Web Application Suspicious Activity: POST Request Declined

edit

Web Application Suspicious Activity: POST Request Declined

edit

A POST request to a web application returned a 403 response, which indicates the web application declined to process the request because the action requested was not allowed.

Rule type: query

Rule indices:

  • apm--transaction
  • traces-apm*

Severity: medium

Risk score: 47

Runs every: 5m

Searches indices from: None (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 100

References:

Tags:

  • Elastic
  • APM

Version: 8

Rule authors:

  • Elastic

Rule license: Elastic License v2

Rule query

edit
http.response.status_code:403 and http.request.method:post