alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Ivanti Avalanche Directory Traversal Attempt (CVE-2023-41474)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/AvalancheWeb//faces/java.faces.resource/"; fast_pattern; startswith; content:"?loc|3d|"; content:"|2e|"; distance:0; reference:cve,2023-41474; reference:url,github.com/JBalanza/CVE-2023-41474; classtype:attempted-admin; sid:2050604; rev:2; metadata:affected_product Ivanti, created_at 2024_01_30, cve CVE_2023_41474, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_23, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)