[Emerging-Sigs] SID:2018455 - Docs site does not match rule from downloaded rule set
jmott at emergingthreats.net
Tue Apr 14 05:20:47 HDT 2020
The comment to delete those contents is from another user like yourself and
not the Emerging Threats team. We have not made a recent modification to
Please do not hesitate to reach out with any questions or concerns!
On Mon, Apr 13, 2020 at 1:26 PM Eric Urban <eurban at umn.edu> wrote:
> I found when looking at
> https://doc.emergingthreats.net/bin/view/Main/2018455 that the latest
> revision appears to have removed the content sections that basically define
> what the rule should be looking for based on its msg. There is the comment
> "del content:"|00 01 00 01|"; content:"|00 04 c3 16 1a|"; distance:4;
> within:5; because too many false positives".
> However, when you pull down the rule sets you can see the rule 2018455
> does in fact contain the content sections for "c3 16 1a" which seems
> correct since the rule checks for 184.108.40.206/26.
> Thank you,
> Eric Urban
> Security Analyst | University Information Security (UIS)
> University of Minnesota | umn.edu
> Information Security is a shared responsibility. Learn more at:
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs