From bffbdabce9e3df38e37e4b716d70ebeee07c7e91 Mon Sep 17 00:00:00 2001
From: phantinuss <79651203+phantinuss@users.noreply.github.com>
Date: Fri, 25 Aug 2023 10:05:35 +0200
Subject: [PATCH] fix: use explicit CIDR notation for loopback

---
 rules/web/proxy_generic/proxy_webdav_search_ms.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/web/proxy_generic/proxy_webdav_search_ms.yml b/rules/web/proxy_generic/proxy_webdav_search_ms.yml
index 62f13c99598..0588badeceb 100644
--- a/rules/web/proxy_generic/proxy_webdav_search_ms.yml
+++ b/rules/web/proxy_generic/proxy_webdav_search_ms.yml
@@ -7,6 +7,7 @@ references:
     - https://micahbabinski.medium.com/search-ms-webdav-and-chill-99c5b23ac462
 author: Micah Babinski
 date: 2023/08/21
+modified: 2023/08/25
 tags:
     - attack.initial_access
     - attack.t1584
@@ -32,7 +33,7 @@ detection:
             - '10.0.0.0/8'
             - '172.16.0.0/12'
             - '192.168.0.0/16'
-            - '::1'  # IPv6 loopback
+            - '::1/128'  # IPv6 loopback
             - 'fe80::/10'  # IPv6 link-local addresses
             - 'fc00::/7'  # IPv6 private addresses
     condition: all of selection_* and not 1 of filter_main_*