🐾 - 🚨 Over 2GB uploaded via TLS to public IP address - Possible data exfiltration 🚱 - Suricata Rule 3321387 (pawpatrules)

🐾 - 🚨 Over 2GB uploaded via TLS to public IP address - Possible data exfiltration 🚱

SID: 3321387Rev: 17 views

Sourcepawpatrules

CreatedOctober 22, 2024

UpdatedOctober 22, 2024

Classificationpolicy-violation

alert tls any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Over 2GB uploaded via TLS to public IP address - Possible data exfiltration 🚱"; requires:version >= 8; flow:to_server, stateless; threshold:type both, track by_src,count 1, seconds 600; flow.bytes_toserver:>=2000000000; metadata:created_at 2024_10_22, updated_at 2024_10_22; sid:3321387; rev:1; classtype:policy-violation;)

Metadata

created at2024_10_22

updated at2024_10_22

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!