Last reviewed:
Sigma rule outputs from CloudSigma rendered into Splunk queries against the ModSecurity schema. Every rule is mapped to MITRE ATT&CK and validated against its dialect.
| Technique | Rule | Severity | Log source |
|---|---|---|---|
| T1110 | Brute Force on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
| T1190 | Exploit Public-Facing Application on ModSecurity | medium | ModSecurity |
We are not embedding an example rule on this page yet. The rule corpus for this source is still being reviewed against a13e's public embed bar. CloudSigma can generate Sigma rules from CVE advisories, vulnerability disclosures and security research; generate a Splunk-targeted rule there, review it against your local telemetry, then deploy it in your SIEM.