Recent Changes in Main Web retrieved at 14:35 (GMT)

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Artillery logs detected via program.`; program: Artillery; dynamic load: $RULE PATH/artillery.rules...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Arpalert or Arpwatch logs detected via program.`; program: arpalert arpwatch; dynamic load: $RULE...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC APC EMU logs detected via program.`; program: EMU; dynamic load: $RULE PATH/apc emu.rules; classtype...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS CORRELATED Successful RDP login from a exploit attempt source`; pcre: `/ 528: 4624: /`; content: `Logon...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS CORRELATED Successful RDP login from a recon source`; pcre: `/ 528: 4624: /`; content: `Logon Type...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MALWARE Suspicious Service Control Manager Call`; content: ` 7045 3a `; pcre: `/cmd.exe /i`; program...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MISC Subscription calledback error recieved. Logging has likely stopped.`; content: ` 570 3a `; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MISC Event log has been cleared.`; content: ` 104 3a `; content: `cleared`; classtype: suspicious...
alert syslog any any (msg: ` PROFTP FTPCHK3 file accessed by user`; content: `ftpchk3`; pcre: `/CHMOD DELE STOR/i`; parse src ip: 3; program: proftpd; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MISC Event logging service has shut down.`; content: ` 1100 3a `; classtype: suspicious traffic;...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MISC Installation of service via SCM`; content: ` 7045 3a `; content:!`ForeScout`; nocase; content...
alert tcp $EXTERNAL NET any $HOME NET $MSSQL PORT (msg: ` WINDOWS MSSQL Login Failure from non trusted connection Brute force 25/1 `; content: ` 18452 3a...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER CORRELATED Timeout after suspicious activity`; content: `TIMEOUT`; parse src ip: 1;classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER CORRELATED User login after suspicious activity`; content: `LOGIN,`; parse src ip: 1;classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` COURIER CORRELATED Logout/disconnect after suspicious activity`; pcre: `/LOGOUT DISCONNECTED/`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` WINDOWS OWA CORRELATED Login failure after suspicious activity`; content: `/ews/exchange.asmx`; nocase...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` VSFTPD CORRELATED File uploaded from outside HOME COUNTRY`; content: `OK UPLOAD`; classtype: correlated...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` VSFTPD CORRELATED Authentication successful from outside HOME COUNTRY`; content: `OK LOGIN`; classtype:...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE CORRELATED User login successful after suspicious activity`; content: `Accepted password`; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE CORRELATED User login successful after suspicious activity`; content: ` logged in `; classtype: correlated...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE CORRELATED User login successful after suspicious activity`; pcre: `/Accepted password for login from...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` SSH TECTIA SERVER CORRELATED Authentication success after suspicious activity`; content: `Login success...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD CORRELATED Connection after suspicious activity`; program: imapd imapd ssl; content: `Connection...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD CORRELATED Disconnect after suspicious activity`; program: imapd imapd ssl; content: `DISCONNECTED...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD CORRELATED Timeout after suspicious activity`; program: imapd imapd ssl; content: `TIMEOUT,`; classtype...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD CORRELATED Logout after suspicious activity`; program: imapd imapd ssl; content: `LOGOUT,`; classtype...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD CORRELATED Login after suspicious activity`; program: imapd imapd ssl; content: `LOGIN,`; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET CORRELATED SSH traffic detected after suspicious activity`; content: ` service SSH `; content:!`duration...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET CORRELATED Admin authentication success after suspicious activity`; content: `38001 type `; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET CORRELATED Administrator Login after suspicious activity`; content: `32001 type `; content: `logged...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` FORTINET CORRELATED Login accepted after suspicious activity`; content: `32006 type `; content: `login`; pcre...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` FATPIPE CORRELATED Login Success ADMINISTRATOR after suspicious activity`; content: `Login 3a Success...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` FATPIPE CORRELATED Login Success after suspicious activity`; content: `Login 3a Success`; flowbits: isset...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED FTP file transfer after suspicious activity 2 `; program: %ASA 6 303002; classtype: correlated...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED FTP file transfer after suspicious activity`; program: %ASA 6 303002; classtype: correlated...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED VPN login after suspicious activity 2 `; program: %ASA 6 722022 %ASA 6 722023; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED ACS Login success after suspicious activity`; program: CisACS 01 PassedAuth; classtype: correlated...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO CORRELATED VPN login after suspicious activity`; program: %ASA 6 734001; classtype: correlated...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO CORRELATED VPN disconnect after suspicious activity`; program: %ASA 4 113019 %ASA 6 716002 %ASA...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` CISCO CORRELATED VPN login after suspicious activity`; program: %ASA 6 716001 %ASA 6 716038; classtype...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED Login permitted after suspicious activity`; program: %ASA 6 605005; classtype: correlated attack...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` CISCO CORRELATED Console login after suspicious activity`; program: %SEC LOGIN 5 LOGIN SUCCESS; classtype: correlated...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` CITRIX CORRELATED SSLVPN HTTPREQUEST after suspicious activity`; content: `SSLVPN HTTPREQUEST`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` CITRIX CORRELATED AAA LOGIN FAILED after suspicious activity`; content: `AAA LOGIN FAILED`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` CITRIX CORRELATED Login after suspicious activity`; content: `SSLVPN LOGIN`; classtype: correlated attack...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH CORRELATED Authentication success via keyboard interactive after suspicious activity`; content:...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH CORRELATED Authentication success via public key after suspicious activity`; content: `Accepted...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH CORRELATED Authentication success via password after suspicious activity`; content: `Accepted password...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS CORRELATED Successful RDP login from known brute force`; pcre: `/ 528: 4624: /`; content: `Logon Type...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE System protection disabled`; pcre: `/ 7034: 7035: 7046: 7040: 4689: 593: /` ; pcre...

«Previous   1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16   Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback