Update weblogic-t3-detect.yaml

network/detection/weblogic-t3-detect.yaml

@@ -6,24 +6,20 @@ info:
   severity: info
   description: |
     T3 is the protocol used to transport information between WebLogic servers and other types of Java programs.
+  impact: |
+    May indicate potential exposure to Weblogic T3 Protocol vulnerabilities
+  remediation: |
+    Ensure proper configuration and security measures are in place for Weblogic T3 Protocol
   metadata:
     max-request: 2
   tags: network,weblogic,detect,t3,oracle
+
 tcp:
   - inputs:
-      - data: "t3 12.2.1
+      - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
-
-          AS:255
-
-          HL:19
-
-          MS:10000000
-
-          PU:t3://us-l-breens:7001
-
-          \n"
     host:
       - "{{Hostname}}"
+    port: 7001
     read-size: 1024
     matchers:
       - type: word
@@ -38,20 +34,11 @@ tcp:
           - "HELO:(.*).false"
 
   - inputs:
-      - data: "t3s 12.2.1
+      - data: "t3s 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
-
-          AS:255
-
-          HL:19
-
-          MS:10000000
-
-          PU:t3://us-l-breens:7001
-
-          \n"
     host:
       - "tls://{{Hostname}}"
     read-size: 1024
+    port: 7002
     matchers:
       - type: word
         words:
@@ -63,4 +50,3 @@ tcp:
         group: 1
         regex:
           - "HELO:(.*).false"
-# digest: 4b0a004830460221008e4fc5512e10a4bac580826b8cb65a981a9ef61b55f63c6f892cf0dde4b500a8022100e08f41e4f5d99713ff8e920b11a1fdfa70f7b1f5f5d0a2df25aa91bf69a010df:922c64590222798bb761d5b6d8e72950