alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[PALO-ALTO] High Severity Exploit Inbound"; content:"THREAT,vulnerability"; pcre: "/vsys\d{1,2},Untrust,|vsys\d{1,2},Outside,|vsys\d{1,2},external/i"; content:",high,"; normalize; parse_port; parse_proto; parse_src_ip: 1; parse_dst_ip: 2; classtype: exploit-attempt; reference: url,threatvault.paloaltonetworks.com; sid: 5002758; pri: 2; rev: 2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
New revisions of 5002758 will be below...