3 Replies Latest reply on Oct 6, 2014 3:35 AM by vinaya_k

    Writing ACE correlation rule to search the keyword "ping" in packet header




      I want to write a correlation rule in ACE to detect Shellshock vulnerability exploitation attempts/symptoms. Any ideas around this would be helpful.

      Primarily, I am trying to write a rule,with Protocol: http/https, Normalization Rule: Exploit, Event Subtype:Success and then I am stuck. I want to search the keyword "ping" in the packet header.

      Any ideas or suggestions are welcome. Also, suggest if I am moving in the right direction.


      Thanking in anticipation.