Rule History

SID: 3306862 • Source: pawpatrules

Versions (5)

Version DetailsCurrent

Rev: 7 • Apr 29, 2024, 12:00 PM

Message:

🐾 - 🚨 Over 50MB uploaded via TLS to public IP address - Possible data exfiltration 🚱

Rule:

alert tls any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Over 50MB uploaded via TLS to public IP address - Possible data exfiltration 🚱"; requires:version >= 8; flow:to_server, stateless; threshold:type both, track by_src,count 1, seconds 60; flow.bytes_toserver:>=50000000; metadata:created_at 2024_04_29, updated_at 2024_06_04; sid:3306862; rev:7; classtype:policy-violation;)

Created:

Apr 29, 2024, 12:00 PM

Updated:

Jun 4, 2024, 12:00 PM

DB Created:

Apr 29, 2024, 10:00 PM

DB Updated:

May 29, 2025, 11:12 PM

Filename:

rules/PAW-PATRULES_LEAKS.rules