- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Tactic:
Detect successful exploitation attempts of the SSRF vulnerability.
Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to deceive the application and make requests to an unintended location.
In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within an organization’s infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data.
Monitor application security events to detect SSRF attack patterns (@appsec.security_activity:attack_attempt.ssrf
) on distributed traces where external HTTP requests are performed. The heuristic conducts additional analysis to detect if the SSRF vulnerability exists and is triggered or not. When a vulnerability exploitation attempt is detected (@appsec.security_activity:vulnerability_trigger.ssrf
), a Security Signal with CRITICAL
severity is generated.
The detection heuristics are as follow:
Analyze the external HTTP requests which are performed by the application to look for suspicious calls
bla.db.internal:6379:1324/?q=nice
)Check if the user inputs is manipulating or tampering those requests
The severity of the signal is lowered to High
when the application threw an exception during execution, indicating they might not have succeeded at impacting the system.
rasp-934-100
to blocking mode to prevent exploitation.