Anomaly detection for Nginx

calendar Aug 21, 2020  ยท
Share on: linkedin copy

Detecting suspicious error log events which may lead to potential security threats

Sigma rule (View on GitHub)

 1title: Anomaly detection for Nginx
 2id: 3c5b7905-8cac-437e-8cf7-05ec8fbb73a0
 3status: experimental
 4description: Detecting suspicious error log events which may lead to potential security threats
 5author: Loginsoft Research Unit
 6references:
 7    - Internal Research
 8date: 2020/07/24
 9logsource:
10  product: nginx
11  category: webserver
12  service: error
13detection:
14    keywords:
15      - 'peer started SSL renegotiation'
16    condition: keywords
17falsepositives:
18  - Unknown
19level: low

References

to-top