Versions (3)
Version DetailsCurrent
Rev: 1 • Oct 18, 2023, 12:00 PMET SCADA [nsacyber/ELITEWOLF] Schweitzer Engineering Laboraties SEL-2488 Possible Unauthorized Access Attempt - Request for /scripts/dScripts.sel
alert http any any -> $HOME_NET any (msg:"ET SCADA [nsacyber/ELITEWOLF] Schweitzer Engineering Laboraties SEL-2488 Possible Unauthorized Access Attempt - Request for /scripts/dScripts.sel"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/scripts/dScripts.sel"; fast_pattern; reference:url,github.com/nsacyber/ELITEWOLF; classtype:web-application-activity; sid:2048643; rev:1; metadata:affected_product Schweitzer_Engineering_Laboratories_SEL_Series, attack_target ICS, created_at 2023_10_18, deployment Perimeter, deployment Internal, performance_impact Low, confidence Low, signature_severity Minor, updated_at 2023_10_18; target:dest_ip;)
Oct 18, 2023, 12:00 PM
Oct 18, 2023, 12:00 PM
Oct 18, 2023, 10:00 PM
Oct 18, 2023, 10:00 PM
rules/emerging-scada.rules