Security Hub

Bring your software development workflows to security

icon-targeted

Targeted attack

Signals & Triggers

On request
If an IP has performed malicious requests

Actions

  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Once an attacker managed to breach your system, it’s probably too late to take countermeasures. While Sqreen protects your application against the riskiest vulnerabilities, an attacker may find business logic flaws that allow to perform non-authorized actions.

Sqreen detects when an attacker starts to fingerprint an application and leaks information about your application stack.

By collecting and correlating various signals, this plugin will raise the red flag as soon as an actor starts to perform unusual activities.

Advanced details

Every 15 minutes, we look back at IP activity for the last 24 hours:

  • the number of malicious requests (security scanners, bots, injections attempts matched by OWASP CRS)
  • the total number of authentications
  • the number of failed authentications

For each IP activity history we check:

  • If malicious requests were performed
  • For an important ratio of failed authentications
  • Hints of non automated activity

If the signals keep repeating during a period of time (long enough not to be an automated scan) we raise the trigger.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

  • Authentications (Sqreen SDK)

On attack
  • Malicious requests
  • Attacker IP
  • Attacker account (Sqreen SDK)

Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo