#                          KXK00OOkxxkO00KX0            
#                   ,NXKxo:,'...        ...';cdOXN:     
#                   l;. ..,:ldxkOOOOOOkkxol:,..  .o     
#                  dk  lOOOOOOkkkkkkkkkkkOOOOOOx  dk    
#              KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
#              x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
#              d. o0Okkkkkkkkkkkkk.   okkkkkkkkkkOO0k  x
#              l. c0kkkkkkko. .ckk    .kd..'xkkkkkk0x .o
#              ;, ;0kkkkkkkc    ;ko. .dk.   :kkkkkk0l ':
#              .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
#               l  o0kkkk:..'dkkk.    .;okkkkkkkkk0x  l 
#               .: .OOkkk;    xk,         .:kkkkkO0; ;. 
#                ;. :0kkkko;,cko            :kkkk0d .:  
#                 :  oOkkkkkkkk            .dkkk0k. :   
#                  :  dOkkkkkkk      .:odxkkkkkOk. ;    
#                   ;  oOkkkkkkx:,,ckkkkkkkkkkOx. ,     
#                    '. ;OOkkkkkkkkkkkkkkkkkOOc  '      
#                      ' .lOOkkkkkkkkkkkkkOOd. .        
#                        . .lOOkkkkkkkkkOOo' ..         
#                          ' .;dOOOkOOOx:. .            
#                            .. .,lxo;. ..              
#                                .. ..                  
#                                         
# ____   ___        __  ____       _              _           
#|  _ \ / \ \      / / |  _ \ __ _| |_ _ __ _   _| | ___  ___ 
#| |_) / _ \ \ /\ / /  | |_) / _` | __| '__| | | | |/ _ \/ __|
#|  __/ ___ \ V  V /   |  __/ (_| | |_| |  | |_| | |  __/\__ \
#|_| /_/   \_\_/\_/    |_|   \__,_|\__|_|   \__,_|_|\___||___/
#                                                             
# IDS Rules for Suricata
# 📜 Charles BLANC-ROLIN ⠵ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"⚠ Axeda remote access agent (TLSv1.0) 🎛 - Leak 🚱"; threshold: type limit, track by_src,count 1, seconds 86400; ja3_hash; content:"a99945828d72d137e7ea232b52deeaa3"; metadata: former_category JA3; reference:url,https://support.ptc.com/help/thingworx_hc/axeda_compatibility_package/en/index.html#page/axeda_compatibility_package/remote_access/c_ra_axeda_desktop_viewer_support.html; metadata:created_at 2021_06_02, updated_at 2022_03_09; sid:2021060201; rev:4; classtype:policy-violation;)

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"⚠ Axeda remote access agent (TLSv1.2) 🎛 - Leak 🚱"; threshold: type limit, track by_src,count 1, seconds 86400; ja3_hash; content:"118ccd49490cf92ab09c77393ef192b6"; metadata: former_category JA3; reference:url,https://support.ptc.com/help/thingworx_hc/axeda_compatibility_package/en/index.html#page/axeda_compatibility_package/remote_access/c_ra_axeda_desktop_viewer_support.html; metadata:created_at 2021_06_02, updated_at 2022_03_09; sid:2021060202; rev:4; classtype:policy-violation;)