alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access PHP Timeclock Page`; content:`/db.php` classtype: web application attack...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Joomla Page`; content:`/configuration.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Drupal DB Config File`; content:`/sites/default/settings.php` classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Possible SQL Injection`; content:` 3b ` classtype: web application attack; parse src ip:...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access robots.txt File`; content:`robots.txt` classtype: web application attack...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access PHPMyAdmin Changelog Page`; content:`/changelog.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default Cacti Login Page`; content:`/include/config.php` classtype: web...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access a Webshell via WordPress`; content:`/wp login.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access Default WordPress Login Page`; content:`/wp login.php` classtype: web application...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Possible LFI Attempt`; content:`index.php?system ` classtype: web application attack; parse...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS RFI Attempt`; content: `index.php?cmd `; content: `page `; classtype: web application attack...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` YUBIKEY Invalid OTP`; program: yk chkpwd; content: `password check failed for user`; after: track by src,...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL WLAN sequence number out of order sequencing error/EMF interference/rogue AP`; content: `WLAN sequence...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Radio frequency threat detected`; content: `WLAN radio frequency threat detected`; classtype: exploit...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL WLAN firmware image has been updated`; content: `WLAN firmware image has been updated`; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Hardware failure Voltages Out of Tolerance`; content: `Voltages Out of Tolerance`; classtype: hardware...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Virtual Access Point is enabled`; content: `Virtual Access Point is enabled`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Virtual Access Point is disabled`; content: `Virtual Access Point is disabled`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection TCP Xmas Tree dropped`; content: `TCP Xmas Tree dropped`; classtype: network...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL System clock manually updated`; content: `System clock manually updated`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN Flood Mode changed by user`; content: `SYN Flood Mode changed by user to...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN flood ceased or flooding machines blacklisted`; content: `SYN flood ceased...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection SYN Flood blacklisting enabled by user`; content: `SYN Flood blacklisting enabled...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Sub Seven attack dropped`; content: `Sub Seven attack dropped`; classtype:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Source routed IP packet dropped`; content: `Source routed IP packet dropped...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL User name too long`; content: `SonicWALL SSO agent returned user name too long`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SSO agent returned error`; content: `SonicWALL SSO agent returned error`; classtype: system event...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Domain name too long`; content: `SonicWALL SSO agent returned domain name too long`; classtype: system...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SonicWALL SSO agent is up`; content: `SonicWALL SSO agent is up`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL SonicWALL SSO agent is down`; content: `SonicWALL SSO agent is down`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall starting up`; content: `SonicWALL initializing`; classtype: system event; parse src ip:...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall activated`; content: `SonicWALL activated`; classtype: system event; parse src ip: 1; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection RST Flood Blacklist`; content: `RST Flood Blacklist on IF`; classtype: attempted...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall rebooting`; content: `Restarting SonicWALL`; classtype: system event; parse src ip: 1; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Sonicwall License Expired`; content: `SonicWALL`; content: `expired`; classtype: system event; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Possible recon`; content: `Probing suceeded on`; classtype: successful recon limited...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Firewall Hardware Clock battery has failed`; content: `Real time clock battery failure Time values...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Recon attempt`; content: `Probing suceeded on`; classtype: successful recon limited...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Wan Failover Possible recon attempt`; content: `Probing failure on`; classtype: attempted recon...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable TCP FIN scan detected`; content: `Probable TCP FIN scan detected`...
alert syslog $HOME NET any $EXTERNAL NET any (msg:` SONICWALL Intrusion Detection Probable port scan detected`; content: `Probable port scan detected`; classtype...