- 重要な情報
- アプリ内
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
Detect CQL injections attempts on web services accessing to data from Cassandra databases. Such security activity generally indicates that an attacker is trying to exploit a potential CQL injection vulnerability or steal sensitive data.
Monitor application security events to detect SQL (@appsec.type:sql_injection
) & CQL (@appsec.rule_id:dog-000-001
) injection attempts on distributed traces where external CQL queries are performed (@_dd.appsec.enrichment.has_cassandra:true
).
Also, look at SQL injection triggers because CQL syntax is similar enough to SQL syntax that the SQL patterns catch CQL injection payloads.
The signal severity is determined based on the underlying service behavior:
HIGH
Substantial rate of SQL/CQL injection attempts on services executing CQL queries, and resulting in 5xx HTTP errors.MEDIUM
High rate of SQL/CQL injection attempts on services executing CQL queries.