Unfamiliar process created by web application
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect shell utilities, HTTP utilities, or shells spawned by a web server.
Strategy
Web shell attacks often involve attackers loading and running malicious files onto a victim machine, creating a backdoor on the compromised system. Attackers use web shells for a variety of purposes, and they can signal the beginning of an intrusion or wider attack. This detection triggers when shell utilities, HTTP utilities, or shells are spawned by a common web server process.
This rule uses the New Value detection method. Datadog learns the historical behavior of a specified field in Agent logs and then creates a signal when unfamiliar values appear.
Requires Agent version 7.27 or later