alert tcp $EXTERNAL_NET any -> $HOME_NET $SSH_PORT (msg:"[OPENSSH-BLUEDOT] Authentication success via password from suspicious source"; content: "Accepted password"; classtype: successful-user; reference: url,wiki.quadrantsec.com/bin/view/Main/5002905; normalize; program: sshd; bluedot: type ip_reputation, track by_src, none, Malicious, Tor, Honeypot; sid:5002905; rev:2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
New revisions of 5002905 will be below...
alert tcp $EXTERNAL_NET any -> $HOME_NET $SSH_PORT (msg:"[OPENSSH-BLUEDOT] Authentication success via password from suspicious source"; content: "Accepted password"; classtype: successful-user; reference: url,wiki.quadrantsec.com/bin/view/Main/5002905; normalize; program: sshd; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; sid:5002905; rev:3;)
-- Main.Sagan-Wiki-Add - 2016-12-30