Detectionhightest

OpenCanary - HTTPPROXY Login Attempt

Detects instances where an HTTPPROXY service on an OpenCanary node has had an attempt to proxy another page.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Security Onion SolutionsCreated Fri Mar 085498fc09-adc6-4804-b9d9-5cca1f0b8760application

Log Source

opencanaryapplication

Productopencanary← raw: opencanary

Categoryapplication← raw: application

Detection Logic

detection:
    selection:
        logtype: 7001
    condition: selection

False Positives

Unlikely

False positives are unlikely for most environments. High confidence detection.

References

MITRE ATT&CK

Tactics

Techniques

Rule Metadata

Rule ID

5498fc09-adc6-4804-b9d9-5cca1f0b8760

Status

test

Level

high

Type

Detection

Created

Fri Mar 08

Author

Path

rules/application/opencanary/opencanary_httpproxy_login_attempt.yml

Raw Tags

attack.initial-accessattack.defense-evasionattack.command-and-controlattack.t1090