alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER .bash_history Detected in URI"; flow:established,to_server; http.uri; content:"|2e|bash_history"; nocase; classtype:attempted-recon; sid:2049402; rev:1; metadata:affected_product Linux, attack_target Web_Server, created_at 2023_11_29, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, updated_at 2023_11_30; target:dest_ip;)