🐾 - 🚨 Over 50MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration 🚱 - Suricata Rule 3301138 (pawpatrules)

🐾 - 🚨 Over 50MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration 🚱

SID: 3301138Rev: 442 viewsHistory

Sourcepawpatrules

CreatedFebruary 18, 2024

UpdatedJune 4, 2024

Classificationpolicy-violation

alert ssh any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Over 50MB uploaded via SSH / SFTP to public IP address - Possible data exfiltration 🚱"; requires:version >= 8; flow:to_server, established; threshold:type both, track by_src,count 1, seconds 60; flow.bytes_toserver:>=50000000; metadata:created_at 2024_02_18, updated_at 2024_06_04; sid:3301138; rev:4; classtype:policy-violation;)

Metadata

created at2024_02_18

updated at2024_06_04

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!