OpenCanary - HTTPPROXY Login Attempt
Detects instances where an HTTPPROXY service on an OpenCanary node has had an attempt to proxy another page.
Sigma rule (View on GitHub)
1title: OpenCanary - HTTPPROXY Login Attempt
2id: 5498fc09-adc6-4804-b9d9-5cca1f0b8760
3status: experimental
4description: |
5 Detects instances where an HTTPPROXY service on an OpenCanary node has had an attempt to proxy another page.
6references:
7 - https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
8 - https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
9author: Security Onion Solutions
10date: 2024/03/08
11tags:
12 - attack.initial_access
13 - attack.defense_evasion
14 - attack.t1090
15logsource:
16 category: application
17 product: opencanary
18detection:
19 selection:
20 logtype: 7001
21 condition: selection
22falsepositives:
23 - Unlikely
24level: high
References
Related rules
- Github New Secret Created
- Github Self Hosted Runner Changes Detected
- Password Provided In Command Line Of Net.EXE
- Cisco BGP Authentication Failures
- Cisco LDP Authentication Failures