Techniques
Sample rules
Unusually Long Content-Type Length
- source: splunk
- technicques:
Description
This search looks for unusually long strings in the Content-Type http header that the client sends the server.
Detection logic
`stream_http`
| eval cs_content_type_length = len(cs_content_type)
| where cs_content_type_length > 100
| table endtime src_ip dest_ip cs_content_type_length cs_content_type url
| `unusually_long_content_type_length_filter`