Versions (4)
Version DetailsCurrent
Rev: 5 • Feb 18, 2024, 12:00 PM🐾 - 🚨 Over 10MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration 🚱
alert ssh any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Over 10MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration 🚱"; requires: version >= 8; flow:to_server, established; threshold: type both, track by_src,count 1, seconds 60; flow.bytes_toserver:>=10000000; metadata:created_at 2024_02_18, updated_at 2024_06_04; sid:3301136; rev:5; classtype:policy-violation;)
Feb 18, 2024, 12:00 PM
Jun 4, 2024, 12:00 PM
Feb 21, 2024, 4:00 PM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_LEAKS.rules