Rule Library

Sigma Rules

5 rules found

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Potential JNDI Injection Exploitation In JVM Based Application

Detects potential JNDI Injection exploitation. Often coupled with Log4Shell exploitation.

jvmapplication

TA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Moti HarmatsSat Feb 11application

Detectionhightest

Potential Local File Read Vulnerability In JVM Based Application

Detects potential local file read vulnerability in JVM based apps. If the exceptions are caused due to user input and contain path traversal payloads then it's a red flag.

jvmapplication

TA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Moti HarmatsSat Feb 11application

Detectionhightest

Potential OGNL Injection Exploitation In JVM Based Application

Detects potential OGNL Injection exploitation, which may lead to RCE. OGNL is an expression language that is supported in many JVM based systems. OGNL Injection is the reason for some high profile RCE's such as Apache Struts (CVE-2017-5638) and Confluence (CVE-2022-26134)

jvmapplication

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2017-5638cve.2022-26134

Moti HarmatsSat Feb 11application

Detectionhightest

Process Execution Error In JVM Based Application

Detects process execution related exceptions in JVM based apps, often relates to RCE

jvmapplication

TA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Moti HarmatsSat Feb 11application

Detectionhightest

Potential XXE Exploitation Attempt In JVM Based Application

Detects XML parsing issues, if the application expects to work with XML make sure that the parser is initialized safely.

jvmapplication

TA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Moti HarmatsSat Feb 11application