Web Attack Detection
Web log detection lab — flags SQL injection, XSS, suspicious user agents, scanner activity, and risk-scored request summaries from nginx access logs.
Parses nginx combined access logs and flags common web attacks: SQL injection patterns, XSS payloads, scanner-style user agents, sensitive path probing, and high-rate request bursts. JSON findings, IP risk table, Markdown report, triage handoff.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Port Scan LabSecurity project· Demo ready
Detection lab for identifying Nmap-style port scan and reconnaissance activity from firewall logs.
- SSH Brute-Force DetectorSecurity project· Demo ready
Linux auth log detector for repeated SSH failed-login attacks — scores brute-force activity per source IP and emits actionable alerts.
- CSP GuardianSecurity project· Demo ready
Website security header and iframe policy analyzer — inspects CSP, X-Frame-Options, cookies, CORS, and HSTS to flag clickjacking, XSS, and framing risks.
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
Want a heads-up when Web Attack Detection releases?