Absent Member.
Absent Member.
369 views

Detecting Web Attacks through log monitoring

Hi,


Try to match a Regex (querying against a group of Regex) with the Referral field in Web server logs.

If one of the Regex matches I can write a rule to trigger an alert!


Now can I capture the matching Regex in an another field, say by "Mapping Additional Data Names" to the connector.

If the above is possible; it will be clear to me that there is a matching Regex and I will get to know the exact Regex which caused the alert.

If the above hypothetical conditions are possible, kindly let me know HOW?

Thanks in advance.

P.S

I'm posting this query as a separate post for more visibility.

Labels (3)
0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.