Skip to content

[New Rule] AWS security agent detection #6155

Description

@marcopedrinazzi

Description

Hello, I'd like to propose a detection that buils on this https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents

Image

The detection as suggested in based on the user agent securityagent and it could target WAF logs but also webserver logs.

user_agent.original : "*securityagent*"

Target Ruleset

None

Target Rule Type

None

Tested ECS Version

No response

Query

No response

New fields required in ECS/data sources for this rule?

No response

Related issues or PRs

No response

References

https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html#can-i-protect-my-website-from-being-pentested-by-ai-agents

Redacted Example Data

No response

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions