From 326f4666fcecc0225655abf708516341ee90f132 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 11 Jul 2023 18:10:42 +0530
Subject: [PATCH 1/2] Create prometheus-promtail.yaml

---
 .../misconfiguration/prometheus-promtail.yaml | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 http/misconfiguration/prometheus-promtail.yaml

diff --git a/http/misconfiguration/prometheus-promtail.yaml b/http/misconfiguration/prometheus-promtail.yaml
new file mode 100644
index 00000000000..55eac3c9c4a
--- /dev/null
+++ b/http/misconfiguration/prometheus-promtail.yaml
@@ -0,0 +1,33 @@
+id: prometheus-promtail
+
+info:
+  name: Prometheus Promtail - Exposure
+  author: irshad ahamed
+  severity: medium
+  description: |
+    Prometheus Promtail is an agent that gathers log data from various sources, such as files or systemd journal.
+  reference:
+    - https://grafana.com/docs/loki/latest/clients/promtail/
+    - https://github.com/grafana/loki/issues/8680
+  metadata:
+    verified: true
+    shodan-query: http.favicon.hash:932345713
+    max-request: 1
+  tags: prometheus,promtail,exposure,misconfig
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/service-discovery"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '>Promtail</a>'
+          - 'https://github.com/grafana/loki'
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 94b2c2688bb08d7a02067acbe18bcac09badbdca Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 12 Jul 2023 17:17:23 +0530
Subject: [PATCH 2/2] Update prometheus-promtail.yaml

---
 http/misconfiguration/prometheus-promtail.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/http/misconfiguration/prometheus-promtail.yaml b/http/misconfiguration/prometheus-promtail.yaml
index 55eac3c9c4a..d40e96ec3c8 100644
--- a/http/misconfiguration/prometheus-promtail.yaml
+++ b/http/misconfiguration/prometheus-promtail.yaml
@@ -10,10 +10,10 @@ info:
     - https://grafana.com/docs/loki/latest/clients/promtail/
     - https://github.com/grafana/loki/issues/8680
   metadata:
+    max-request: 1
     verified: true
     shodan-query: http.favicon.hash:932345713
-    max-request: 1
-  tags: prometheus,promtail,exposure,misconfig
+  tags: misconfig,prometheus,promtail,exposure
 
 http:
   - method: GET