Kraken HTTP Rule
Kraken HTTP Rule provides HTTP intrusion pattern matching engine and rules. It uses XML-RPC for pattern update and download latest rules from NCHOVY internet storm center.
HTTP Rule Engine Interface
public interface HttpRuleEngine extends RuleEngine {
Collection<HttpRequestRule> getRequestRules();
Collection<HttpRequestRule> getRequestRules(String id);
Collection<HttpResponseRule> getResponseRules();
Collection<HttpResponseRule> getResponseRules(String id);
Collection<HttpRequestRule> matchAll(HttpRequestContext req);
HttpRequestRule match(HttpRequestContext req);
Collection<HttpResponseRule> matchAll(HttpRequestContext req, HttpResponseContext resp);
HttpResponseRule match(HttpRequestContext req, HttpResponseContext resp);
}
Message Bus Call
- Get Request Rules
- Request
org.krakenapps.rule.http.msgbus.HttpRulePlugin.getRequestRules { } - Response
{ "rules": [ { "id": "NCHOVY-2010-0027", "references": [ "http://www.exploit-db.com/exploits/11997/" ], "path": "index.php", "cve_names": [ "CVE-2010-1873" ], "type": "lfi", "msg": "Joomla Component Jvehicles Local File Inclusion" }, { "id": "NCHOVY-2010-0001", "references": [ "http://www.exploit-db.com/exploits/11785/" ], "path": "index.php", "cve_names": [], "type": "lfi", "msg": "Joomla Component com_ckforms Multiple Vulnerabilities" }, { "id": "NCHOVY-2010-0008", "references": [ "http://www.exploit-db.com/exploits/12177/" ], "path": "index.php", "cve_names": [ "CVE-2010-1722" ], "type": "lfi", "msg": "Joomla Component Online Market com_market Local File Inclusion Vulnerability" }, ... }
- Request
