alert syslog $HOME_NET any -> $EXTERNAL_NET any (msg: "[FILE-BLUEDOT] Executable Downloaded from a suspicious source"; program: snort; bluedot: type ip_reputation, track by_src, none, Malicious, Tor, Honeypot; content: "FILE-IDENTIFY"; content: "Exe"; classtype: bad-unknown; parse_src_ip: 1; parse_dst_ip: 2; reference: url, wiki.quadrantsec.com/bin/view/Main/5002910;sid:5002910; rev: 2;)

-- Main.Sagan-Wiki-Add - 2016-8-30

New revisions of 5002910 will be below...

alert syslog $HOME_NET any -> $EXTERNAL_NET any (msg: "[FILE-BLUEDOT] Executable Downloaded from a suspicious source"; program: snort; bluedot: type ip_reputation, track by_src, none, Malicious,Tor,Honeypot,Proxy; content: "FILE-IDENTIFY"; content: "Exe"; classtype: bad-unknown; parse_src_ip: 1; parse_dst_ip: 2; reference: url, wiki.quadrantsec.com/bin/view/Main/5002910;sid:5002910; rev: 3;)

-- Main.Sagan-Wiki-Add - 2016-12-30

Topic revision: r1 - 2016-08-30 - Sagan-Wiki-Add
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback