alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTPS_PORT (msg: "[CISCO-CORRELATED] VPN login after suspicious activity"; program: %ASA-6-734001; classtype: correlated-attack; parse_src_ip: 1; flowbits: isset,by_src,recon|honeypot; reference: url, wiki.quadrantsec.com/bin/view/Main/5002364; sid:5002364; rev: 3;)
-- Main.Sagan-Wiki-Add - 2015-10-21
New revisions of 5002364 will be below...
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTPS_PORT (msg: "[CISCO-CORRELATED] VPN login after suspicious activity"; program: %ASA*-6-734001; classtype: correlated-attack; parse_src_ip: 1; flowbits: isset,by_src,recon|honeypot|exploit_attempt; reference: url, wiki.quadrantsec.com/bin/view/Main/5002364; sid:5002364; rev: 4;)
-- Main.Sagan-Wiki-Add - 2016-11-7