prout

2026-02-18 07:55:29 +01:00 · 2026-02-18 07:55:29 +01:00 · 4e7fc6c9f8
parent c46a33d9fb
commit 4e7fc6c9f8
1 changed files with 1 additions and 12 deletions
--- a/Suricata.xml
+++ b/Suricata.xml
@ -352,22 +352,11 @@



-<!-- Exception métier : Sphinx exécuté depuis SMB -->
-<group name="ids,suricata">
-  <rule id="100602" level="0">
-    <if_sid>100600</if_sid>
-    <regex type="pcre2" field="smb.filename">(?i)Systeme.*\.exe</regex>
-    <description>
-      Suricata: Known business software (Sphinx) executed from SMB share
-    </description>
-    <options>no_full_log</options>
-  </rule>
-</group>

 <!-- Alertes critic : Executable file - Autre que fichier lambda -->
 <group name="ids, suricata">
    <rule id="100603" level="12">
-        <if_sid>100600</if_sid>
+        <if_sid>100601</if_sid>
        <regex type="pcre2" negate="yes" field="smb.filename">(?i)\.(pdf|docx?|xlsx?|pptx?|txt|jpe?g|png|gif|csv|zip|rar)</regex>
        <description>Suricata: Fichier executable dans dossier partagé</description>
        <!-- <options>no_full_log</options> -->