ET POLICY Possible EXE Download Request to ngrok

SID: 2027391Rev: 41 views
History
Sourceet/open
CreatedMay 28, 2019
UpdatedSeptember 17, 2020
Classificationpolicy-violation
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Possible EXE Download Request to ngrok"; flow:established,to_server; http.uri; content:".exe"; endswith; http.host; content:".ngrok.io"; endswith; fast_pattern; classtype:policy-violation; sid:2027391; rev:4; metadata:created_at 2019_05_28, deployment Perimeter, confidence Medium, signature_severity Major, tag Suspicious_Download, updated_at 2020_09_17;)

Metadata

created at2019_05_28
deploymentPerimeter
confidenceMedium
signature severityMajor
tagSuspicious_Download
updated at2020_09_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!