alert tcp $HOME_NET any -> $EXTERNAL_NET $SSH_PORT (msg:"[ScreenOS] Juniper ScreenOS Login for Suspicious Admin user - system"; content: "Admin user system has logged on via"; nocase; content "00515"; parse_src_ip: 1; reference:cve,2015-7755; reference:url,kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search; classtype:successful-admin; sid: 5002771; rev:2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
New revisions of 5002771 will be below...
alert any $HOME_NET any -> $EXTERNAL_NET any (msg:"[ScreenOS] Juniper ScreenOS Login for Suspicious Admin user - system"; content: "Admin user system has logged on via"; nocase; content: "00515"; parse_src_ip: 1; reference:cve,2015-7755; reference:url,kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search; default_proto: tcp; default_dst_port: $SSH_PORT; classtype:successful-admin; sid: 5002771; rev:4;)
-- Main.Sagan-Wiki-Add - 2021-4-12