[Emerging-Sigs] `former_category` metadatas
duane.security at gmail.com
Tue Jun 16 11:40:42 HDT 2020
Is it intended that `former_category` metadata tags are independent of the
other metadata tag in a given rule? Why not merge them into a single one?
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS
SunDown EK RIP Landing M1 B641"; flow:established,from_server; file_data;
former_category CURRENT_EVENTS;* classtype:trojan-activity; sid:2024353;
rev:2; *metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit,
affected_product Web_Browser_Plugins, attack_target Client_Endpoint,
deployment Perimeter, tag Exploit_Kit_Sundown, signature_severity Major,
created_at 2017_06_07, malware_family Exploit_Kit, updated_at 2017_06_07;*)
It also seems that this particular meta has a space following the
`metadata` keyword where the later ones do not.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs