Versions (8)
Version DetailsCurrent
Rev: 4 • Sep 25, 2025, 2:40 PMSUSPICIOUS [PTsecurity] MKCOL method in HTTP Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"SUSPICIOUS [PTsecurity] MKCOL method in HTTP Request"; flow:established, to_server; urilen:>2; http.method; content:"MKCOL"; startswith; threshold:type limit, track by_src, seconds 300, count 1; reference:url, app.any.run/tasks/cdb665b2-f591-4fa6-9e70-478d01d1ee96/; reference:url, rules.ptsecurity.com; classtype:misc-activity; sid:10008219; rev:4;)
Sep 25, 2025, 2:40 PM
Mar 11, 2026, 1:48 PM
Oct 16, 2025, 10:34 AM
May 15, 2026, 1:35 PM
rules/ptopen-info.rules