alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg:"[FATPIPE-GEOIP] Login Success - ADMINISTRATOR - from outside HOME_COUNTRY"; content: "Login|3a| Success"; content: "ADMINISTRATOR"; classtype: successful-admin; program: xtremed; parse_src_ip: 1; country_code: track by_src, isnot $HOME_COUNTRY; reference: url,wiki.quadrantsec.com/bin/view/Main/5001960; sid: 5001960; rev:2;)
-- Main.Sagan-Wiki-Add - 2015-10-21
New revisions of 5001960 will be below...
alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[FATPIPE-GEOIP] Login Success - ADMINISTRATOR - from outside HOME_COUNTRY"; content: "Login|3a| Success"; content: "ADMINISTRATOR"; default_proto: tcp; default_dst_port: $HTTPS_PORT; classtype: successful-admin; program: xtremed; parse_src_ip: 1; country_code: track by_src, isnot $HOME_COUNTRY; reference: url,wiki.quadrantsec.com/bin/view/Main/5001960; sid: 5001960; rev:3;)
-- Main.Sagan-Wiki-Add - 2021-4-12