HTTP requests containing path traversal sequences

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1190-exploit-public-facing-application

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect HTTP requests containing path traversal sequences in the URL path or query string, including when the response is successful.

Strategy

This rule monitors OCSF HTTP requests for encoded and plain parent-directory traversal patterns, grouped by @ocsf.src_endpoint.ip.

Triage and response

  • Review whether traversal attempts reached sensitive files or APIs and whether responses leaked content.
  • If activity is malicious and unauthorized, consider blocking or rate limiting {{@ocsf.src_endpoint.ip}} and follow your incident response process.