geedge-jira/attachment/63361/StartVPN_20240926.json

{
	"signatures": [
		{
			"signature_id": 120,
			"signature_name": "StartVPN_ip_20240926",
			"and_conditions": [
				{
					"or_conditions": [
						{
							"lua_profile_id": 0,
							"attribute_type": "ip",
							"attribute_name": "ip.dst",
							"protocol": "ip",
							"ip": {
								"ip_address": "89.117.48.52",
								"addr_type": 4
							}
						}
					],
					"not_flag": 0
				}
			],
			"signature_desc": "",
			"icon_color": ""
		},
		{
			"signature_id": 115,
			"signature_name": "StartVPN_fqdn_20240926",
			"and_conditions": [
				{
					"or_conditions": [
						{
							"lua_profile_id": 0,
							"attribute_type": "string",
							"attribute_name": "common.server_fqdn",
							"protocol": "common",
							"string": {
								"patterns": [
									{
										"keywords": "*starvpnapp.com"
									}
								],
								"expr_type": "simple",
								"format": "uncase plain"
							}
						},
						{
							"lua_profile_id": 0,
							"attribute_type": "string",
							"attribute_name": "common.server_fqdn",
							"protocol": "common",
							"string": {
								"patterns": [
									{
										"keywords": "*.uppersafe.com"
									}
								],
								"expr_type": "simple",
								"format": "uncase plain"
							}
						},
						{
							"lua_profile_id": 0,
							"attribute_type": "string",
							"attribute_name": "common.server_fqdn",
							"protocol": "common",
							"string": {
								"patterns": [
									{
										"keywords": "*api.vpnstart.net"
									}
								],
								"expr_type": "simple",
								"format": "uncase plain"
							}
						}
					],
					"not_flag": 0
				}
			],
			"signature_desc": "",
			"icon_color": ""
		}
	],
	"applications": [
		{
			"app_id": 15007,
			"app_name": "StartVPN_20240926",
			"app_longname": "",
			"description": "",
			"seq_no": 15007,
			"app_properties": {
				"parent_app_id": 0,
				"parent_app_name": "null",
				"category": "networking",
				"subcategory": "tunnels",
				"content": "unknown",
				"risk": "1",
				"characteristics": "",
				"deny_action": {
					"method": "drop",
					"after_n_packets": 0,
					"send_icmp_unreachable": 0,
					"send_tcp_reset": 0
				},
				"continue_scanning": 0,
				"tcp_timeout": 0,
				"udp_timeout": 0,
				"tcp_half_close": 0,
				"tcp_time_wait": 0
			},
			"app_surrogates": [
				{
					"group_by": "session",
					"time_window": 0,
					"ordered_match": "no",
					"signature_sequence": [
						{
							"signature": "StartVPN_FQDN_20240926",
							"exclude": 0
						}
					]
				},
				{
					"group_by": "session",
					"time_window": 0,
					"ordered_match": "no",
					"signature_sequence": [
						{
							"signature": "StartVPN_ip_20240926",
							"exclude": 0
						}
					]
				}
			]
		}
	]
}