- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Tactic:
Detect when a web service is subject to processing insecure, unsigned JWT tokens. Such security activity generally indicates an attacker is tampering tokens to gain unauthorized access to protected resources or impersonate another user.
Monitor application security events to detect JWT authentication bypass (@appsec.rule_id:dog-920-001
).
Also, look at SQL injection triggers because CQL syntax is similar enough to SQL syntax that the SQL patterns catch CQL injection payloads.
The signal severity is determined based on the underlying service behavior:
HIGH
: The application is determining a valid user, this could indicate impact.MEDIUM
: The application is successfully responding to a substantial number of requests containing unsecured tokens.LOW
: High rate of unsuccessful requests containing unsecured tokens are being sent to the application.