Re: [Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data
Hey Eero, I merged the PR earlier today, it is in the v3.1/dev branch if you want to try it. Christian generalized the rule so it just looks for 'F-Secure Radar' within the user agent, none of the random UID's should cause false negatives. Best of luck! On Wed, Mar 14, 2018 at 6:57 PM, Eero Volotinen wrote: > Thanks, I will try to test it on today/tomorrow. > > also noticed that useragent can also contain some random id string like ' > 59e85179-1c46-4f3a-acd1-5c5f6967dc00' > this might be related to scan task id? see grep from my logs: > > https://pastebin.com/6wnitcXQ > > Eero > > On Wed, Mar 14, 2018 at 11:09 PM, Christian Folini < > christian.fol...@netnea.com> wrote: > >> Hey Eero, >> >> Thank you for the suggestion. I just made this into a pull request. >> >> https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1039 >> >> Please try it out and confirm detection works as intended. >> Ideally on github. >> >> Ahoj, >> >> Christian >> >> >> >> On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote: >> >Hi, >> >Please add entry for f-secure radar: >> >#[1]https://www.f-secure.com/en/web/business_global/radar >> >User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; >> >SV1; .NET CLR 3.0.04506.30) F-Secure Radar >> >br, >> >Eero >> > >> > References >> > >> >1. https://www.f-secure.com/en/web/business_global/radar >> >> > ___ >> > Owasp-modsecurity-core-rule-set mailing list >> > Owasp-modsecurity-core-rule-set@lists.owasp.org >> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity- >> core-rule-set >> >> >> -- >> https://www.feistyduck.com/training/modsecurity-training-course >> https://www.feistyduck.com/books/modsecurity-handbook/ >> mailto:christian.fol...@netnea.com >> twitter: @ChrFolini >> > > > ___ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > -- -- Chaim Sanders http://www.ChaimSanders.com ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
Re: [Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data
Thanks, I will try to test it on today/tomorrow. also noticed that useragent can also contain some random id string like ' 59e85179-1c46-4f3a-acd1-5c5f6967dc00' this might be related to scan task id? see grep from my logs: https://pastebin.com/6wnitcXQ Eero On Wed, Mar 14, 2018 at 11:09 PM, Christian Folini < christian.fol...@netnea.com> wrote: > Hey Eero, > > Thank you for the suggestion. I just made this into a pull request. > > https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1039 > > Please try it out and confirm detection works as intended. > Ideally on github. > > Ahoj, > > Christian > > > > On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote: > >Hi, > >Please add entry for f-secure radar: > >#[1]https://www.f-secure.com/en/web/business_global/radar > >User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; > >SV1; .NET CLR 3.0.04506.30) F-Secure Radar > >br, > >Eero > > > > References > > > >1. https://www.f-secure.com/en/web/business_global/radar > > > ___ > > Owasp-modsecurity-core-rule-set mailing list > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > https://www.feistyduck.com/books/modsecurity-handbook/ > mailto:christian.fol...@netnea.com > twitter: @ChrFolini > ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
Re: [Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data
Hey Eero, Thank you for the suggestion. I just made this into a pull request. https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1039 Please try it out and confirm detection works as intended. Ideally on github. Ahoj, Christian On Tue, Mar 13, 2018 at 02:20:30PM +0200, Eero Volotinen wrote: >Hi, >Please add entry for f-secure radar: >#[1]https://www.f-secure.com/en/web/business_global/radar >User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; >SV1; .NET CLR 3.0.04506.30) F-Secure Radar >br, >Eero > > References > >1. https://www.f-secure.com/en/web/business_global/radar > ___ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:christian.fol...@netnea.com twitter: @ChrFolini ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
[Owasp-modsecurity-core-rule-set] please add f-secure radar to scanners-user-agents.data
Hi, Please add entry for f-secure radar: #https://www.f-secure.com/en/web/business_global/radar User-Agent: Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1; .NET CLR 3.0.04506.30) F-Secure Radar br, Eero ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set