`HTTP` Namespace¶

Namespace: HTTP.

class zlogging.enum.HTTP.Tags(value)[source]

Bases: IntFlag

Enum: HTTP::Tags.

Indicate a type of attack or compromise in the record to be logged.

See also

base/protocols/http/main.zeek

EMPTY = 1: Placeholder.

URI_SQLI = 2: (present if policy/protocols/http/detect-sqli.zeek is loaded) Indicator of a URI based SQL injection attack.

POST_SQLI = 4: (present if policy/protocols/http/detect-sqli.zeek is loaded) Indicator of client body based SQL injection attack. This is typically the body content of a POST request. Not implemented yet.

COOKIE_SQLI = 8: (present if policy/protocols/http/detect-sqli.zeek is loaded) Indicator of a cookie based SQL injection attack. Not implemented yet.

Fork me on GitHub