""ET POLICY Ask Webcrawler User-Agent""
SID: 2033164
Revision: 1
Class Type: not-suspicious
Metadata: attack_target Web_Server, created_at 2021_06_23, deployment Perimeter, signature_severity Informational, tag WebCrawler, updated_at 2021_06_23, mitre_tactic_id TA0043, mitre_tactic_name Reconnaissance, mitre_technique_id T1593, mitre_technique_name Search_Open_Websites
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "Ask Jeeves"
Within:
PCRE: "/^User-Agent\x3a\x20[^\r\n]+Ask Jeeves/Hmi"
Special Options:
-
nocase
-
http_header