template_name: "Web Application Attack Detection"
description: "Detects web application attacks based on PoC exploit indicators"
applicable_product_patterns:
  - "web"
  - "http"
  - "apache"
  - "nginx"
  - "iis"
template_content: |
  title: {{TITLE}}
  id: {{RULE_ID}}
  status: experimental
  description: {{DESCRIPTION}}
  author: CVE-SIGMA Auto Generator
  date: {{DATE}}
  references:
  {{REFERENCES}}
  tags:
  {{TAGS}}
  logsource:
      category: webserver
  detection:
      selection:
          cs-uri-query|contains:
  {{URLS}}
      selection_user_agent:
          cs-user-agent|contains:
  {{COMMANDS}}
      condition: selection or selection_user_agent
  falsepositives:
      - Legitimate web application usage
      - Security scanners
  level: {{LEVEL}}