detected", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "c18b1048e51248a191aa96eee068f5d3", | |
| "action": "score", | |
| "description": "944300: Base64 encoded string matched suspicious keyword", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 5 | |
| } | |
| } | |
| { | |
| "id": "f69971ea46aa4cc983f773bb06e082e4", | |
| "action": "score", | |
| "description": "942100: SQL Injection Attack Detected via libinjection ", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 0 | |
| } | |
| } | |
| { | |
| "id": "c2e1451cfff1400db51a760a852d81eb", | |
| "action": "score", | |
| "description": "942101: SQL Injection Attack Detected via libinjection - beta", | |
| "enabled": true, | |
| "action_parameters": { | |
| "increment": 0 | |
| } | |
| } | |
| { | |
| "id": "6179ae15870a4bb7b2d480d4843b323c", | |
| "action": "block", | |
| "score_threshold": 40, | |
| "description": "949110: Inbound Anomaly Score Exceeded", | |
| "enabled": true | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment