alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Vega Web Application Scan"; flow:established,to_server; threshold:type limit, track by_src, count 5, seconds 40; http.user_agent; content:"Vega/"; reference:url,www.subgraph.com/products.html; reference:url,www.darknet.org.uk/2011/07/vega-open-source-cross-platform-web-application-security-assessment-platform/; classtype:attempted-recon; sid:2013249; rev:4; metadata:created_at 2011_07_11, confidence Medium, signature_severity Informational, updated_at 2020_04_21;)