alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "[PALO-ALTO] Accepted SSH Connection From Outside Home Country"; content: "Accepted keyboard-interactive/pam for "; content: "ssh2"; parse_src_ip: 1; country_code: track by_src, isnot $HOME_COUNTRY; classtype: successful-user; reference: url,live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/learning_tkb/428/1/System_log_PANOS4.1rev3.xlsx; sid: 5002581; rev: 2;)

-- Main.Sagan-Wiki-Add - 2016-8-30

New revisions of 5002581 will be below...