alert tcp $HOME_NET any -> $EXTERNAL_NET $SSH_PORT (msg: "[ScreenOS-BLUEDOT] Juniper ScreenOS Admin Login from suspicious source"; content: "Admin user"; content:"has logged on via"; bluedot: type ip_reputation, track by_src, none, Malicious, Tor, Honeypot; classtype: successful-user; parse_src_ip: 1; reference:url,kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search; reference: url, wiki.quadrantsec.com/bin/view/Main/5002904; sid:5002904; rev: 2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
New revisions of 5002904 will be below...
alert tcp $HOME_NET any -> $EXTERNAL_NET $SSH_PORT (msg: "[ScreenOS-BLUEDOT] Juniper ScreenOS Admin Login from suspicious source"; content: "Admin user"; content:"has logged on via"; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; classtype: successful-user; parse_src_ip: 1; reference:url,kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search; reference: url, wiki.quadrantsec.com/bin/view/Main/5002904; sid:5002904; rev: 3;)
-- Main.Sagan-Wiki-Add - 2016-12-30