IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Web Application Suspicious Activity: POST Request Declined
editWeb Application Suspicious Activity: POST Request Declined
editA POST request to a web application returned a 403 response, which indicates the web application declined to process the request because the action requested was not allowed.
Rule type: query
Rule indices:
- apm--transaction
- traces-apm*
Severity: medium
Risk score: 47
Runs every: 5m
Searches indices from: None (Date Math format, see also Additional look-back time
)
Maximum alerts per execution: 100
References:
Tags:
- Elastic
- APM
Version: 8
Rule authors:
- Elastic
Rule license: Elastic License v2
Rule query
edithttp.response.status_code:403 and http.request.method:post