diff --git a/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml
new file mode 100644
index 00000000000..d0be325218d
--- /dev/null
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml
@@ -0,0 +1,35 @@
+title: CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
+id: aee7681f-b53d-4594-a9de-ac51e6ad3362
+related:
+    - id: 87c83d8e-5390-44ce-aa4a-d3b37e54d0a0 # Webserver Attempt
+      type: similar
+    - id: ff349b81-617f-4af4-924f-dbe8ea9bab41 # Proxy Attempt
+      type: similar
+    - id: a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1 # Webserver Exploit
+      type: similar
+status: experimental
+description: Detects exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via proxy logs by looking for a very long host header string.
+references:
+    - https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
+    - https://attackerkb.com/topics/2faW2CxJgQ/cve-2023-4966
+    - https://www.rapid7.com/blog/post/2023/10/25/etr-cve-2023-4966-exploitation-of-citrix-netscaler-information-disclosure-vulnerability/
+    - https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
+    - https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
+author: Nasreddine Bencherchali (Nextron Systems)
+date: 2023/11/28
+tags:
+    - detection.emerging_threats
+    - attack.initial_access
+    - attack.t1190
+    - cve.2023.4966
+logsource:
+    category: proxy
+detection:
+    selection:
+        cs-method: 'GET'
+        cs-uri|contains: '/oauth/idp/.well-known/openid-configuration'
+        cs-host|re: '.{150}'
+    condition: selection
+falsepositives:
+    - Vulnerability scanners
+level: high
diff --git a/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml
new file mode 100644
index 00000000000..2c5ec469558
--- /dev/null
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml
@@ -0,0 +1,35 @@
+title: CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
+id: ff349b81-617f-4af4-924f-dbe8ea9bab41
+related:
+    - id: 87c83d8e-5390-44ce-aa4a-d3b37e54d0a0 # Webserver Attempt
+      type: similar
+    - id: aee7681f-b53d-4594-a9de-ac51e6ad3362 # Proxy Exploit
+      type: similar
+    - id: a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1 # Webserver Exploit
+      type: similar
+status: experimental
+description: Detects potential exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via proxy logs.
+references:
+    - https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
+    - https://attackerkb.com/topics/2faW2CxJgQ/cve-2023-4966
+    - https://www.rapid7.com/blog/post/2023/10/25/etr-cve-2023-4966-exploitation-of-citrix-netscaler-information-disclosure-vulnerability/
+    - https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
+    - https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
+author: Nasreddine Bencherchali (Nextron Systems), Michael Haag (STRT)
+date: 2023/11/28
+tags:
+    - detection.emerging_threats
+    - attack.initial_access
+    - attack.t1190
+    - cve.2023.4966
+logsource:
+    category: proxy
+detection:
+    selection:
+        cs-method: 'GET'
+        cs-uri|contains: '/oauth/idp/.well-known/openid-configuration'
+        sc-status: 200
+    condition: selection
+falsepositives:
+    - Vulnerability scanners
+level: medium
diff --git a/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml
new file mode 100644
index 00000000000..9c2798d65ed
--- /dev/null
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml
@@ -0,0 +1,35 @@
+title: CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
+id: 87c83d8e-5390-44ce-aa4a-d3b37e54d0a0
+related:
+    - id: ff349b81-617f-4af4-924f-dbe8ea9bab41 # Proxy Attempt
+      type: similar
+    - id: aee7681f-b53d-4594-a9de-ac51e6ad3362 # Proxy Exploit
+      type: similar
+    - id: a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1 # Webserver Exploit
+      type: similar
+status: experimental
+description: Detects potential exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via webserver logs.
+references:
+    - https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
+    - https://attackerkb.com/topics/2faW2CxJgQ/cve-2023-4966
+    - https://www.rapid7.com/blog/post/2023/10/25/etr-cve-2023-4966-exploitation-of-citrix-netscaler-information-disclosure-vulnerability/
+    - https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
+    - https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
+author: Nasreddine Bencherchali (Nextron Systems), Michael Haag (STRT)
+date: 2023/11/28
+tags:
+    - detection.emerging_threats
+    - attack.initial_access
+    - attack.t1190
+    - cve.2023.4966
+logsource:
+    category: webserver
+detection:
+    selection:
+        cs-method: 'GET'
+        cs-uri-stem|contains: '/oauth/idp/.well-known/openid-configuration'
+        sc-status: 200
+    condition: selection
+falsepositives:
+    - Vulnerability scanners
+level: medium
diff --git a/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml
new file mode 100644
index 00000000000..45babdc0274
--- /dev/null
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml
@@ -0,0 +1,35 @@
+title: CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
+id: a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1
+related:
+    - id: 87c83d8e-5390-44ce-aa4a-d3b37e54d0a0 # Webserver Attempt
+      type: similar
+    - id: ff349b81-617f-4af4-924f-dbe8ea9bab41 # Proxy Attempt
+      type: similar
+    - id: aee7681f-b53d-4594-a9de-ac51e6ad3362 # Proxy Exploit
+      type: similar
+status: experimental
+description: Detects exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via webserver logs by looking for a very long host header string.
+references:
+    - https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
+    - https://attackerkb.com/topics/2faW2CxJgQ/cve-2023-4966
+    - https://www.rapid7.com/blog/post/2023/10/25/etr-cve-2023-4966-exploitation-of-citrix-netscaler-information-disclosure-vulnerability/
+    - https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
+    - https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
+author: Nasreddine Bencherchali (Nextron Systems)
+date: 2023/11/28
+tags:
+    - detection.emerging_threats
+    - attack.initial_access
+    - attack.t1190
+    - cve.2023.4966
+logsource:
+    category: webserver
+detection:
+    selection:
+        cs-method: 'GET'
+        cs-uri-stem|contains: '/oauth/idp/.well-known/openid-configuration'
+        cs-host|re: '.{150}'
+    condition: selection
+falsepositives:
+    - Vulnerability scanners
+level: high
diff --git a/tests/test_rules.py b/tests/test_rules.py
index f46dfe3f8ce..b606218695e 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -1291,10 +1291,10 @@ def test_title(self):
                 print(Fore.RED + "Rule {} has no field 'title'.".format(file))
                 faulty_rules.append(file)
                 continue
-            elif len(title) > 100:
+            elif len(title) > 110:
                 print(
                     Fore.YELLOW
-                    + "Rule {} has a title field with too many characters (>100)".format(
+                    + "Rule {} has a title field with too many characters (>110)".format(
                         file
                     )
                 )