Web Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2025-05-02
Adobe ColdFusion Access Control Bypass	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2025-05-02
Adobe ColdFusion Unauthenticated Arbitrary File Read	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2025-05-02
Cisco IOS XE Implant Access	Suricata	Exploit Public-Facing Application	TTP	Cisco IOS XE Software Web Management User Interface vulnerability	2025-05-02
Citrix ADC and Gateway Unauthorized Data Disclosure	Suricata	Exploit Public-Facing Application	TTP	Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966	2025-05-02
Citrix ADC Exploitation CVE-2023-3519	Palo Alto Network Threat	Exploit Public-Facing Application	Hunting	CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519	2025-05-02
Citrix ShareFile Exploitation CVE-2023-24489	Suricata	Exploit Public-Facing Application	Hunting	Citrix ShareFile RCE CVE-2023-24489	2025-05-02
Confluence CVE-2023-22515 Trigger Vulnerability	Suricata	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2025-05-02
Confluence Data Center and Server Privilege Escalation	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities	2025-05-02
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527	Suricata	Exploit Public-Facing Application	TTP	Confluence Data Center and Confluence Server Vulnerabilities	2025-05-02
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Palo Alto Network Threat	Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities	2025-05-02
ConnectWise ScreenConnect Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities, Seashell Blizzard	2025-05-02
CrushFTP Authentication Bypass Exploitation	CrushFTP	Exploit Public-Facing Application Windows Command Shell PowerShell	TTP	CrushFTP Vulnerabilities	2025-05-02
CrushFTP Max Simultaneous Users From IP	CrushFTP	Password Guessing Credential Stuffing	Anomaly	CrushFTP Vulnerabilities	2025-05-02
Detect attackers scanning for vulnerable JBoss servers		System Information Discovery External Remote Services	TTP	JBoss Vulnerability, SamSam Ransomware	2025-05-02
Detect F5 TMUI RCE CVE-2020-5902		Exploit Public-Facing Application	TTP	F5 TMUI RCE CVE-2020-5902	2025-05-02
Detect malicious requests to exploit JBoss servers		N/A	TTP	JBoss Vulnerability, SamSam Ransomware	2025-05-02
Detect Remote Access Software Usage URL	Palo Alto Network Threat	Remote Access Tools	Anomaly	CISA AA24-241A, Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software	2025-05-02
Detect Web Access to Decommissioned S3 Bucket	AWS Cloudfront	Data Destruction	Anomaly	AWS S3 Bucket Security Monitoring, Data Destruction	2025-05-02
Exploit Public Facing Application via Apache Commons Text	Nginx Access	External Remote Services Exploit Public-Facing Application Web Shell	Anomaly	Text4Shell CVE-2022-42889	2025-05-02
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	Fortinet FortiNAC CVE-2022-39952	2025-05-02
F5 TMUI Authentication Bypass	Suricata	N/A	TTP	F5 Authentication Bypass with TMUI	2025-05-02
Fortinet Appliance Auth bypass	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	CVE-2022-40684 Fortinet Appliance Auth bypass	2025-05-02
High Volume of Bytes Out to Url	Nginx Access	Exfiltration Over Web Service	Anomaly	Data Exfiltration	2025-05-02
Hunting for Log4Shell	Nginx Access	Exploit Public-Facing Application External Remote Services	Hunting	CISA AA22-320A, Log4Shell CVE-2021-44228	2025-05-02
Ivanti Connect Secure Command Injection Attempts	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2025-05-02
Ivanti Connect Secure SSRF in SAML Component	Suricata	Exploit Public-Facing Application	TTP	Ivanti Connect Secure VPN Vulnerabilities	2025-05-02
Ivanti Connect Secure System Information Access via Auth Bypass	Suricata	Exploit Public-Facing Application	Anomaly	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2025-05-02
Ivanti EPM SQL Injection Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	Ivanti EPM Vulnerabilities	2025-05-02
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2025-05-02
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2025-05-02
Ivanti Sentry Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	Ivanti Sentry Authentication Bypass CVE-2023-38035	2025-05-02
Java Class File download by Java User Agent	Splunk Stream HTTP	Exploit Public-Facing Application	TTP	Log4Shell CVE-2021-44228	2025-05-02
Jenkins Arbitrary File Read CVE-2024-23897	Nginx Access	Exploit Public-Facing Application	TTP	Jenkins Server Vulnerabilities	2025-05-02
JetBrains TeamCity Authentication Bypass CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2025-05-02
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2025-05-02
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2025-05-02
JetBrains TeamCity RCE Attempt	Suricata	Exploit Public-Facing Application	TTP	CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities	2025-05-02
