diff options
Diffstat (limited to 'clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml')
-rw-r--r-- | clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml b/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml new file mode 100644 index 0000000..1cce7f7 --- /dev/null +++ b/clover/cloverctl/src/cloverctl/yaml/idsrule_scan.yaml @@ -0,0 +1,9 @@ +sid: "10000003" +protocol: tcp +dest_port: any +dest_ip: $HOME_NET +src_port: any +src_ip: any +msg: MALWARE-CNC User-Agent ASafaWeb Scan +rev: "001" +content: '"asafaweb.com"' |