FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY Microsoft Silverlight application file attachment detected
None provided
No public information
No known false positives
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2020 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
