We've updated the Wallam platform to support filtering for 282 additional known vulnerabilities in the Attacks section.

When Wallarm detects an attack, the platform attempts to identify whether the attack is attempting to exploit a known vulnerability (CVE) in a specific software component. The decision is made based on the request structure, malicious payload, parameter names, metadata, and more. The updates released in Q1 2024 included new attribution rules for 282 vulnerabilities (CVEs), the majority of which are notable, recent, or widely exploited vulnerabilities observed among all Wallarm traffic. 

Wallarm users are able to find exploitation attempts of a specific vulnerability by simply typing the CVE identifier in the “CVEs and Exploits” search field in the Attacks section of the Wallarm Console.

Searching for a specific vulnerability allows users to identify attacks on their infrastructure using recently published exploits. It may also be useful for conducting a retrospective analysis during the incident investigation process.

The following example demonstrates searching for exploitation of Auth Bypass in TeamCity (CVE-2024-27198).

As of this update, Wallarm users are currently able to search for 1505 vulnerabilities.