Data Source: APM

Potential Cross Site Scripting (XSS)

Mar 4, 2025 · Data Source: APM Use Case: Threat Detection Tactic: Initial Access Rule Type: BBR ·

Cross-Site Scripting (XSS) is a type of attack in which malicious scripts are injected into trusted websites. In XSS attacks, an attacker uses a benign web application to send malicious code, generally in the form of a browser-side script. This detection rule identifies the potential malicious executions of such browser-side scripts.

External Alerts

Jan 22, 2025 · OS: Windows Data Source: APM OS: macOS OS: Linux Resources: Investigation Guide ·

Share on:

Generates a detection alert for each external alert written to the configured indices. Enabling this rule allows you to immediately begin investigating external alerts in the app.

Web Application Suspicious Activity: POST Request Declined

Jan 22, 2025 · Data Source: APM Resources: Investigation Guide ·

Share on:

A POST request to a web application returned a 403 response, which indicates the web application declined to process the request because the action requested was not allowed.

Web Application Suspicious Activity: sqlmap User Agent

Jan 22, 2025 · Data Source: APM Resources: Investigation Guide ·

Share on:

This is an example of how to detect an unwanted web client user agent. This search matches the user agent for sqlmap 1.3.11, which is a popular FOSS tool for testing web applications for SQL injection vulnerabilities.

Web Application Suspicious Activity: Unauthorized Method

Jan 22, 2025 · Data Source: APM Resources: Investigation Guide ·

Share on:

A request to a web application returned a 405 response, which indicates the web application declined to process the request because the HTTP method is not allowed for the resource.