Description
Hello, I'd like to propose a detection that buils on this https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents
The detection as suggested in based on the user agent securityagent and it could target WAF logs but also webserver logs.
user_agent.original : "*securityagent*"
Target Ruleset
None
Target Rule Type
None
Tested ECS Version
No response
Query
No response
New fields required in ECS/data sources for this rule?
No response
Related issues or PRs
No response
References
https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents
Redacted Example Data
No response
Description
Hello, I'd like to propose a detection that buils on this https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents
The detection as suggested in based on the user agent
securityagentand it could target WAF logs but also webserver logs.user_agent.original : "*securityagent*"Target Ruleset
None
Target Rule Type
None
Tested ECS Version
No response
Query
No response
New fields required in ECS/data sources for this rule?
No response
Related issues or PRs
No response
References
https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents
Redacted Example Data
No response