{"_id":"57c8219d59cd4b0e00b888d1","project":"55db8f8f1a91690d007ad975","githubsync":"","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"57d9b91cda17c30e003897f4","project":"55db8f8f1a91690d007ad975","__v":0,"version":"55db8f901a91690d007ad978","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:52.969Z","from_sync":false,"order":5,"slug":"suspicious-behavior","title":"Suspicious Behavior"},"__v":1,"parentDoc":null,"user":"56688ec8ee1dbf0d008f62ae","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-09-01T12:39:57.389Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"Suspicious Behavior threats monitor traffic into the application and framework signals that can indicate suspicious user behavior like running a known exploitation tool, or vulnerability scanner, or targeting specific known vulnerabilities of the high [CVSS (Common Vulnerability Scoring System)](https://nvd.nist.gov/cvss.cfm) score. \n\nThis group of threats includes:\n  * [Suspicious HTTP Header](doc:suspicious-http-header) \n  * [Shellshock](doc:shellshock) \n  * [Cookie Tampering](doc:cookie-tampering) \n  * [CSRF Tampering](doc:csrf-tampering) \n  * [HTTP Method Tampering](doc:http-method-tampering) \n  * Suspicious Exception\n  * Automation Attack\n  * [Excessive 40Xs](doc:excessive-40xs) \n  * [Excessive 50Xs](doc:excessive-50xs)","excerpt":"","slug":"suspicious-behavior-group","type":"basic","title":"Overview"}
Suspicious Behavior threats monitor traffic into the application and framework signals that can indicate suspicious user behavior like running a known exploitation tool, or vulnerability scanner, or targeting specific known vulnerabilities of the high [CVSS (Common Vulnerability Scoring System)](https://nvd.nist.gov/cvss.cfm) score. This group of threats includes: * [Suspicious HTTP Header](doc:suspicious-http-header) * [Shellshock](doc:shellshock) * [Cookie Tampering](doc:cookie-tampering) * [CSRF Tampering](doc:csrf-tampering) * [HTTP Method Tampering](doc:http-method-tampering) * Suspicious Exception * Automation Attack * [Excessive 40Xs](doc:excessive-40xs) * [Excessive 50Xs](doc:excessive-50xs)