Products: Amazon AWS - Web Application Firewall (WAF)
Rule ID | Rule Name |
---|---|
MATCH-S00209 | CVE-2021-44228 Log4j2 Java Library 0-Day Attempt |
LEGACY-S00013 | Connection to High Entropy Domain |
LEGACY-S00189 | Crypto Miner HTTP User Agent |
MATCH-S00592 | Crypto Miner User Agent |
THRESHOLD-S00074 | Excessive Firewall Denies |
LEGACY-S00041 | HTTP External Request to PowerShell Extension |
LEGACY-S00048 | Houdini/Iniduoh/njRAT User-Agent |
THRESHOLD-S00026 | Possible Credential Abuse |
MATCH-S00835 | Possible Dynamic URL Domain |
LEGACY-S00079 | SQL-Select-From |
LEGACY-S00093 | Script/CLI UserAgent string |
LEGACY-S00095 | Server-Side Code Injection in URL |
OUTLIER-S00010 | Spike in URL Length from IP Address |
MATCH-S00783 | Spring4Shell Exploitation - URL |
LEGACY-S00182 | Suspicious HTTP User-Agent |
MATCH-S00555 | Threat Intel - Inbound Traffic Context |
LEGACY-S00109 | Threat Intel - Matched Domain Name |
LEGACY-S00107 | Threat Intel Match - IP Address |
MATCH-S00557 | Web Request to IP Address |
Log Mapper ID | Log Mapper Name |
---|---|
3c171e72-3b04-4280-a9c2-119b7f370768 | AWS WAF Allow Logs |
e7ef97a5-3d97-46f8-bee8-89085f2d3ba6 | AWS WAF Block Logs |