Note: Please refer to the following before installing the solution:

• Review the solution Release Notes.
  
• There may be known issues pertaining to this Solution.

The Web Shells Threat Protection solution contains security content that helps proactive and reactive detection of Web Shells used by attackers. Web Shells are malicious scripts that attackers use to compromise internet facing servers. These are commonly used as a backdoor into the targeted web applications and servers. Microsoft Security Research has highlighted the threat, usage and detection of Web Shells in an enterprise environment in the following blogs:

• Web shell attacks continue to rise

• Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Pre-requisites:

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

1. Microsoft Defender XDR

2. Windows Security Events

3. Azure Web Application Firewall

Keywords: WebDAV, SysAid, Mercury, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, SUPERNOVA, SpringShell, CVE-2022-22965

Analytic Rules: 3, Hunting Queries: 6

Learn more about Microsoft Sentinel | Learn more about Solutions