Products: Amazon AWS - Web Application Firewall (WAF)
| Rule ID | Rule Name |
|---|---|
| MATCH-S00209 | CVE-2021-44228 Log4j2 Java Library 0-Day Attempt |
| LEGACY-S00013 | Connection to High Entropy Domain |
| LEGACY-S00189 | Crypto Miner HTTP User Agent |
| MATCH-S00592 | Crypto Miner User Agent |
| THRESHOLD-S00074 | Excessive Firewall Denies |
| LEGACY-S00041 | HTTP External Request to PowerShell Extension |
| LEGACY-S00048 | Houdini/Iniduoh/njRAT User-Agent |
| THRESHOLD-S00026 | Possible Credential Abuse |
| MATCH-S00835 | Possible Dynamic URL Domain |
| LEGACY-S00079 | SQL-Select-From |
| LEGACY-S00093 | Script/CLI UserAgent string |
| LEGACY-S00095 | Server-Side Code Injection in URL |
| OUTLIER-S00010 | Spike in URL Length from IP Address |
| MATCH-S00783 | Spring4Shell Exploitation - URL |
| LEGACY-S00182 | Suspicious HTTP User-Agent |
| MATCH-S00555 | Threat Intel - Inbound Traffic Context |
| LEGACY-S00109 | Threat Intel - Matched Domain Name |
| LEGACY-S00107 | Threat Intel Match - IP Address |
| MATCH-S00557 | Web Request to IP Address |
| Log Mapper ID | Log Mapper Name |
|---|---|
| 3c171e72-3b04-4280-a9c2-119b7f370768 | AWS WAF Allow Logs |
| e7ef97a5-3d97-46f8-bee8-89085f2d3ba6 | AWS WAF Block Logs |