alert syslog $EXTERNAL NET any $HOME NET any (msg: ` SYSLOG Authentication failure Brute force 25/1 `; pcre: `/failed to authorize wrong password given repeated...
alert tcp $EXTERNAL NET any $HOME NET 3128 (msg:` SQUID @CGIDIRScgiwrap attempt`; content: `@CGIDIRScgiwrap`; classtype: web application activity; program: squid...
alert udp $EXTERNAL NET any $HOME NET $NTP PORT (msg: ` NTP Permission denied error`; content:`permission denied`; program: ntpd initres; classtype: program error...
alert udp $EXTERNAL NET any $HOME NET $SNMP PORT (msg: ` CISCO SDEE SNMP Community Name Brute Force Attempt`; content: `SID: 4502 ,`; parse src ip: 1; parse dst...
alert syslog any any (msg: ` PUREFTPD FTPCHK3 file accessed by user`; content: `ftpchk3`; pcre: `/CHMOD DELE STOR/i`; program: pure ftpd; classtype: suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` NGINX Nginx brute force authentication attempt 5/1 `; pcre: `/password mismatch, client was not found in/i...
alert tcp $EXTERNAL NET any $HOME NET $IMAP PORT (msg: ` IMAPD Brute force attack 5/1 `; pcre: `/Login failed user AUTHENTICATE LOGIN failure/i`; classtype:...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP Brute force Attempt 5/1 `; content: `failed to login after`; content: `sshd`; flowbits: set...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed invalid extension 5/5 `; content: `No matching peer found`; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed invalid user 5/5 `; content: `Username/auth name mismatch`; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ASTERISK Brute force login session failed 5/5 `; content: `Wrong password`; flowbits: set,brute force,...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Computer failed to receive Notifier Logo`; content: `Computer failed to receive Notifier Logo`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Exclusive access to a file was blocked because of tamper protection`; content: `Exclusive access to`...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent detected a problem`; content: `Bit9 Agent detected a problem`; parse src ip: 1; program:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Server detected revocation of certificate`; content: `Server detected revocation of certificate`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 File was identified by Bit9 Software Reputation Service as a potential risk`; content: `Bit9 Software...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent failed a health check`; content: `Bit9 Agent failed a health check`; parse src ip: 1; program...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Modification of registry was blocked`; content: `of registry`; content: `was blocked because of tamper...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Permission change was blocked`; content: `Permission change on`; content: `was blocked`; content: `Bit...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent blocked an attempt to delete file`; content: `Bit9 Agent blocked an attempt to delete`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Bit9 Agent blocked an attempt to create file`; content: `Bit9 Agent blocked an attempt to create`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Disk configuration change detected`; content: `Disk configuration change detected`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Server discovered new certificate`; content: `Server discovered new certificate`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Computer reported that signature on file is invalid`; content: `reported that signature on file`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 File was executed for the first time`; content: `File`; content: `was executed for the first time`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 A new device was mounted`; content: `A new device`; content: `was mounted as drive`; content: `Bit9 event...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BIT9 Non System Filemods to system32`; content: `Carbon Black process watchlist 27 Non System Filemods to...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Connection from suspicious source`; program: imapd imapd ssl; content: `Connection,`; bluedot...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Disconnect from suspicious source`; program: imapd imapd ssl; content: `DISCONNECTED,`;...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Timeout from suspicious source`; program: imapd imapd ssl; content: `TIMEOUT,`; bluedot...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Logout from suspicious source`; program: imapd imapd ssl; content: `LOGOUT,`; bluedot: reputation...
alert tcp $HOME NET any $EXTERNAL NET $IMAP PORT (msg: ` IMAPD BLUEDOT Login from suspicious source`; program: imapd imapd ssl; content: `LOGIN,`; bluedot: reputation...