Recent Changes in Main Web retrieved at 11:54 (GMT)

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Unsuccessful Command line Login from suspicious source`; content: `Authentication failure...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Unsuccessful Command line Login from suspicious source`; content: `failed to login...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Command line Logout from suspicious source`; content: `start `; content: `end `; content...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Command line Login from suspicious source`; content: `start `; content: !`end `; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER BLUEDOT Timeout from suspicious source`; content: `TIMEOUT`; parse src ip: 1;classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER BLUEDOT User login from suspicious source`; content: `LOGIN,`; parse src ip: 1;classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER BLUEDOT Logout/disconnect from suspicious source`; pcre: `/LOGOUT DISCONNECTED/`; classtype: not suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET BLUEDOT SSH traffic detected from suspicious source`; content: ` service SSH `; content:!`duration...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET BLUEDOT Admin authentication success suspicious source`; content: `38001 type `; content: `succeeded...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET BLUEDOT Administrator Login from suspicious source`; content: `32001 type `; content: `logged in...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET BLUEDOT Login accepted from suspicious source`; content: `32006 type `; content: `login`; pcre:...
alert udp $HOME NET any $EXTERNAL NET any (msg:` CISCO BLUEDOT Suspicious GRE connection detected via Bluedot`; program: %ASA 6 ; content: ` GRE `; bluedot:...
alert icmp $HOME NET any $EXTERNAL NET any (msg:` CISCO BLUEDOT Suspicious ICMP connection detected via Bluedot`; program: %ASA 6 ; content: ` ICMP `; bluedot...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO BLUEDOT FTP file transfer from or to suspicious source`; program: %ASA 6 303002; bluedot: type ip...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO BLUEDOT VPN login from suspicious source 2 `; program: %ASA 6 722022 %ASA 6 722023; bluedot: type...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO BLUEDOT ACS Login success from suspicious source`; program: CisACS 01 PassedAuth; bluedot: type ip reputation...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO BLUEDOT VPN/AnyConnect login from suspicious source`; program: %ASA 6 734001; bluedot: type ip...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO BLUEDOT VPN disconnect from suspicious source`; program: %ASA 4 113019 %ASA 6 716002 %ASA...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO BLUEDOT VPN login from suspicious source`; program: %ASA 6 716001 %ASA 6 716038; bluedot: type...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` CISCO BLUEDOT Login permitted from suspicious source`; program: %ASA 6 605005; bluedot: type ip reputation,...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` CISCO BLUEDOT Console login from suspicious source`; program: %SEC LOGIN 5 LOGIN SUCCESS; bluedot: type ip reputation...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO BLUEDOT VPN Login from suspicious source`; program: %ASA 6 716038; bluedot: type ip reputation...
alert tcp $HOME NET any $EXTERNAL NET any (msg:` CISCO BLUEDOT Suspicious TCP connection detected via Bluedot`; program: %ASA 6 ; content: ` TCP `; content:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Possible RST Flood`; content: `Possible RST Flood`; classtype: attempted dos...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` WINDOWS OWA BLUEDOT Login failure Brute force 5/5 `; content: `/ews/exchange.asmx`; nocase; bluedot...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Windows DC Logon Failure from Bluedot listed IP`; pcre: `/ 675: 676: 681: /`; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from Bluedot listed IP Account locked 0/1 `; content: ` 539 3a `; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from Bluedot listed IP User not allowed to login at this computer`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from Bluedot listed IP Specified account expired`; content: ` 532 3a `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from Bluedot listed IP Account currently disabled 0/5 `; content: ` 531 3a...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from a Bluedot listed IP Time restriction 0/5 `; content: ` 530 3a `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS BLUEDOT Login failure from a Bluedot listed IP 0/5 `; program: Security ; content: ` 529 3a `; classtype...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS BLUEDOT RDP / Logon type 10 from a Bluedot listed IP`; program: Security ; pcre: `/ 528: 4624: /`;...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` CITRIX BLUEDOT SSLVPN HTTPREQUEST from Bluedot listed IP`; content: `SSLVPN HTTPREQUEST`; classtype:...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` CITRIX BLUEDOT Login from Bluedot listed IP`; content: `SSLVPN LOGIN`; classtype: unsuccessful user;...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BLUEDOT Suspicious IP detected via Bluedot`; bluedot: reputation, all, $BLUEDOT NETWORK; content:!`drop`;...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD GEOIP Disconnect from outside HOME COUNTRY`; program: imapd imapd ssl; content: `DISCONNECTED,`...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD GEOIP Timeout from outside HOME COUNTRY`; program: imapd imapd ssl; content: `TIMEOUT,`; country...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD GEOIP Logout from outside HOME COUNTRY`; program: imapd imapd ssl; content: `LOGOUT,`; country code...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD GEOIP Login from outside HOME COUNTRY`; program: imapd imapd ssl; content: `LOGIN,`; country code...
Welcome To The Sagan Wiki: What is Sagan: `Sagan is an open source (GNU/GPLv2) high performance, real time log analysis correlation engine that run under nix...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Squid logs detected via program.`; program: squid; dynamic load: $RULE PATH/squid.rules; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE WonderCrypter ransomware extension or note detected.`; pcre: `/ 4663: 567: 5145: /`; meta...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Apache logs detected via program.`; program: proftpd httpd; dynamic load: $RULE PATH/apache.rules...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Juniper logs detected via program.`; program: Juniper; dynamic load: $RULE PATH/juniper.rules; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Zeus logs detected via program.`; program: zeus; dynamic load: $RULE PATH/zeus.rules; classtype: dynamic...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Yubikey logs detected via program.`; program: yk chkpwd; dynamic load: $RULE PATH/yubikey.rules; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC xinetd logs detected via program.`; program: xinetd; dynamic load: $RULE PATH/xinetd.rules; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Wordpress logs detected via program.`; program: WPsyslog; dynamic load: $RULE PATH/wordpress.rules...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Windows Sysmon logs detected via program.`; program: Sysmon; dynamic load: $RULE PATH/windows sysmon...

«Previous   1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16   Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback