{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"results":{"codes":[]},"settings":""},"next":{"description":"","pages":[]},"title":"Overview","type":"basic","slug":"suspicious-behavior-group","excerpt":"","body":"Suspicious Behavior threats monitor traffic into the application and framework signals that can indicate suspicious user behavior like running a known exploitation tool, or vulnerability scanner, or targeting specific known vulnerabilities of the high [CVSS (Common Vulnerability Scoring System)](https://nvd.nist.gov/cvss.cfm) score. \n\nThis group of threats includes:\n  * [Suspicious HTTP Header](doc:suspicious-http-header) \n  * [Shellshock](doc:shellshock) \n  * [Cookie Tampering](doc:cookie-tampering) \n  * [CSRF Tampering](doc:csrf-tampering) \n  * [HTTP Method Tampering](doc:http-method-tampering) \n  * Suspicious Exception\n  * Automation Attack\n  * [Excessive 40Xs](doc:excessive-40xs) \n  * [Excessive 50Xs](doc:excessive-50xs)","updates":[],"order":1,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"57c8219d59cd4b0e00b888d1","project":"55db8f8f1a91690d007ad975","githubsync":"","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":false,"is_hidden":false,"is_deprecated":false,"categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"_id":"55db8f901a91690d007ad978","createdAt":"2015-08-24T21:41:36.034Z","project":"55db8f8f1a91690d007ad975","__v":17,"releaseDate":"2015-08-24T21:41:36.034Z"},"category":{"sync":{"isSync":false,"url":""},"pages":[],"title":"Suspicious Behavior","slug":"suspicious-behavior","order":5,"from_sync":false,"reference":false,"_id":"57d9b91cda17c30e003897f4","createdAt":"2016-09-14T20:54:52.969Z","project":"55db8f8f1a91690d007ad975","__v":0,"version":"55db8f901a91690d007ad978"},"__v":1,"createdAt":"2016-09-01T12:39:57.389Z","parentDoc":null,"user":"56688ec8ee1dbf0d008f62ae"}
Suspicious Behavior threats monitor traffic into the application and framework signals that can indicate suspicious user behavior like running a known exploitation tool, or vulnerability scanner, or targeting specific known vulnerabilities of the high [CVSS (Common Vulnerability Scoring System)](https://nvd.nist.gov/cvss.cfm) score. This group of threats includes: * [Suspicious HTTP Header](doc:suspicious-http-header) * [Shellshock](doc:shellshock) * [Cookie Tampering](doc:cookie-tampering) * [CSRF Tampering](doc:csrf-tampering) * [HTTP Method Tampering](doc:http-method-tampering) * Suspicious Exception * Automation Attack * [Excessive 40Xs](doc:excessive-40xs) * [Excessive 50Xs](doc:excessive-50xs)