Comments (3)
@chrislujan thank you for your report. Fixed.
from attackdetection.
There seem to be a missing keyword in the new rule. This can be fixed by adding "url" after "reference". So:
alert http any any -> any any (msg: "ATTACK [PTsecurity] Apache Tomcat RCE on Windows (CVE-2019-0232)"; flow: established, to_server; content: "?&"; http_raw_uri; pcre: "/.(?:bat|cmd)?&/I"; reference: cve, 2019-0232; reference: url, wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232; reference: url, github.com/ptresearch/AttackDetection; metadata: Open Ptsecurity.com ruleset; classtype: attempted-admin; sid: 10004953; rev: 1;)
from attackdetection.
@ptresearch could you update for this?
from attackdetection.
Related Issues (20)
- How to launch? HOT 1
- Some errors with suricata 3.2.1 HOT 1
- Duplicate SID - 'MALWARE [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set 1' HOT 1
- what is the pwassword to zip files HOT 2
- CVE-2020-3952 proposal HOT 1
- cve-2020-1350.rules checking for dsize HOT 1
- rules metadata format HOT 2
- rule missing metadata tag for sid 11001579 HOT 1
- SID range in Readme doesn't correspond to repository's HOT 1
- how to setting DC_SERVERS? HOT 2
- Вопрос по правилам HOT 1
- Improvement on log4shell.rules HOT 1
- Importing via suricata ptsearch.xml doesnt work.
- SID used are for local use HOT 3
- Опечатка в Readme HOT 1
- False positive for FreePBX_13_14_rce.rules
- Fasle positive for ET TROJAN [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) cert HOT 17
- when i run suricata-update to update ptresearch/attackdetection rules,Suricata test failed. HOT 4
- What is the default password? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attackdetection.