🐾 - 🚨 Suspicious 👀 HTTP NTLM Authentication requested from Internet) - Suricata Rule 3300141 (pawpatrules)

🐾 - 🚨 Suspicious 👀 HTTP NTLM Authentication requested from Internet)

SID: 3300141Rev: 30 views

Sourcepawpatrules

CreatedAugust 10, 2022

UpdatedFebruary 18, 2024

Classificationcredential-theft

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious 👀 HTTP NTLM Authentication requested from Internet)"; flow:to_client, stateless; threshold:type limit, track by_dst,count 1, seconds 60; content:"|57 57 57 2d 41 75 74 68 65 6e 74 69 63 61 74 65 3a 20 4e 54 4c 4d 0d 0a|"; metadata:created_at 2022_08_10, updated_at 2024_02_18; sid:3300141; rev:3; classtype:credential-theft;)

Metadata

created at2022_08_10

updated at2024_02_18

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!