[Bro] Apache struts exploit detection
jedwards2728 at gmail.com
Mon Mar 13 23:56:31 PDT 2017
For the likes of the apache struts web application attack that the actual
exploit is contained within a web http GET request. Or let's say any web
app attack that is embedded within the referer field like embedded
I can see bro will see things like http user agent fields and get or post
request but for the actual malicious code embedded further in the request
I'm assuming isn't captured?
My ips obviously captures that alert data and I can see the the exploit but
the bro data from the http log I'll only see "GET / HTTP1.1" and that's all
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro