SOC166 EventID:116 — Javascript Code Detected in Requested URL — letsdefend.io

SOC166 EventID:116 — Javascript Code Detected in Requested URL — letsdefend.io

Before starting our investigation, let’s take a look at the provided alert report below.

EventID                :116
Event Time             :Feb, 26, 2022, 06:56 PM
Rule                   :SOC166 - Javascript Code Detected in Requested URL
Level                  :Security Analyst
Hostname               :WebServer1002
Destination IP Address :172.16.17.17
Source IP Address      :112.85.42.13
HTTP Request Metho     :GET
Requested URL          :https://172.16.17.17/search/?q=<$script>javascript:$alert(1)<$/script>
User-Agent             :Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
Alert Trigger Reason   :Javascript code detected in URL …

blue team cybersecurity letsdefendio soc soc analyst