Skip to content

Commit

Permalink
web: cleanup TBD messages
Browse files Browse the repository at this point in the history
  • Loading branch information
ljstella committed Nov 27, 2024
1 parent 67ad9f5 commit 9ab5e6a
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ known_false_positives: It's possible for legitimate HTTP requests to be made to
containing the suspicious paths.
references: []
rba:
message: tbd
message: Potential Scanning for Vulnerable JBoss Servers
risk_objects:
- field: dest
type: system
Expand Down
2 changes: 1 addition & 1 deletion detections/web/detect_f5_tmui_rce_cve_2020_5902.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ references:
- https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
- https://support.f5.com/csp/article/K52145254
rba:
message: tbd
message: Potential F5 TMUI RCE traffic
risk_objects:
- field: dest
type: system
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ how_to_implement: You must ingest data from the web server or capture network da
known_false_positives: No known false positives for this detection.
references: []
rba:
message: tbd
message: Potentially malicious traffic exploiting JBoss servers
risk_objects:
- field: dest
- field: dest_ip
type: system
score: 25
threat_objects: []
Expand Down
2 changes: 1 addition & 1 deletion detections/web/monitor_web_traffic_for_brand_abuse.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ how_to_implement: You need to ingest data from your web traffic. This can be acc
known_false_positives: None at this time
references: []
rba:
message: tbd
message: Potential Brand Abus discovered in web logs
risk_objects:
- field: src
type: system
Expand Down
2 changes: 1 addition & 1 deletion detections/web/supernova_webshell.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ references:
- https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html
- https://www.guidepointsecurity.com/blog/supernova-solarwinds-net-webshell-analysis/
rba:
message: tbd
message: Potential Supernova Webshell on $dest$
risk_objects:
- field: user
type: user
Expand Down

0 comments on commit 9ab5e6a

Please sign in to comment.