About PranayKuhikar

PranayKuhikar · ‎07-02-2020

Hello Team, I need to create custom VA signature which can detect specific chrome browser version and block internet also from that browser. I have created custom signature which can detect specific version and can block http traffic too but https traffic is not blocking. We have not enabled ssl decryption and not planned to enable it but still i need to block 443 port traffic. I have been matching chrome browser version pattern along with tls version pattern but its not working. please let me know how i can block it without ssl decryption. I am using below signiture. <?xml version="1.0"?> -<vulnerability-threat version="9.0.0"> -<entry name="41005"> -<signature> -<standard> -<entry name="chrome browser httpsv1"> -<and-condition> -<entry name="And Condition 1"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<pattern-match> <pattern>Chrome/83.0.4103.116</pattern> <context>http-req-headers</context> <negate>no</negate> </pattern-match> </operator> </entry> </or-condition> </entry> -<entry name="And Condition 2"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<equal-to> <value>769</value> <context>ssl-rsp-version</context> </equal-to> </operator> </entry> </or-condition> </entry> </and-condition> <order-free>yes</order-free> <scope>session</scope> </entry> -<entry name="chrome browser tlsv1.1"> -<and-condition> -<entry name="And Condition 1"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<pattern-match> <pattern>Chrome/83.0.4103.116</pattern> <context>http-req-headers</context> <negate>no</negate> </pattern-match> </operator> </entry> </or-condition> </entry> -<entry name="And Condition 2"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<equal-to> <value>770</value> <context>ssl-rsp-version</context> </equal-to> </operator> </entry> </or-condition> </entry> </and-condition> <order-free>yes</order-free> <scope>session</scope> </entry> -<entry name="chrome browser tls1.2"> -<and-condition> -<entry name="And Condition 1"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<pattern-match> <pattern>Chrome/83.0.4103.116</pattern> <context>http-req-headers</context> <negate>no</negate> </pattern-match> </operator> </entry> </or-condition> </entry> -<entry name="And Condition 2"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<equal-to> <value>771</value> <context>ssl-rsp-version</context> </equal-to> </operator> </entry> </or-condition> </entry> </and-condition> <order-free>yes</order-free> <scope>session</scope> </entry> -<entry name="chrome browser 1.1"> -<and-condition> -<entry name="And Condition 1"> -<or-condition> -<entry name="Or Condition 1"> -<operator> -<pattern-match> <pattern>Chrome/83.0.4103.116</pattern> <context>http-req-headers</context> <negate>no</negate> </pattern-match> </operator> </entry> </or-condition> </entry> </and-condition> <order-free>yes</order-free> <scope>session</scope> </entry> </standard> </signature> -<default-action> <alert/> </default-action> <threatname>Chrone testing http</threatname> <severity>low</severity> <direction>client2server</direction> -<affected-host> <client>yes</client> </affected-host> </entry> </vulnerability-threat>

Member Since	‎12-26-2018 03:22 AM
Date Last Visited	‎12-13-2021 11:54 AM
Posts	1

Online Status	Offline
Date Last Visited	‎12-13-2021 11:54 AM

About PranayKuhikar

Custom signature not working

Auto update agent failed to install license information:

Re: File blocking allow MS 365 Office installs and Windows updates

Re: Installing a new cert

Rabbitmq install failing in Expedition

File blocking allow MS 365 Office installs and Windows updates

Custom signature not working