Detect URLs containing known malicious keywords or commands (ASIM Web Session)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

The utilization of system commands or functions in the request URL may suggest that an attacker is trying to gain unauthorized access to the environment by exploiting a vulnerable service.

Attribute	Value
Type	Analytic Rule
Solution	Web Session Essentials
ID	32c08696-2e37-4730-86f8-97d9c8b184c9
Severity	High
Status	Available
Kind	Scheduled
Tactics	InitialAccess, CommandAndControl
Techniques	T1190, T1133, T1071
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
Watchlist	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Web Session Essentials