Techniques
Sample rules
F5 BIG-IP iControl Rest API Command Execution - Webserver
- source: sigma
- technicques:
- t1190
Description
Detects POST requests to the F5 BIG-IP iControl Rest API “bash” endpoint, which allows the execution of commands on the BIG-IP
Detection logic
condition: selection
selection:
cs-method: POST
cs-uri-query|endswith: /mgmt/tm/util/bash
F5 BIG-IP iControl Rest API Command Execution - Proxy
- source: sigma
- technicques:
- t1190
Description
Detects POST requests to the F5 BIG-IP iControl Rest API “bash” endpoint, which allows the execution of commands on the BIG-IP
Detection logic
condition: selection
selection:
c-uri|endswith: /mgmt/tm/util/bash
cs-method: POST