forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsql_injection.yml
26 lines (25 loc) · 975 Bytes
/
sql_injection.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: SQL Injection
id: 4f6632f5-449c-4686-80df-57625f59bab3
version: 1
date: '2017-09-19'
author: Bhavin Patel, Splunk
description: Use the searches in this Analytic Story to help you detect structured
query language (SQL) injection attempts characterized by long URLs that contain
malicious parameters.
narrative: 'It is very common for attackers to inject SQL parameters into vulnerable
web applications, which then interpret the malicious SQL statements.\
This Analytic Story contains a search designed to identify attempts by attackers
to leverage this technique to compromise a host and gain a foothold in the target
environment.'
references:
- https://capec.mitre.org/data/definitions/66.html
- https://www.incapsula.com/web-application-security/sql-injection.html
tags:
analytic_story: SQL Injection
category:
- Adversary Tactics
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Advanced Threat Detection