Skip to content

Commit c936abf

Browse files
halkazwinihalkazwini
committed
capitalization tweaks
1 parent c8b7e62 commit c936abf

File tree

1 file changed

+17
-17
lines changed

1 file changed

+17
-17
lines changed

articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -253,19 +253,19 @@ The following rule groups and rules are available when using Web Application Fir
253253
## <a name="drs21"></a> 2.1 rule sets
254254

255255
### <a name="general-21"></a> General
256-
|Rule ID|Anomaly Score Severity|Description|
256+
|Rule ID|Anomaly score severity|Description|
257257
|---|---|--|
258258
|200002|Critical - 5|Failed to parse request body|
259259
|200003|Critical - 5|Multipart request body failed strict validation|
260260

261261

262262
### <a name="drs911-21"></a> METHOD ENFORCEMENT
263-
|Rule ID|Anomaly Score Severity|Description|
263+
|Rule ID|Anomaly score severity|Description|
264264
|---|---|--|
265265
|911100|Critical - 5|Method isn't allowed by policy|
266266

267267
### <a name="drs920-21"></a> PROTOCOL-ENFORCEMENT
268-
|Rule ID|Anomaly Score Severity|Description|
268+
|Rule ID|Anomaly score severity|Description|
269269
|---|---|--|
270270
|920100|Notice - 2|Invalid HTTP Request Line|
271271
|920120|Critical - 5|Attempted multipart/form-data bypass|
@@ -305,7 +305,7 @@ The following rule groups and rules are available when using Web Application Fir
305305

306306
### <a name="drs921-21"></a> PROTOCOL-ATTACK
307307

308-
|Rule ID|Anomaly Score Severity|Description|
308+
|Rule ID|Anomaly score severity|Description|
309309
|---|---|--|
310310
|921110|Critical - 5|HTTP Request Smuggling Attack|
311311
|921120|Critical - 5|HTTP Response Splitting Attack|
@@ -319,23 +319,23 @@ The following rule groups and rules are available when using Web Application Fir
319319

320320

321321
### <a name="drs930-21"></a> LFI - Local File Inclusion
322-
|Rule ID|Anomaly Score Severity|Description|
322+
|Rule ID|Anomaly score severity|Description|
323323
|---|---|--|
324324
|930100|Critical - 5|Path Traversal Attack (/../)|
325325
|930110|Critical - 5|Path Traversal Attack (/../)|
326326
|930120|Critical - 5|OS File Access Attempt|
327327
|930130|Critical - 5|Restricted File Access Attempt|
328328

329329
### <a name="drs931-21"></a> RFI - Remote File Inclusion
330-
|Rule ID|Anomaly Score Severity|Description|
330+
|Rule ID|Anomaly score severity|Description|
331331
|---|---|--|
332332
|931100|Critical - 5|Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address|
333333
|931110|Critical - 5|Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload|
334334
|931120|Critical - 5|Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)|
335335
|931130|Critical - 5|Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link|
336336

337337
### <a name="drs932-21"></a> RCE - Remote Command Execution
338-
|Rule ID|Anomaly Score Severity|Description|
338+
|Rule ID|Anomaly score severity|Description|
339339
|---|---|--|
340340
|932100|Critical - 5|Remote Command Execution: Unix Command Injection|
341341
|932105|Critical - 5|Remote Command Execution: Unix Command Injection|
@@ -351,7 +351,7 @@ The following rule groups and rules are available when using Web Application Fir
351351
|932180|Critical - 5|Restricted File Upload Attempt|
352352

353353
### <a name="drs933-21"></a> PHP Attacks
354-
|Rule ID|Anomaly Score Severity|Description|
354+
|Rule ID|Anomaly score severity|Description|
355355
|---|---|--|
356356
|933100|Critical - 5|PHP Injection Attack: Opening/Closing Tag Found|
357357
|933110|Critical - 5|PHP Injection Attack: PHP Script File Upload Found|
@@ -367,12 +367,12 @@ The following rule groups and rules are available when using Web Application Fir
367367
|933210|Critical - 5|PHP Injection Attack: Variable Function Call Found|
368368

369369
### <a name="drs934-21"></a> Node JS Attacks
370-
|Rule ID|Anomaly Score Severity|Description|
370+
|Rule ID|Anomaly score severity|Description|
371371
|---|---|--|
372372
|934100|Critical - 5|Node.js Injection Attack|
373373

