Rule History

SID: 10008218 • Source: ptrules/open

Versions (3)

Rev: 4

May 15, 2026, 1:35 PM

Current

Rev: 4

Oct 16, 2025, 10:34 AM

Archived

Rev: 3

Jan 28, 2025, 4:34 PM

Archived

Version Details

Rev: 3 • Jan 24, 2025, 10:35 AM

Message:

SUSPICIOUS [PTsecurity] PROPFIND method in http request

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"SUSPICIOUS [PTsecurity] PROPFIND method in http request"; flow:established, to_server; urilen:>2; content:"PROPFIND"; startswith; http.header; content:"Connection|3a| Keep-Alive|0d 0a|User-Agent|3a| Microsoft-WebDAV-MiniRedir"; content:"Content-Length|3a| 0"; threshold:type limit, track by_src, seconds 300, count 1; reference:url, app.any.run/tasks/cdb665b2-f591-4fa6-9e70-478d01d1ee96/; reference:url, rules.ptsecurity.com; classtype:misc-activity; sid:10008218; rev:3;)

Created:

Jan 24, 2025, 10:35 AM

Updated:

Jan 24, 2025, 10:35 AM

DB Created:

Jan 28, 2025, 4:34 PM

DB Updated:

Jan 28, 2025, 4:34 PM

Archived:

May 30, 2025, 5:56 PM