NAME

ThreatDetector::Classifier - Threat classification engine for parsed Apache log entries

SYNOPSIS

use ThreatDetector::Classifier;

my @threats = ThreatDetector::Classifier::classify($entry);

DESCRIPTION

This module analyzes structured Apache log entries (as hashrefs) and classifies them into one or more known web threat categories. The output is a list of threat types for further processing by the dispatcher.

FUNCTIONS

classify($entry)

Takes a hashref representing a parsed log entry (from Parser.pm) and returns a list of matching threat types. Returns an empty list if no known threats are found.

any_match($text, @patterns)

Internal utility function. Returns true if any regex in @patterns matches $text.

THREAT TYPES RETURNED

sql_injection
client_error
command_injection
directory_traversal
xss_attempt
encoded_payload
scanner_fingerprint
http_method_abuse

Future versions may include:

rate_burst
login_bruteforce
header_abuse

AUTHOR

Jason Hall <jason.kei.hall@gmail.com>

To install ThreatDetector, copy and paste the appropriate command in to your terminal.

cpanm

cpanm ThreatDetector

CPAN shell

perl -MCPAN -e shell
install ThreatDetector

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)