kqlElastic-2.0from elastic/detection-rules
React2Shell Network Security Alert
Quality
92
FP risk
—
Forks
0
Views
0
Rule sourcerules/network/initial_access_react_server_rce_network_alerts.toml
(data_stream.dataset:"cisco_ftd.log" and message:"SERVER-WEBAPP React Server Components remote code execution attempt") or
(data_stream.dataset:"fortinet_fortigate.log" and message:"applications3: React.Server.Components.react-flight.Remote.Code.Execution") or
(data_stream.dataset:"panw.panos" and event.action:"exploit_detected" and event.original :*React*Server*) or
(data_stream.dataset:("suricata_corelight" or "suricata.eve") and rule.name:*CVE-2025-55182*)