alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg:"[FATPIPE-BLUEDOT] Login Success from suspicious source"; content: "Login|3a| Success"; classtype: successful-admin; program: xtremed; parse_src_ip: 1; bluedot: type ip_reputation, track by_src, none, Malicious, Tor, Honeypot; reference: url,wiki.quadrantsec.com/bin/view/Main/5002895; sid:5002895; rev:2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
New revisions of 5002895 will be below...
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTPS_PORT (msg:"[FATPIPE-BLUEDOT] Login Success from suspicious source"; content: "Login|3a| Success"; classtype: successful-admin; program: xtremed; parse_src_ip: 1; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; reference: url,wiki.quadrantsec.com/bin/view/Main/5002895; sid:5002895; rev:3;)
-- Main.Sagan-Wiki-Add - 2016-12-30
alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[FATPIPE-BLUEDOT] Login Success from suspicious source"; content: "Login|3a| Success"; default_proto: tcp; default_dst_port: $HTTPS_PORT; classtype: successful-admin; program: xtremed; parse_src_ip: 1; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; reference: url,wiki.quadrantsec.com/bin/view/Main/5002895; sid:5002895; rev:4;)
-- Main.Sagan-Wiki-Add - 2021-4-12