Tags

Tag groups

Updated: September 15, 2025

Tags

Tag Groups

Specific grouping of FireTail tags. Tag colors indicate relevance to security posture.

SQL Injection detected in logs

Display NameDescriptionTag KeyColor
SQL injection presentTags if a SQL injection is presentsql_injectionred
SQL injection present in headerSQL injection present in headersql_injection_headerred
SQL injection present in headerSQL injection present in headersql_injection_headersred
SQL injection present in bodyA SQL injection is present in bodysql_injection_bodyred
GraphQL variable with SQL injection presentA SQL injection exists in graphql variablegraphql_variable_sql_injectionred
SQL injection in GraphQLTags if SQL injection in GraphQLgraphql_sql_injectionred

PII detected in logs

Display NameDescriptionTag KeyColor
Request contains PII dataThis tag is used to identify requests with PII data.piired
PII: Credit Card NumberThis tag is used to identify credit card numbers.pii_credit_cardred
PII: Credit Card NumberThis tag is used to identify AMEX credit card numbers.pii_credit_card_amexred
PII: Credit Card NumberThis tag is used to identify BC Global credit card numbers.pii_credit_card_bcglobalred
PII: Credit Card NumberThis tag is used to identify Diners credit card numbers.pii_credit_card_dinersred
PII: Credit Card NumberThis tag is used to identify Discover credit card numbers.pii_credit_card_discoverred
PII: Credit Card NumberThis tag is used to identify JCB credit card numbers.pii_credit_card_jcbred
PII: Credit Card NumberThis tag is used to identify Maestro credit card numbers.pii_credit_card_maestrored
PII: Credit Card NumberThis tag is used to identify MasterCard credit card numbers.pii_credit_card_mastercardred
PII: Credit Card NumberThis tag is used to identify Union Pay credit card numbers.pii_credit_card_union_payred
PII: Credit Card NumberThis tag is used to identify VISA credit card numbers.pii_credit_card_visared
PII: Email address presentAn email address is present in requestpii_email_addressred
PII: Email address present in inputAn email address is present in message inputpii_email_address_in_inputred
PII: Email address present in outputAn email address is present in message outputpii_email_address_in_outputred
Request contains a banking IBAN numberTag if the request contains a banking IBAN numberpii_bank_account_numberred

Malicious requests in logs

Display NameDescriptionTag KeyColor
The request is maliciousThe request is maliciousmaliciousorange

Suspicious requests in logs

Display NameDescriptionTag KeyColor
Request path contains an IPv4 addressRequest path contains an IPv4 address, which is often associated with suspicious activity.ipv4_in_pathred
Request path contains non-standard charactersRequest path contains non-standard characters (e.g., emojis, special characters), which may indicate suspicious activity.nonstandard_characters_in_pathred
Request path contains 'zhttpd'Request path contains 'zhttpd', which is often associated with suspicious activity.zhttpd_in_pathred
The request is suspiciousThe request is suspicioussuspiciousred

Secret keys detected in logs

Display NameDescriptionTag KeyColor
Request contains a MailChimp API KeynTag if the request contains a MailChimp API Keysecret_mailchimp_api_keyred
Request contains an AWS Secret Access KeyTag if the request contains an AWS Secret Access Keysecret_aws_keyred
Request contains an AWS MWS Auth TokenTag if the request contains an AWS MWS Auth Tokensecret_aws_mws_auth_tokenred
Request contains a Meta (Facebook) Access TokenTag if the request contains a Meta (Facebook) Access Tokensecret_facebook_access_tokenred
Request contains a Github Personal Access TokenTag if the request contains a Github Personal Access Tokensecret_gitlab_patred
Request contains a Gitlab Trigger TokenTag if the request contains a Gitlab Trigger Tokensecret_gitlab_trigger_tokenred
Request contains a Gitlab Runner Registration TokenTag if the request contains a Gitlab Runner Registration Tokensecret_gitlab_runner_registration_tokenred
Request contains a Google API KeyTag if the request contains a Google API Keygoogle_api_keyred
Request contains a Google OAuth TokenTag if the request contains a Google OAuth Tokengoogle_oauth_tokenred
Request contains a Google OAuth Access TokenTag if the request contains a Google OAuth Access Tokengoogle_oauth_access_tokenred
Request contains a MailGun API KeynTag if the request contains a MailGun API Keysecret_mailgun_api_keyred
Request contains a PayPal Braintree Access TokenTag if the request contains a PayPal Braintree Access Tokensecret_paypal_braintree_access_tokenred
Request contains a Picatic API KeyTag if the request contains a Picatic API Keysecret_picatic_api_keyred
Request contains a SendGrid API KeyTag if the request contains a SendGrid API Keysecret_sendgrid_api_keyred
Request contains a Slack TokenTag if the request contains a Slack Tokensecret_slack_tokenred
Request contains a Slack WebhookTag if the request contains a Slack Webhooksecret_slack_webhookred
Request contains a Square Access TokenTag if the request contains a Square Access Tokensecret_square_access_tokenred
Request contains a Stripe API KeyTag if the request contains a Stripe API Keystripe_api_keyred
Request contains a Twilio API KeyTag if the request contains a Twilio API Keytwilio_api_keyred
Request contains an AWS Bedrock API KeyThe request contains an AWS Bedrock API Keybedrock_api_keyred

Weak auth detected in logs

Display NameDescriptionTag KeyColor
Request contains basic authenticationRequest contains basic authenticationbasic_authred
API key authenticationRequest contains API key authenticationapi_key_authorange

Need help?

Contact FireTail support

Previous (Tags)
All tags
Next (Findings)
FireTail's Findings