🐾 - 🚨 Over 500MB uploaded via TLS to public IP address - Possible data exfiltration 🚱 - Suricata Rule 3321359 (pawpatrules)

🐾 - 🚨 Over 500MB uploaded via TLS to public IP address - Possible data exfiltration 🚱

SID: 3321359Rev: 116 views

Sourcepawpatrules

CreatedAugust 28, 2024

UpdatedAugust 28, 2024

Classificationpolicy-violation

alert tls any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Over 500MB uploaded via TLS to public IP address - Possible data exfiltration 🚱"; requires:version >= 8; flow:to_server, stateless; threshold:type both, track by_src,count 1, seconds 300; flow.bytes_toserver:>=500000000; metadata:created_at 2024_08_28, updated_at 2024_08_28; sid:3321359; rev:1; classtype:policy-violation;)

Metadata

created at2024_08_28

updated at2024_08_28

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!