Web based/automated reports

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Web based/automated reports

Unread post by mikeshinn »

We've been working on an entrirely web based version of these reports, in the next few days these will move off the forums.

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 39367 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350051 20761 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
350053 17950 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 15668 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355500 7599 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350054 6705 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355503 5433 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355504 2342 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350055 1565 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 910 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 18204 SSH insecure connection attempt (scan).
392301 10683 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 7133 Known brute force attacker.
60910 6102 Very Slow Wordpress brute force login failures from same IP source.
4151 5683 Multiple Firewall drop events from same source.
3357 5641 Multiple rapid SASL authentication failures.
336468 5068 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 4724 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
60159 4436 Wordpress brute force (fast) login failures
5720 3706 Multiple SSHD authentication failures.
300079 3676 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
31102 3418 Possible DoS Consumption Attack
5712 2872 SSHD brute force trying to get access to the system.
340162 2625 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11306 2513 FTP brute force (multiple failed logins).
5551 2028 Multiple failed logins in a small period of time.
340095 1929 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60908 1900 Very Slow Joomla brute force login failures from same IP source.
60156 1873 Joomla brute force (fast) login failures
334009 1799 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390613 1578 Atomicorp.com WAF Rules: Invalid character in request or headers
11254 1552 Multiple attempts to login using a non-existent user..
330701 1416 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
60904 1325 Rapid SMTP password incorrect events from the same IP source.
330082 1294 Atomicorp.com WAF Rules: Known Exploit User Agent


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 10683 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 5068 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 4724 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 3676 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2625 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1929 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
334009 1799 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390613 1578 Atomicorp.com WAF Rules: Invalid character in request or headers
330701 1416 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330082 1294 Atomicorp.com WAF Rules: Known Exploit User Agent
340016 1132 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 1057 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330034 1005 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
340006 839 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
341245 830 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390604 807 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection
390501 669 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
303800 629 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336460 610 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
310717 588 Atomicorp.com WAF Rules: Cross Site Scripting Attack
347008 563 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340155 431 Atomicorp.com WAF Rules: Generic SQL Injection protection
336461 409 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
318811 402 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340361 338 Atomicorp.com WAF Rules: CONNECT method denied
Post Reply