alert syslog $HOME_NET any -> $EXTERNAL_NET any (msg: "[FILE-GEOIP] Executable Downloaded from outside HOME_COUNTRY"; program: snort; country_code: track by_src, isnot $HOME_COUNTRY; content: "FILE-IDENTIFY"; content: "Exe"; classtype: bad-unknown; parse_src_ip: 1; parse_dst_ip: 2; reference: url, wiki.quadrantsec.com/bin/view/Main/5001979; sid: 5001979; rev: 2;)
-- Main.Sagan-Wiki-Add - 2015-10-21
New revisions of 5001979 will be below...
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[FILE-GEOIP] Executable Downloaded from outside HOME_COUNTRY"; program: snort; country_code: track by_src, isnot $HOME_COUNTRY; content: "FILE-IDENTIFY"; content: "Exe"; classtype: bad-unknown; parse_src_ip: 1; parse_dst_ip: 2; reference: url, wiki.quadrantsec.com/bin/view/Main/5001979; sid: 5001979; rev:3;)
-- Main.Sagan-Wiki-Add - 2021-4-12