security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #592 from 2d4d/fix_web_citrix_cve_2019_19781_exploit.yml

Browse Source 
add newbm.pl
This commit is contained in:
Florian Roth
2020-01-13 14:48:38 +01:00
committed by GitHub
parent 7216fe400f 364e859a6b
commit a0bad54dbd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/web/web_citrix_cve_2019_19781_exploit.yml
+2 -1
View File
@@ -8,7 +8,7 @@ references:
author: Arnim Rupp, Florian Roth author: Arnim Rupp, Florian Roth
status: experimental status: experimental
date: 2020/01/02 date: 2020/01/02
modified: 2020/01/07 modified: 2020/01/11
logsource: logsource:
category: webserver category: webserver
description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt)' description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt)'
@@ -17,6 +17,7 @@ detection:
c-uri-path: c-uri-path:
- '*/../vpns/*' - '*/../vpns/*'
- '*/vpns/cfg/smb.conf' - '*/vpns/cfg/smb.conf'
- '*/vpns/portal/scripts/newbm.pl*'
condition: selection condition: selection
fields: fields:
- client_ip - client_ip