Hi all,
I’ve been through the provided vendor rules in Logpoint and they are not useful. Does anyone have any rules that they can share that detect the attacks mentioned in the OWASP top 10?
Thank you
Userlevel 1
Hello Muhammad,
Do you have WAF log sources? It will be very easy, if you have WAF product in our environment
Hi Kimil,
We do have a WAF but we want to detect it on IIS.
Thanks
+1
Hello Muhammad,
Thank you for joining the Community !
All Alert Rules provided by LogPoint are available on our Documentation portal: https://docs.logpoint.com/docs/alert-rules/en/latest/MITRE.html
If you search (Ctrl-F) for “Webserver” you will find Alert Rules using Webserver logs, like these for examples:
- LP_Default Excessive HTTP Errors
- LP_Default High Unique Web-Server traffic
- LP_Default Port Scan Detected
- LP_Default Possible Cross Site Scripting Attack Detected
- LP_Default Possible SQL Injection Attack
- LP_Drupal Arbitrary Code Execution Detected
- ...
While the LogPoint SIEM will not replace a full-fledged Web Application Firewall, it still provides a good first layer of detection thanks to predefined or custom Alert Rules.
Hope it helps !
Thanks,
Adrien
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.