Versions (8)
Version DetailsCurrent
Rev: 4 • Sep 25, 2025, 2:40 PMSUSPICIOUS [PTsecurity] PROPFIND method in HTTP Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"SUSPICIOUS [PTsecurity] PROPFIND method in HTTP Request"; flow:established, to_server; urilen:>2; http.method; content:"PROPFIND"; startswith; http.header; content:"Connection|3a| Keep-Alive|0d 0a|User-Agent|3a| Microsoft-WebDAV-MiniRedir"; content:"Content-Length|3a| 0"; threshold:type limit, track by_src, seconds 300, count 1; reference:url, app.any.run/tasks/cdb665b2-f591-4fa6-9e70-478d01d1ee96/; reference:url, rules.ptsecurity.com; classtype:misc-activity; sid:10008218; rev:4;)
Sep 25, 2025, 2:40 PM
Mar 11, 2026, 1:48 PM
Oct 16, 2025, 10:34 AM
May 15, 2026, 1:35 PM
rules/ptopen-info.rules