Splunk Security Essentials Docs

Navigation :

Potential Webshell Activity

Description

Triggered when an internal webserver is accessed from an outside source.

Content Mapping

This content is not mapped to any local saved search. Add mapping

Use Case

Application Security

Category

Web Attack

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Persistence

MITRE ATT&CK Techniques

Web Shell

Data Sources

Web Server