ET SCAN Grendel-Scan Web Application Security Scan Detected
Sourceet/open
Fileemerging-scan.rules
CreatedJuly 30, 2010
UpdatedMarch 6, 2024
Classificationattempted-recon
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Grendel-Scan Web Application Security Scan Detected"; flow:established,to_server ; threshold:type threshold, track by_dst, count 20, seconds 40 ; http.method; content:"GET"; http.uri; content:"/random"; nocase; fast_pattern; pcre:"/\x2Frandom\w+?\x2E(?:c(?:f[cm]|gi)|ht(?:ml?|r)|(?:ws|x)dl|a(?:sp|xd)|p(?:hp3|l)|bat|swf|vbs|do)/i" ; reference:url,www.grendel-scan.com ; classtype:attempted-recon; sid:2009481; rev:11; metadata:created_at 2010_07_30, confidence Medium, signature_severity Informational, updated_at 2024_03_06;)
References
Metadata
created at2010_07_30
confidenceMedium
signature severityInformational
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!