374374
### <a name="drs941-21"></a> XSS - Cross-site Scripting
375-
|Rule ID|Anomaly Score Severity|Description|
375+
|Rule ID|Anomaly score severity|Description|
376376
|---|---|--|
377377
|941100|Critical - 5|XSS Attack Detected via libinjection|
378378
|941101|Critical - 5|XSS Attack Detected via libinjection.<br />This rule detects requests with a *Referer* header|
@@ -406,7 +406,7 @@ The following rule groups and rules are available when using Web Application Fir
406406
|941380|Critical - 5|AngularJS client side template injection detected|
407407

408408
### <a name="drs942-21"></a> SQLI - SQL Injection
409-
|Rule ID|Anomaly Score Severity|Description|
409+
|Rule ID|Anomaly score severity|Description|
410410
|---|---|--|
411411
|942100|Critical - 5|SQL Injection Attack Detected via libinjection|
412412
|942110|Warning - 3|SQL Injection Attack: Common Injection Testing Detected|
@@ -451,14 +451,14 @@ The following rule groups and rules are available when using Web Application Fir
451451
|942510|Critical - 5|SQLi bypass attempt by ticks or backticks detected|
452452

453453
### <a name="drs943-21"></a> SESSION-FIXATION
454-
|Rule ID|Anomaly Score Severity|Description|
454+
|Rule ID|Anomaly score severity|Description|
455455
|---|---|--|
456456
|943100|Critical - 5|Possible Session Fixation Attack: Setting Cookie Values in HTML|
457457
|943110|Critical - 5|Possible Session Fixation Attack: SessionID Parameter Name with Off-Domain Referrer|
458458
|943120|Critical - 5|Possible Session Fixation Attack: SessionID Parameter Name with No Referrer|
459459

460460
### <a name="drs944-21"></a> JAVA Attacks
461-
|Rule ID|Anomaly Score Severity|Description|
461+
|Rule ID|Anomaly score severity|Description|
462462
|---|---|--|
463463
|944100|Critical - 5|Remote Command Execution: Apache Struts, Oracle WebLogic|
464464
|944110|Critical - 5|Detects potential payload execution|
@@ -470,7 +470,7 @@ The following rule groups and rules are available when using Web Application Fir
470470
|944250|Critical - 5|Remote Command Execution: Suspicious Java method detected|
471471

472472
### <a name="drs9905-21"></a> MS-ThreatIntel-WebShells
473-
|Rule ID|Anomaly Score Severity|Description|
473+
|Rule ID|Anomaly score severity|Description|
474474
|---|---|--|
475475
|99005002|Critical - 5|Web Shell Interaction Attempt (POST)|
476476
|99005003|Critical - 5|Web Shell Upload Attempt (POST) - CHOPPER PHP|
@@ -479,21 +479,21 @@ The following rule groups and rules are available when using Web Application Fir
479479
|99005006|Critical - 5|Spring4Shell Interaction Attempt|
480480

481481
### <a name="drs9903-21"></a> MS-ThreatIntel-AppSec
482-
|Rule ID|Anomaly Score Severity|Description|
482+
|Rule ID|Anomaly score severity|Description|
483483
|---|---|--|
484484
|99030001|Critical - 5|Path Traversal Evasion in Headers (/.././../)|
485485
|99030002|Critical - 5|Path Traversal Evasion in Request Body (/.././../)|
486486

487487
### <a name="drs99031-21"></a> MS-ThreatIntel-SQLI
488-
|Rule ID|Anomaly Score Severity|Description|
488+
|Rule ID|Anomaly score severity|Description|
489489
|---|---|--|
490490
|99031001|Warning - 3|SQL Injection Attack: Common Injection Testing Detected|
491491
|99031002|Critical - 5|SQL Comment Sequence Detected|
492492
|99031003|Critical - 5|SQL Injection Attack|
493493
|99031004|Critical - 5|Detects basic SQL authentication bypass attempts 2/3|
494494

495495
### <a name="drs99001-21"></a> MS-ThreatIntel-CVEs
496-
|Rule ID|Anomaly Score Severity|Description|
496+
|Rule ID|Anomaly score severity|Description|
497497
|---|---|--|
498498
|99001001|Critical - 5|Attempted F5 tmui (CVE-2020-5902) REST API Exploitation with known credentials|
499499
|99001002|Critical - 5|Attempted Citrix NSC_USER directory traversal [CVE-2019-19781](https://www.cve.org/CVERecord?id=CVE-2019-19781)|

0 commit comments

Comments
 (0)