24 lines
499 B
Standard ML
24 lines
499 B
Standard ML
signature ldap_client_udp {
|
|
ip-proto == udp
|
|
payload /^\x30.\x02\x01.\x60/
|
|
}
|
|
|
|
signature log4j_javaclassname_udp {
|
|
ip-proto == udp
|
|
payload /^\x30.*javaClassName/
|
|
requires-reverse-signature ldap_client_udp
|
|
event "log4j_javaclassname_udp"
|
|
}
|
|
|
|
signature ldap_client_tcp {
|
|
ip-proto == tcp
|
|
payload /^\x30.\x02\x01.\x60/
|
|
}
|
|
|
|
signature log4j_javaclassname_tcp {
|
|
ip-proto == tcp
|
|
payload /^\x30.*javaClassName/
|
|
requires-reverse-signature ldap_client_tcp
|
|
event "log4j_javaclassname_tcp"
|
|
}
|