1. Logpoint Service Desk
  2. Community
  3. SIEM - Use Cases

Rules for monitoring attacks against web apps

Avatar
Follow
0

Hi all,

I’ve been through the provided vendor rules in Logpoint and they are not useful. Does anyone have any rules that they can share that detect the attacks mentioned in the OWASP top 10?

Thank you

Share This Post:

3 comments

Date Votes
0
Avatar
Muhammad Adam

Hi Kimil,

We do have a WAF but we want to detect it on IIS.

Thanks

0
Avatar
CSO Integrations

Hello Muhammad,

Thank you for joining the Community !

All Alert Rules provided by LogPoint are available on our Documentation portal: https://docs.logpoint.com/docs/alert-rules/en/latest/MITRE.html

If you search (Ctrl-F) for “Webserver” you will find Alert Rules using Webserver logs, like these for examples:

  • LP_Default Excessive HTTP Errors
  • LP_Default High Unique Web-Server traffic
  • LP_Default Port Scan Detected
  • LP_Default Possible Cross Site Scripting Attack Detected
  • LP_Default Possible SQL Injection Attack
  • LP_Drupal Arbitrary Code Execution Detected
  • ...

While the LogPoint SIEM will not replace a full-fledged Web Application Firewall, it still provides a good first layer of detection thanks to predefined or custom Alert Rules.

Hope it helps !

Thanks,

Adrien

Please sign in to leave a comment.