Signature
alert tcp $EXTERNAL_NET any -> $HOME_NET 5432 (msg:"ET SCAN Suspicious inbound to PostgreSQL port 5432"; flow:to_server; flags:S; threshold: type limit, count 5, seconds 60, track by_src; metadata: former_category POLICY; reference:url,doc.emergingthreats.net/2010939; classtype:bad-unknown; sid:4000756; rev:3; metadata:created_at 2010_07_30, updated_at 2018_03_27;)
Recommendations/Investigative actions
It is recommended to disable all external communications to the DB, Disable PostgreSQL port 5432. If there is a need to allow external access to the DB, enable access to specific assets.