alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg: "[F5-BIG-IP-BLUEDOT] Unsuccessful Command-line Login from suspicious source"; content: "failed to login after"; content: "sshd"; classtype: unsuccessful-user; parse_src_ip: 1; bluedot: type ip_reputation, track by_src, none, Malicious, Tor, Honeypot; reference: url,support.f5.com/kb/en-us/solutions/public/13000/400/sol13426.html; reference: url,wiki.quadrantsec.com/bin/view/Main/5002891; sid:5002891; rev:2;)

-- Main.Sagan-Wiki-Add - 2016-8-30

New revisions of 5002891 will be below...

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg: "[F5-BIG-IP-BLUEDOT] Unsuccessful Command-line Login from suspicious source"; content: "failed to login after"; content: "sshd"; classtype: unsuccessful-user; parse_src_ip: 1; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; reference: url,support.f5.com/kb/en-us/solutions/public/13000/400/sol13426.html; reference: url,wiki.quadrantsec.com/bin/view/Main/5002891; sid:5002891; rev:3;)

-- Main.Sagan-Wiki-Add - 2016-12-30

Topic revision: r1 - 2016-08-30 - Sagan-Wiki-Add
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback