alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Bomgar Remote Assistance Tool Download"; flow:established,from_server; content:"filename="; http_header; content:"bomgar-scc-"; http_header; nocase; distance:0; fast_pattern; content:".exe"; http_header; nocase; distance:0; reference:url,www.bomgar.com; classtype:policy-violation; sid:2013867; rev:1;)

Added 2011-11-07 19:34:23 UTC


Topic revision: r1 - 2011-11-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats