<< PREVIOUS  NEXT >> 

SCANNER DETECTION

1. Code: 12

2. Brief Description: Scanner Detection

3. Sample log message:

   1. CEF format  

       

      Aug  5 18:49:13 10.15.3.46 CEF: 1|Virsec Security Platform|Virsec|1.3.6|12|Scanner Detection|10|EventId=VS-SCDE-080520-A00018|Application_Name=Ubuntu14_NGWAF_job1 1 Server_Name=ubuntu-162 Incident_Level=ATTACK Incident_Category=WEB_ATTACK Incident_Type=Scanner Detection Incident_Timestamp=05 Aug 2020 10:48:38 PM UTC Threat Description=Found request filename/argument associated with security scanner Matched Data=Matched Data: /nessustest found within REQUEST_FILENAME: /nessustest HTTP Request=/nessustest Unique Transaction ID=Xys3eX8AAAEAAAFF7k8AAAAC Action=detected Tags=application-multi,language-multi,platform-multi,attack-reputation-scanner,OWASP_CRS/AUTOMATION/SECURITY_SCANNER,WASCTC/WASC-21,OWASP_TOP_10/A7,PCI/6.5.10 Severity=CRITICAL Attacker=127.0.0.1:37704 Rule Id=913120 Matched Rule File=/var/virsec/vsp_waf/vsp_waf_crc/rules/REQUEST-913-SCANNER-DETECTION.conf Primary Incident=true pid=325 description=Scanner Detection category=Web Attack eventTime=2020-08-05 15:55:31.362240 tid=NA