Cross-Site Scripting (XSS) attacks are a type in which malicious scripts are injected into trusted websites. In XSS attacks, an attacker uses a benign web application to send malicious code, generally in the form of a browser-side script.
The detection rule identifies the potential malicious executions of such browser-side scripts. The potential damage is seen when the malicious script tries to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Description
Cross-Site Scripting (XSS) attacks are a type in which malicious scripts are injected into trusted websites. In XSS attacks, an attacker uses a benign web application to send malicious code, generally in the form of a browser-side script.
The detection rule identifies the potential malicious executions of such browser-side scripts. The potential damage is seen when the malicious script tries to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Sample Payload Reference: https://github.com/payloadbox/xss-payload-list
Required Info
Target indexes
"apm--transaction", "traces-apm*"
Additional requirements
The below are Mandatory Requirements
Target Operating Systems
Cross Platform. The Rules are Tied to an Integration Setup and Testing done on Linux
Platforms
NA
Tested ECS Version
8.6.0-dev
Optional Info
Query
Example Data