PATH TRAVERSAL
This searches for common path traversal and open redirect vulnerabilities along with the resources an attacker is trying to access.
SPLUNK> Search & Reporting
SPL: sourcetype=web_traffic client_ip="<REDACTED>" AND path="*..*" OR path="*redirect*"
DTG: All time
TAB: EventsThis search query is filtering on the paths that contain either ../../ or the term redirect. This is done to look for footprints of path traversal attempts (../../).
SPLUNK> Search & Reporting
SPL: sourcetype=web_traffic client_ip="<REDACTED>" AND path="*..\/..\/*" OR path="*redirect*" | stats count by path
DTG: All time
TAB: Statistics Last updated