Rule History

alert dns any any -> $EXTERNAL_NET any (msg:"ET INFO Abused File Sharing/CRM Platform in DNS Lookup (pipedrive-files-*-pipedrive .com .s3 .* .amazonaws .com)"; dns.query; content:"pipedrive-files-"; startswith; pcre:"/^[a-z]{3}-\d{1,2}/R"; content:"-pipedrive-com.s3"; within:24; fast_pattern; content:".amazonaws.com"; endswith; classtype:misc-activity; sid:2052705; rev:1; metadata:affected_product Any, attack_target Client_and_Server, tls_state plaintext, created_at 2024_05_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Informational, tag TA_Abused_Service, updated_at 2024_05_16;)