From 364e859a6b4e4c3798d67aaad0e4dc0f10d5fca6 Mon Sep 17 00:00:00 2001
From: 2d4d <46819580+2d4d@users.noreply.github.com>
Date: Sun, 12 Jan 2020 00:29:10 +0100
Subject: [PATCH] add newbm.pl

---
 rules/web/web_citrix_cve_2019_19781_exploit.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/web/web_citrix_cve_2019_19781_exploit.yml b/rules/web/web_citrix_cve_2019_19781_exploit.yml
index 6cc1bdff8..25e8a9c26 100644
--- a/rules/web/web_citrix_cve_2019_19781_exploit.yml
+++ b/rules/web/web_citrix_cve_2019_19781_exploit.yml
@@ -8,7 +8,7 @@ references:
 author: Arnim Rupp, Florian Roth
 status: experimental
 date: 2020/01/02
-modified: 2020/01/07
+modified: 2020/01/11
 logsource:
     category: webserver
     description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt)'
@@ -17,6 +17,7 @@ detection:
         c-uri-path: 
             - '*/../vpns/*'
             - '*/vpns/cfg/smb.conf'
+            - '*/vpns/portal/scripts/newbm.pl*'
     condition: selection
 fields:
     - client_ip