|
Due to a flaw in the Actuator endpoint of Spring Cloud Gateway, when a user enables and exposes an insecure Gateway Actuator endpoint, Applications using Spring Cloud Gateway are vulnerable to code injection attacks.
Unauthenticated attackers can achieve remote code execution by sending specially crafted SpEL expressions to the target system for injection.
What is included in Fortinet_FortiSIEM_Sysrv-K_Botnet.zip?
- A FortiSIEM Rule to help with detection.
- A FortiSIEM Report to help with historical reporting.
1) Use Fortinet_FortiSIEM_Sysrv-K_Botnet_Reports_v1.xml as the file to import the Reports.
- Navigate to Resource / Reports.
- It is recommended to create a new group under Resource / Reports / Security called 'Sysrv-K Botnet' and import reports to this group.
- Select the Import option under More.
- Select Fortinet_FortiSIEM_Sysrv-K_Botnet_Reports_v1.xml and import.
2) Use Fortinet_FortiSIEM_Sysrv-K_Botnet_Rules_v1.xml as the file to import the Rules.
- Navigate to Resource / Rules.
- It is recommended to create a new group under Resource / Rules / Security / Threat Hunting is created called 'Sysrv-K Botnet' and import the rules to this group.
- Select the Import.
- Select Fortinet_FortiSIEM_Sysrv-K_Botnet_Rules_v1.xml and import.
- Select the Import.
- Select Fortinet_FortiSIEM_Sysrv-K_Botnet_Rules_v1.xml and import.
- Validate that these Rules are enabled.
FortiSIEM provides content packs for easy installation of these Rules and Reports:
FortiSIEM version 6.4.0 https://help.fortinet.com/fsiem/6-4-0/Online-Help/HTML5_Help/content_updates.htm#Content7
FortiSIEM version 6.5.0 https://help.fortinet.com/fsiem/6-5-0/Online-Help/HTML5_Help/content_updates.htm#Content
|