Juniper Networks Remote Code Execution Exploit Detection	Suricata	Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter	TTP	Juniper JunOS Remote Code Execution	2025-05-02
Log4Shell JNDI Payload Injection Attempt	Nginx Access	Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228	2025-05-02
Log4Shell JNDI Payload Injection with Outbound Connection		Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-320A, Log4Shell CVE-2021-44228	2025-05-02
Microsoft SharePoint Server Elevation of Privilege	Suricata	Exploitation for Privilege Escalation	TTP	Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357	2025-05-02
Monitor Web Traffic For Brand Abuse		N/A	TTP	Brand Monitoring	2025-05-02
Multiple Archive Files Http Post Traffic	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol	TTP	Command And Control, Data Exfiltration	2025-05-02
Nginx ConnectWise ScreenConnect Authentication Bypass	Nginx Access	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities, Seashell Blizzard	2025-05-02
PaperCut NG Remote Web Access Attempt	Suricata	Exploit Public-Facing Application External Remote Services	TTP	PaperCut MF NG Vulnerability	2025-05-02
Plain HTTP POST Exfiltrated Data	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol	TTP	Command And Control, Data Exfiltration	2025-05-02
ProxyShell ProxyNotShell Behavior Detected		Exploit Public-Facing Application External Remote Services	Correlation	ProxyNotShell, ProxyShell, Seashell Blizzard	2025-05-02
SAP NetWeaver Visual Composer Exploitation Attempt	Suricata	Exploit Public-Facing Application	Hunting	SAP NetWeaver Exploitation	2025-05-02
Spring4Shell Payload URL Request	Nginx Access	External Remote Services Exploit Public-Facing Application Web Shell	TTP	Spring4Shell CVE-2022-22965	2025-05-02
SQL Injection with Long URLs		Exploit Public-Facing Application	TTP	SQL Injection	2025-05-02
Supernova Webshell		Web Shell External Remote Services	TTP	Earth Alux, NOBELIUM Group	2025-05-02
Tomcat Session Deserialization Attempt	Nginx Access	Exploit Public-Facing Application Web Shell	Anomaly	Apache Tomcat Session Deserialization Attacks	2025-05-02
Tomcat Session File Upload Attempt	Nginx Access	Exploit Public-Facing Application Web Shell	Anomaly	Apache Tomcat Session Deserialization Attacks	2025-05-02
Unusually Long Content-Type Length		N/A	Anomaly	Apache Struts Vulnerability	2025-05-02
VMWare Aria Operations Exploit Attempt	Palo Alto Network Threat	External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation	TTP	VMware Aria Operations vRealize CVE-2023-20887	2025-05-02
VMware Server Side Template Injection Hunt	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Hunting	VMware Server Side Injection and Privilege Escalation	2025-05-02
VMware Workspace ONE Freemarker Server-side Template Injection	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Anomaly	VMware Server Side Injection and Privilege Escalation	2025-05-02
Web JSP Request via URL	Nginx Access	External Remote Services Exploit Public-Facing Application Web Shell	TTP	Earth Alux, Spring4Shell CVE-2022-22965	2025-05-02
Web Remote ShellServlet Access	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2025-05-02
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2025-05-02
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2025-05-02
Windows Exchange Autodiscover SSRF Abuse	Windows IIS	Exploit Public-Facing Application External Remote Services	TTP	BlackByte Ransomware, ProxyNotShell, ProxyShell, Seashell Blizzard	2025-05-02
Windows IIS Server PSWA Console Access	Windows IIS	Exploit Public-Facing Application	Hunting	CISA AA24-241A	2025-05-02
WordPress Bricks Builder plugin RCE	Nginx Access	Exploit Public-Facing Application	TTP	WordPress Vulnerabilities	2025-05-02
WS FTP Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	WS FTP Server Critical Vulnerabilities	2025-05-02
Zscaler Adware Activities Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Behavior Analysis Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler CryptoMiner Downloaded Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Employment Search Web Activity		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Exploit Threat Blocked		Phishing	TTP	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Legal Liability Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Malware Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Phishing Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Potentially Abused File Download		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Privacy Risk Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Scam Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02
Zscaler Virus Download threat blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2025-05-02