mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-16 13:11:23 +01:00
17 lines
391 B
YAML
17 lines
391 B
YAML
title: SO IDH - HTTP Proxy Attempted Proxy
|
|
id: 6722bba8-5713-4463-b3ab-8432224928c2
|
|
status: experimental
|
|
description: Detects when the HTTP Proxy service on a SO IDH node has had a proxy attempt.
|
|
author: Security Onion Solutions
|
|
logsource:
|
|
product: idh
|
|
detection:
|
|
selection:
|
|
event.code:
|
|
- 2000
|
|
condition: selection
|
|
falsepositives:
|
|
- None
|
|
fields:
|
|
- source.ip
|
|
level: critical |