AFD WAF - Code Injection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies a match for a Code Injection based attack in the AFD WAF logs. The threshold value in the query can be changed as per your infrastructure's requirements. References: https://owasp.org/www-community/attacks/Code_Injection

Attribute	Value
Type	Analytic Rule
Solution	Azure Web Application Firewall (WAF)
ID	ded8168e-c806-4772-af30-10576e0a7529
Severity	High
Status	Available
Kind	Scheduled
Tactics	DefenseEvasion, Execution, InitialAccess, PrivilegeEscalation
Techniques	T1548, T1203, T1190, T1548
Required Connectors	WAF
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	Category == "FrontDoorWebApplicationFirewallLog"	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure Web Application Firewall (WAF)