Create django-framework-exceptions.yaml

file/logs/django-framework-exceptions.yaml

@@ -0,0 +1,33 @@
+id: django-framework-exceptions
+
+info:
+  name: Django Framework Exceptions
+  description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
+  author: geeknik
+  reference:
+    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
+    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
+  severity: medium
+  tags: file,logs,django
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        name: exception
+        part: body
+        regex:
+          - 'SuspiciousOperation'
+          - 'DisallowedHost'
+          - 'DisallowedModelAdminLookup'
+          - 'DisallowedModelAdminToField'
+          - 'DisallowedRedirect'
+          - 'InvalidSessionKey'
+          - 'RequestDataTooBig'
+          - 'SuspiciousFileOperation'
+          - 'SuspiciousMultipartForm'
+          - 'SuspiciousSession'
+          - 'TooManyFieldsSent'
+          - 'PermissionDenied'