template_name: "Web Application Attack Detection" description: "Detects web application attacks based on PoC exploit indicators" applicable_product_patterns: - "web" - "http" - "apache" - "nginx" - "iis" template_content: | title: {{TITLE}} id: {{RULE_ID}} status: experimental description: {{DESCRIPTION}} author: CVE-SIGMA Auto Generator date: {{DATE}} references: {{REFERENCES}} tags: {{TAGS}} logsource: category: webserver detection: selection: cs-uri-query|contains: {{URLS}} selection_user_agent: cs-user-agent|contains: {{COMMANDS}} condition: selection or selection_user_agent falsepositives: - Legitimate web application usage - Security scanners level: {{LEVEL}}