id: bluecoat-telnet-proxy-detect

info:
  name: BlueCoat Telnet Proxy - Detect
  author: righettod
  severity: info
  description: |
    Detects Blue Coat telnet proxy services.
  reference:
    - https://en.wikipedia.org/wiki/Blue_Coat_Systems
    - https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/about-ssl-proxy.html
    - https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3.html
  metadata:
    verified: true
    max-request: 1
  tags: network,bluecoat,proxy,detect,detection,tcp
tcp:
  - inputs:
      - data: "\r\n"
        read: 1024

    host:
      - "{{Hostname}}"
    port: 23
    read-size: 4096

    matchers:
      - type: word
        part: data
        words:
          - "Blue Coat telnet proxy"
# digest: 490a0046304402203f96521cba1ff9a1b5ae7a9f160d6696f74dffefdab3d09bef894e07b08b88e30220632092422ecc8d2d8fc04eef34ad73b9c99deb78a718fac9f26275abab904eb6:922c64590222798bb761d5b6d8e72950