我找不到适用于以下规则的文档:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Microsoft Powershell Banner Outbound"; flow:established; content:"Windows PowerShell"; content:"Copyright |28|C|29| 20"; distance:0; content:"Microsoft Corp"; distance:0; classtype:successful-admin; sid:2020084; rev:1; metadata:created_at 2015_01_05, updated_at 2015_01_05;)
它在文件中:https ://rules.emergingthreats.net/open/suricata/rules/emerging-attack_response.rules