76 lines
1.7 KiB
JSON
76 lines
1.7 KiB
JSON
{
|
|
"version": 1,
|
|
"origin": {
|
|
"name": "worker01",
|
|
"module": "wazuh-execd"
|
|
},
|
|
"command": "add",
|
|
"parameters": {
|
|
"extra_args": [],
|
|
"alert": {
|
|
"timestamp": "2021-02-01T20:58:44.830+0000",
|
|
"rule": {
|
|
"level": 15,
|
|
"description": "Shellshock attack detected",
|
|
"id": "31168",
|
|
"mitre": {
|
|
"id": [
|
|
"T1068",
|
|
"T1190"
|
|
],
|
|
"tactic": [
|
|
"Privilege Escalation",
|
|
"Initial Access"
|
|
],
|
|
"technique": [
|
|
"Exploitation for Privilege Escalation",
|
|
"Exploit Public-Facing Application"
|
|
]
|
|
},
|
|
"info": "CVE-2014-6271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271",
|
|
"firedtimes": 2,
|
|
"mail": true,
|
|
"groups": [
|
|
"web",
|
|
"accesslog",
|
|
"attack"
|
|
],
|
|
"pci_dss": [
|
|
"11.4"
|
|
],
|
|
"gdpr": [
|
|
"IV_35.7.d"
|
|
],
|
|
"nist_800_53": [
|
|
"SI.4"
|
|
],
|
|
"tsc": [
|
|
"CC6.1",
|
|
"CC6.8",
|
|
"CC7.2",
|
|
"CC7.3"
|
|
]
|
|
},
|
|
"agent": {
|
|
"id": "000",
|
|
"name": "wazuh-server"
|
|
},
|
|
"manager": {
|
|
"name": "wazuh-server"
|
|
},
|
|
"id": "1612213124.6448363",
|
|
"full_log": "192.168.0.223 - - [01/Feb/2021:20:58:43 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"() { :; }; /bin/cat /etc/passwd\"",
|
|
"decoder": {
|
|
"name": "web-accesslog"
|
|
},
|
|
"data": {
|
|
"protocol": "GET",
|
|
"srcip": "192.168.0.223",
|
|
"id": "200",
|
|
"url": "/"
|
|
},
|
|
"location": "/var/log/nginx/access.log"
|
|
},
|
|
"program": "/var/ossec/active-response/bin/firewall-drop"
|
|
}
|
|
} |