alert ssh any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6409)"; flow:established,to_client; content:"SSH-"; startswith; content:"-OpenSSH_"; fast_pattern; pcre:"/^8\.[78](?:p\d)?/R"; reference:cve,2024-6409; classtype:successful-recon-largescale; sid:2054407; rev:1; metadata:affected_product OpenSSH, attack_target Server, created_at 2024_07_09, cve CVE_2024_6409, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence High, signature_severity Informational, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_07_09;)