This article describes how to use custom Rules in FortiSIEM to raise incident response related to attacks that attempt to leverage the Apache HTTP Server Path Traversal Vulnerability.

A report is also provided to gain historical visibility into the logs.

The article will be continually updated as more information becomes available.

The Rules and Reports leverage logs from other Fortinet products that can be used to detect the attack in addition to FortiGate logs.

For more information about this attack, see the following FortiGuard Outbreak Alert:
https://fortiguard.fortinet.com/outbreak-alert/apache-path-traversal

1) Use FortiSIEM_Apache_Path_Traversal_CVE_2021_42013_Reports_v1.xml as the file to import the Reports.

- Navigate to Resource/Reports.


- It is recommended to create a new group under Resource/Reports/Security called ‘Apache Path Traversal’ and import reports to this group.
- Select the Import option under More.


- Select FortiSIEM_Apache_Path_Traversal_CVE_2021_42013_Reports_v1.xml and import.

2) Use FortiSIEM_Apache_Path_Traversal_CVE_2021_42013_Rules_v1.xmll as the file to import the Rules.


- Navigate to Resource/Rules.


- It is recommended to create a new group under Resource/Rules/Security/ Threat Hunting is created called 'Apache Path Traversal’ and import the rules to this group.

- Select the Import.
- Select FortiSIEM_Apache_Path_Traversal_CVE_2021_42013_Rules_v1.xml and import.


FortiSIEM provides content packs for easy installation of these Rules and Reports:

What is included in Fortinet_FortiSIEM_Apache_Path_Traversal.zip?


- A FortiSIEM Rule to help with detection.


- A FortiSIEM Report to help with historical reporting.