Rule Type: BBR | Detection.FYI

Potential Cross Site Scripting (XSS)

Mar 4, 2025 · Data Source: APM Use Case: Threat Detection Tactic: Initial Access Rule Type: BBR ·
Share on:

Cross-Site Scripting (XSS) is a type of attack in which malicious scripts are injected into trusted websites. In XSS attacks, an attacker uses a benign web application to send malicious code, generally in the form of a browser-side script. This detection rule identifies the potential malicious executions of such browser-side scripts.

Read More
Potential Linux Reverse Connection through Port Knocking

Mar 7, 2024 · Domain: Endpoint OS: Linux Use Case: Threat Detection Tactic: Command and Control Data Source: Elastic Defend Rule Type: BBR ·
Share on:

Monitors for a sequence of network activity on atypical ports, prior to receiving a single packet on such a non-standard port, which potentially indicates signal port knocking activity. Port knocking is a covert method of externally opening ports by sending a sequence of packets to previously closed ports, which adversaries may leverage to discreetly gain access without directly alerting traditional monitoring systems.

Read More