Skip to content

Commit a1dd2ca

Browse files
terrancedejesusterrancedejesus
committed
added references
1 parent 8c05564 commit a1dd2ca

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

rules/network/execution_potential_rce_via_toolshell.toml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,12 @@ language = "kuery"
1515
license = "Elastic License v2"
1616
max_signals = 10
1717
name = "Potential VIEWSTATE RCE Attempt on SharePoint/IIS"
18+
reference = [
19+
"https://research.eye.security/sharepoint-under-siege/",
20+
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771",
21+
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770",
22+
"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/"
23+
]
1824
risk_score = 73
1925
rule_id = "99c9af5a-67cf-11f0-b69e-f661ea17fbcd"
2026
setup = """

rules/network/initial_access_potential_toolshell_exploit_attempt.toml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,12 @@ language = "kuery"
1919
license = "Elastic License v2"
2020
max_signals = 10
2121
name = "Potential Toolshell Initial Exploit (CVE-2025-53770 & CVE-2025-53771)"
22+
reference = [
23+
"https://research.eye.security/sharepoint-under-siege/",
24+
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771",
25+
"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770",
26+
"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/"
27+
]
2228
risk_score = 47
2329
rule_id = "6e4f6446-67ca-11f0-a148-f661ea17fbcd"
2430
setup = """

0 commit comments

Comments
 (0)