alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg:"[FATPIPE-CORRELATED] Login Success - ADMINISTRATOR - after suspicious activity"; content: "Login|3a| Success"; content: "ADMINISTRATOR"; flowbits: isset,by_src,recon|honeypot; classtype: correlated-attack; program: xtremed; parse_src_ip: 1; reference: url,wiki.quadrantsec.com/bin/view/Main/5002370; sid:5002370; rev:3;)
-- Main.Sagan-Wiki-Add - 2015-10-21
New revisions of 5002370 will be below...
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg:"[FATPIPE-CORRELATED] Login Success - ADMINISTRATOR - after suspicious activity"; content: "Login|3a| Success"; content: "ADMINISTRATOR"; flowbits: isset,by_src,recon|honeypot|exploit_attempt; classtype: correlated-attack; program: xtremed; parse_src_ip: 1; reference: url,wiki.quadrantsec.com/bin/view/Main/5002370; sid:5002370; rev:5;)
-- Main.Sagan-Wiki-Add - 2016-11-7