id: bluecoat-telnet-proxy-detect

info:
  name: BlueCoat Telnet Proxy - Detect
  author: righettod
  severity: info
  description: |
    Detects Blue Coat telnet proxy services.
  reference:
    - https://en.wikipedia.org/wiki/Blue_Coat_Systems
    - https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/about-ssl-proxy.html
    - https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3.html
  metadata:
    max-request: 1
    verified: true
  tags: network,bluecoat,proxy,detect

tcp:
  - inputs:
      - data: "\r\n"
        read: 1024

    host:
      - "{{Hostname}}"
    port: 23
    read-size: 4096

    matchers:
      - type: word
        part: data
        words:
          - "Blue Coat telnet proxy"