Proxy log
Definition
A record generated by a forward proxy server for each HTTP or HTTPS request made by an internal client. Contains the URL, user-agent string, HTTP method, response code, and bytes exchanged. The primary source for detecting web-based command-and-control and data exfiltration over HTTP.
Related terms
- Anomaly-based IDS
- An intrusion detection system that models normal traffic behaviour and alerts when observed traffic deviates significantly from that baseline. Detects novel attacks...
- Five-tuple
- The five fields that uniquely identify a network flow: source IP address, source port, destination IP address, destination port, and transport protocol...
- Lateral movement
- Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...
- Signature-based IDS
- An intrusion detection system that compares network traffic against a database of known attack patterns (signatures). Snort and Suricata are the dominant...
- True positive / false positive
- A true positive is an alert that correctly identifies malicious activity. A false positive is an alert that fires on legitimate traffic....
Explained in
- Firewall and Intrusion Detection Log AnalysisA record generated by a forward proxy server for each HTTP or HTTPS request made by an internal client. Contains the URL, user-agent string, HTTP method, respo...