[Oisf-users] ET Open signature 2015857 and cisco config exfil
erik clark
philosnef at gmail.com
Wed Jul 19 11:20:23 UTC 2017
Turns out this signature will not fire if the version block is
0a 21 20 4c
This looks for |0a 21 0a|version|20|
Id like to recommend altering this to either look for "NVRAM config last
update", or at least 0a 21 20|version|
We are running a few variants of this signature, and confirmed they fire as
expected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170719/763849f0/attachment-0001.html>
More information about the Oisf-users
mailing list