alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTPS_PORT (msg: "[CISCO-CORRELATED] VPN login after suspicious activity"; program: %ASA-6-716001|%ASA-6-716038; classtype: correlated-attack; flowbits: isset,by_src,recon|honeypot; parse_src_ip: 1; reference: url, wiki.quadrantsec.com/bin/view/Main/5002362; sid:5002362; rev: 3;)

-- Main.Sagan-Wiki-Add - 2015-10-21

New revisions of 5002362 will be below...

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTPS_PORT (msg: "[CISCO-CORRELATED] VPN login after suspicious activity"; program: %ASA*-6-716001|%ASA*-6-716038; classtype: correlated-attack; flowbits: isset,by_src,recon|honeypot|exploit_attempt; parse_src_ip: 1; reference: url, wiki.quadrantsec.com/bin/view/Main/5002362; sid:5002362; rev: 4;)

-- Main.Sagan-Wiki-Add - 2016-11-7

Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback