summaryrefslogtreecommitdiffstats
path: root/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml')
-rw-r--r--clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml9
1 files changed, 9 insertions, 0 deletions
diff --git a/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml b/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml
new file mode 100644
index 0000000..1cce7f7
--- /dev/null
+++ b/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml
@@ -0,0 +1,9 @@
+sid: "10000003"
+protocol: tcp
+dest_port: any
+dest_ip: $HOME_NET
+src_port: any
+src_ip: any
+msg: MALWARE-CNC User-Agent ASafaWeb Scan
+rev: "001"
+content: '"asafaweb.com"'