alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Powershell 🌐 (Windows 🪟) - TLSv1.0 connection to FQDN"; flow:to_server, stateless; ja3.hash; content:"fc54e0d16d9764783542f0146a98b300"; fast_pattern; tls_sni; content:!"lenovo.com"; nocase; endswith; content:!"microsoft.com"; nocase; endswith; metadata:former_category JA3; reference:url,https://learn.microsoft.com/en-us/powershell/; metadata:created_at 2023_12_27, updated_at 2024_02_09; sid:3301101; rev:2; classtype:policy-violation;)