sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

feat: SAP Netweaver CVE-2025-31324 Potential Exploitation

Open swachchhanda000 opened this issue 8 months ago • 2 comments

Summary of the Pull Request

SAP Netweaver CVE-2025-31324 Potential Exploitation

Changelog

new: Potential SAP NetWeaver Webshell Creation - Linux new: Potential SAP NetWeaver Webshell Creation new: Suspicious Child Process of SAP NetWeaver - Linux new: Suspicious Child Process of SAP NetWeaver

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

swachchhanda000 avatar Apr 28 '25 11:04 swachchhanda000

Why not use /j2ee/cluster/apps/sap.com/irj/servlet_jsp/irj/ for the path ?

frack113 avatar Apr 28 '25 15:04 frack113

Why not use /j2ee/cluster/apps/sap.com/irj/servlet_jsp/irj/ for the path ?

Done

swachchhanda000 avatar Apr 29 '25 08:04 swachchhanda000