OracleWebLogicServer_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Schema (9 columns)

Source: KQL validation test schema

Column Name Type
_ResourceId string
Computer string
ManagementGroupName string
MG string
RawData string
SourceSystem string
TenantId string
TimeGenerated [UTC] datetime
Type string

Solutions (2)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Custom logs via AMA
[Deprecated] Oracle WebLogic Server

Content Items Using This Table (21)

Analytic Rules (10)

In solution OracleWebLogicServer:

Analytic Rule Selection Criteria
Oracle - Command in URI
Oracle - Malicious user agent
Oracle - Multiple client errors from single IP
Oracle - Multiple server errors from single IP
Oracle - Multiple user agents for single source
Oracle - Oracle WebLogic Exploit CVE-2021-2109
Oracle - Private IP in URL
Oracle - Put file and get file from same IP address
Oracle - Put suspicious file
Oracle - Request to sensitive files

Hunting Queries (10)

In solution OracleWebLogicServer:

Hunting Query Selection Criteria
Oracle - Abnormal request size
Oracle - Critical event severity
Oracle - Error messages
Oracle - Rare URLs requested
Oracle - Rare user agents
Oracle - Rare user agents with client errors
Oracle - Request to forbidden files
Oracle - Top URLs client errors
Oracle - Top URLs server errors
Oracle - Top files requested by users with error

Workbooks (1)

In solution OracleWebLogicServer:

Workbook Selection Criteria
OracleWorkbook

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
OracleWebLogicServerEvent OracleWebLogicServer

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index