You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/waf/detections/leaked-credentials/get-started.mdx
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -99,6 +99,8 @@ To check for leaked credentials in a way that is not covered by the default conf
99
99
| URL-encoded form |`url_decode(http.request.body.form["user"][0])`<br/>`url_decode(http.request.body.form["secret"][0])`|
100
100
| Multipart form |`url_decode(http.request.body.multipart["user"][0])`<br/>`url_decode(http.request.body.multipart["secret"][0])`|
101
101
102
+
Refer to the [`lookup_json_string()`](/ruleset-engine/rules-language/functions/#lookup_json_string) and [`url_decode()`](/ruleset-engine/rules-language/functions/#url_decode) documentation for more information on these functions.
103
+
102
104
5. Select **Save**.
103
105
104
106
</TabItem> <TabItemlabel="API">
@@ -122,6 +124,8 @@ This pair of lookup expressions (for username and password) will scan incoming H
122
124
{"user":"<username>", "secret":"<password>"}
123
125
```
124
126
127
+
Refer to the [`lookup_json_string()`](/ruleset-engine/rules-language/functions/#lookup_json_string) documentation for more information on this function.
128
+
125
129
</TabItem> </Tabs>
126
130
127
131
You only need to provide an expression for the username in custom detection locations.
0 commit comments