-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathpii.rules
31 lines (31 loc) · 7.5 KB
/
pii.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M1"; dsize:>65; content:"300"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619900; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M2"; dsize:>65; content:"301"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619901; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M3"; dsize:>65; content:"302"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619902; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M4"; dsize:>65; content:"303"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619903; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M5"; dsize:>65; content:"304"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619904; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M6"; dsize:>65; content:"305"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619905; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M7"; dsize:>65; content:"36"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619906; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 14 Digit Credit Card Number M8"; dsize:>65; content:"38"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{2}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619907; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M1"; dsize:>65; content:"34"; pcre:"/^\d{2}(?:[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}|\d{6}[\s\x2d]\d{5})\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619908; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M2"; dsize:>65; content:"37"; pcre:"/^\d{2}(?:[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}|\d{6}[\s\x2d]\d{5})\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619909; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M3"; dsize:>65; content:"2014"; pcre:"/^(?:\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}|\d{6}[\s\x2d]\d{5})\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619910; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M4"; dsize:>65; content:"2149"; pcre:"/^\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619911; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M5"; dsize:>65; content:"2131"; pcre:"/^\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619912; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M6"; dsize:>65; content:"1800"; pcre:"/^\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{3}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619913; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M7"; dsize:>65; content:"34"; pcre:"/\b34\d{13}\b/"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619914; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M8"; dsize:>65; content:"37"; pcre:"/^\d{13}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619915; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M9"; dsize:>65; content:"2014"; pcre:"/^\d{11}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619916; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M10"; dsize:>65; content:"2149"; pcre:"/^\d{11}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619917; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M11"; dsize:>65; content:"2131"; pcre:"/^\d{11}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619918; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 15 Digit Credit Card Number M12"; dsize:>65; content:"1800"; pcre:"/^\d{11}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619919; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII SSN with content (SSN) M1"; dsize:>65; content:"SSN"; nocase; pcre:"/[^\r\n]*\b((?!219[\s\x2d]?09[\s\x2d]?9999|078[\s\x2d]?05[\s\x2d]?1120)(?!666|000|9\d{2})\d{3}[\s\x2d]?(?!00)\d{2}[\s\x2d]?(?!0{4})\d{4})\b/R"; reference:url,regexr.com/7viff; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619920; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M1"; dsize:>65; content:"6011"; pcre:"/^[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619921; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M2"; dsize:>65; content:"51"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619922; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M3"; dsize:>65; content:"52"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619923; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M4"; dsize:>65; content:"53"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619924; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M5"; dsize:>65; content:"54"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619925; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M6"; dsize:>65; content:"55"; pcre:"/^\d{2}[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619926; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M7"; dsize:>65; content:"4"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619927; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII 16 Digit Credit Card Number M8"; dsize:>65; content:"3"; pcre:"/^\d[\s\x2d]\d{4}[\s\x2d]\d{4}[\s\x2d]\d{4}\b/R"; content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619928; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII MRN with content (M) (M followed by 9 digits)"; dsize:>65; content:"M"; nocase; pcre:"/([m]\d{9}[^\d]*){6}/si";content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619929; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PII MRN with content (MRN) (MRN and 7-8 digits)"; dsize:>65; content:"MRN"; nocase; pcre:"/(mrn\d{7,8}[^\d]*){6}/si";content:!"|20|HTTP/1.1|0d 0a|"; classtype:misc-unknown; sid:2619930; rev:1;)