ET INFO Observed Abused File Sharing/CRM Platform (pipedrive-files-*-pipedrive .com .s3 .* .amazonaws .com) in TLS SNI - Suricata Rule 2052706 (et/open)

ET INFO Observed Abused File Sharing/CRM Platform (pipedrive-files--pipedrive .com .s3 . .amazonaws .com) in TLS SNI

SID: 2052706Rev: 11 viewsHistory

Sourceet/open

CreatedMay 16, 2024

UpdatedMay 16, 2024

Classificationmisc-activity

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Observed Abused File Sharing/CRM Platform (pipedrive-files-*-pipedrive .com .s3 .* .amazonaws .com) in TLS SNI"; flow:established,to_server; tls.sni; content:"pipedrive-files-"; startswith; pcre:"/^[a-z]{3}-\d{1,2}/R"; content:"-pipedrive-com.s3"; within:24; fast_pattern; content:".amazonaws.com"; endswith; classtype:misc-activity; sid:2052706; rev:1; metadata:affected_product Any, attack_target Client_and_Server, tls_state TLSEncrypt, created_at 2024_05_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Informational, tag TA_Abused_Service, updated_at 2024_05_16;)

Metadata

affected productAny

attack targetClient_and_Server

tls stateTLSEncrypt

created at2024_05_16

deploymentPerimeter

performance impactLow

confidenceHigh

signature severityInformational

tagTA_Abused_Service

updated at2024_05_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!