FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY Microsoft Extensible Storage Engine database detected
This is a file identification rule for Microsoft Windows Extensible Storage Engine database files.
This is a file identification rule for Microsoft Windows Extensible Storage Engine database files.
No public information
No known false positives
Cisco Talos Intelligence Group
Rule Categories::File::File Type Identification
MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File
None
No information provided
None