fix: list and add base64 encoded Mozilla keyword

2022-07-08 10:50:52 +02:00
parent 6fc782958a
commit 9b47c868bc
1 changed files with 2 additions and 1 deletions
@@ -10,8 +10,9 @@ logsource:
    category: proxy
 detection:
    selection:
-        c-useragent|endswith:
+        c-useragent|endswith: 
            - '='
+            - 'TW96aWxsY'  # base64 encoded Mozilla/ as used by YamaBot
    condition: selection
 fields:
    - ClientIP