Versions (3)
Version DetailsCurrent
Rev: 2 • Jan 28, 2022, 12:00 PMET INFO Apache Spark RPC - Auth Request (set)
alert tcp-pkt any any -> $HOME_NET any (msg:"ET INFO Apache Spark RPC - Auth Request (set)"; flow:established,to_server; flowbits:set,ET.ApacheSpark_AuthAttempted; flowbits:noalert; content:"sparkSaslUser|00 00 00 00|"; endswith; classtype:not-suspicious; sid:2035002; rev:2; metadata:attack_target Server, created_at 2022_01_28, deployment Internal, deployment Datacenter, confidence High, signature_severity Informational, updated_at 2022_01_28;)
Jan 28, 2022, 12:00 PM
Jan 28, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-info.rules