ET INFO ATF file in HTTP Flowbit Set

SID: 2023714Rev: 20 views
History
Sourceet/open
CreatedJanuary 10, 2017
UpdatedJuly 26, 2019
Classificationnot-suspicious
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO ATF file in HTTP Flowbit Set"; flow:from_server,established; file_data; content:"|41 54 46|"; within:3; flowbits:set,ET.atf.in.http; flowbits:noalert; classtype:not-suspicious; sid:2023714; rev:2; metadata:attack_target Client_Endpoint, created_at 2017_01_10, deployment Perimeter, confidence High, signature_severity Informational, updated_at 2019_07_26;)

Metadata

attack targetClient_Endpoint
created at2017_01_10
deploymentPerimeter
confidenceHigh
signature severityInformational
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!