openappsec-xss Scenario

« openappsec-xss »
v0.2 by openappsec
Attack scenarioremediation:trueservice:httpspoofable:0MITRE:T1189MITRE:T1595MITRE:T1190confidence:2

Detect openappsec 'prevent' securityActions on 'Cross Site Scripting' events (when waf blocks malicious request)

Installation

cscli scenarios install openappsec/openappsec-xss

YAML Configuration

1type: trigger
2#debug: true
3name: openappsec/openappsec-xss
4description: "Detect openappsec 'prevent' securityActions on 'Cross Site Scripting' events (when waf blocks malicious request)"
5filter: evt.Meta.log_type == 'openappsec_security_log' and Lower(evt.Meta.security_action) in ['prevent', 'detect'] and Lower(evt.Meta.incident_type) contains 'cross site scripting'
6groupby: evt.Meta.source_ip
7blackhole: 5m
8labels:
9  service: http
10  classification:
11    - attack.T1189
12    - attack.T1595
13    - attack.T1190
14  spoofable: 0
15  confidence: 2
16  behavior: "http:exploit"
17  label: "Openappsec 'XSS' detection"
18  remediation: true
19

Hub configuration

« openappsec-xss »v0.2 by openappsecAttack scenarioremediation:trueservice:httpspoofable:0MITRE:T1189MITRE:T1595MITRE:T1190confidence:2

« openappsec-xss »
v0.2 by openappsec
Attack scenarioremediation:trueservice:httpspoofable:0MITRE:T1189MITRE:T1595MITRE:T1190confidence:2