IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Web Application Suspicious Activity: POST Request Declined Web Application Suspicious Activity: sqlmap User Agent »
Elastic Docs Elastic Security Solution [8.8] Detections and alerts Prebuilt rule reference

Web Application Suspicious Activity: Unauthorized Method

edit

Web Application Suspicious Activity: Unauthorized Method

edit

A request to a web application returned a 405 response, which indicates the web application declined to process the request because the HTTP method is not allowed for the resource.

Rule type: query

Rule indices:

  • apm--transaction
  • traces-apm*

Severity: medium

Risk score: 47

Runs every: 5m

Searches indices from: None (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 100

References:

Tags:

  • Data Source: APM

Version: 102

Rule authors:

  • Elastic

Rule license: Elastic License v2

Rule query

edit
http.response.status_code:405
« Web Application Suspicious Activity: POST Request Declined Web Application Suspicious Activity: sqlmap User Agent »