ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan

SID: 2010089Rev: 72 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedAugust 6, 2020
Classificationattempted-recon
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan"; flow:established,to_server; http.user_agent; content:"security"; nocase; content:"scan"; nocase; distance:0; classtype:attempted-recon; sid:2010089; rev:7; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, confidence Medium, signature_severity Major, tag User_Agent, updated_at 2020_08_06;)

Metadata

affected productAny
attack targetClient_Endpoint
created at2010_07_30
deploymentPerimeter
confidenceMedium
signature severityMajor
tagUser_Agent
updated at2020_08_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!