Techniques
Sample rules
Web Application Suspicious Activity: No User Agent
- source: elastic
- technicques:
Description
A request to a web application server contained no identifying user agent string.
Detection logic
url.path:*
LoFP
/
some normal applications and scripts may contain no user agent. most legitimate web requests from the internet contain a user agent string. requests from web browsers almost always contain a user agent string. if the source is unexpected, the user unauthorized, or the request unusual, these may indicate suspicious or malicious activity.A request to a web application server contained no identifying user agent string.
url.path:*