Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query searches Azure Web Application Firewall data for potential Webshell usage related to the SpringShell RCE vulnerability (CVE-2022-22965). For more information refer to Microsoft's security blog.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Web Shells Threat Protection |
| ID | 6911d1df-4204-43b2-a64c-3cb102551ddd |
| Tactics | Execution |
| Techniques | T1059.007 |
| Required Connectors | WAF |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Web Shells Threat Protection