---
title: HTTP requests referencing sensitive system files
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > HTTP requests referencing sensitive
  system files
---

# HTTP requests referencing sensitive system files
Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-application](https://attack.mitre.org/techniques/T1190) 
## Goal{% #goal %}

Detect HTTP requests referencing sensitive system or application files (for example passwd, shadow, or configuration files), especially when responses succeed.

## Strategy{% #strategy %}

This rule monitors OCSF HTTP paths and query strings for known sensitive file indicators and correlates with successful HTTP status codes, grouped by `@ocsf.src_endpoint.ip`.

## Triage and response{% #triage-and-response %}

- Verify whether files could be read or whether error responses leaked file paths.
- Tighten access controls and rotate secrets if configuration exposure is possible.