DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to catalog
code injg

General injection attempts

Syndu annotates all incoming traffic and extracts behavioral signals that help explain intent. This page defines the injg signal — what it means, how to interpret it, and how it will later connect to live evidence across IPs, subnets, organizations, ISPs, countries, and cities.

Signal gist Suspicious input patterns consistent with injection-like probing across multiple families.
Read the definition → View live signal sections →

Definition

Canonical reference for injg behavior.
Catalog code
injg
Display name
General injection attempts
How to read this signal
This annotator represents a behavioral pattern, not a claim of identity. It’s designed to help you understand why certain traffic looks suspicious, automated, probing, or exploit-oriented — and to support consistent reporting across the Syndu system.
Explanation
A broad-spectrum injection signal for suspicious input patterns that do not cleanly map to a specific exploit family. This can include odd metacharacters, encoding tricks, and payload fragments that suggest an attempt to influence parsing or evaluation. Treat this as “generic crafted input” and interpret alongside more specific annotators (SQLi, header injection, command injection) when they co-occur.

Live sections

These panels will be wired to real metrics, enrichment context, and drill-down links.
Signal footprint over time
Rolling volume, bursts, first/last seen, and time-window slices (e.g. last hour/day/week). This will help separate chronic background noise from active campaigns.
Coming next: time series + burst markers
Top affected entities
Links to the entities where injg is most present: IPs, subnets, organizations/ASNs, ISPs, and geographies — with “why” context.
Coming next: entity leaderboards + drill-down
Enrichment context
How enrichment affects interpretation: known crawlers, monitored ranges, trusted scanners, or policy exceptions. This is where “benign but noisy” gets separated from “unknown and risky.”
Coming next: enrichment flags + allowlist context