Anomaly detection for Apache Tomcat

calendar Aug 21, 2020  ยท
Share on: linkedin copy

Detecting suspicious error log events which may lead to potential security threats

Sigma rule (View on GitHub)

 1title: Anomaly detection for Apache Tomcat
 2id: 7b440aa5-2a52-460a-80fc-16ef1ba7e44e
 3status: experimental
 4description: Detecting suspicious error log events which may lead to potential security threats
 5references:
 6  - Internal Research
 7author: Loginsoft Research Unit 
 8date: 2020/07/21
 9logsource:
10  product: Tomcat
11  category: webserver
12detection:
13  keywords:
14    - 'IntrospectionUtils: Assert: Illegal params'
15    - 'Failed to trigger creation of the GC Daemon thread during Tomcat start to prevent possible memory leaks. This is expected on non-Sun JVMs'
16  condition: keywords
17falsepositives:
18  - Unknown
19level: low```

References

to-top