Recent Changes in Main Web retrieved at 05:49 (GMT)

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI File issued retrospective malicious disposition`; content: `malicious action allow`; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI WPA failed authentication attempt`; content: `auth neg failed `1``; content: `type disassociation...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI 802.1x failed authentication attempt`; content: `type 8021x eap failure radio `0``; content:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI WPA failed authentication attempt`; content: `type device packet flood`; content: `packet `deauth...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI Flow denied by Layer 3 firewall`; content: `MR18 flows deny`; classtype: suspicious traffic;...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI Virtual router collision`; content: `VRRP`; classtype: system event; sid:5003052; rev:1;)...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI VRRP transition`; content: `VRRP`; content: `changed`; classtype: system event; sid:5003053;...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO MERAKI Blocked DHCP server response`; content: `Blocked DHCP`; classtype: system event; sid:...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS MISC Windows audit log was cleared`; pcre: `/ 517: 1102: /`; classtype: system event; program:...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MISC System shutdown FLOWBIT SET `; content: ` 1074 3a `; program: USER32; flowbits: set, reboot...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO MERAKI SSID Spoofing Detected`; content: `type ssid spoofing detected`; classtype: suspicious traffic...
alert udp $HOME NET any $EXTERNAL NET any (msg:` CISCO BLUEDOT Suspicious UDP connection detected via Bluedot`; program: %ASA 6 ; content: ` UDP `; content:...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA Clamd Threat Detected`; content: `FOUND`; classtype: unsuccessful user; reference: url,wiki.quadrantsec...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA SYNC User password mismatch 5/3 `; content: `User password mismatch`; flowbits: set,brute force,...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA GEOIP EWS Authentication from outside HOME COUNTRY`; content: `is on local server`; classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA GEOIP NGNIX Authentication from outside HOME COUNTRY`; content: `client logged in`; classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA GEOIP SASL Authentication from outside HOME COUNTRY`; content: `sasl method `; content: `sasl username...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA SYNC Brute force invalid username or password 5/3 `; content: `Invalid username or password`; flowbits...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA MS ActiveSync Brute force invalid password 5/3 `; content: `error authentication failed`; content...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA SOAP Invalid user Brute force invalid password 5/3 `; content: `authentication failed`; content:...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA SOAP Invalid user Brute force account not found 5/3 `; content: `authentication failed`; conent:...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ZIMBRA SASLAUTHD Brute force 5/3 `; content: `auth failure`; content: `saslauthd`; classtype: unsuccessful...
alert tcp $EXTERNAL NET any $HOME NET 465 (msg:` ZIMBRA Postfix/SMTPS/SMTPD Brute force 5/3 `; content: `authentication failed`; flowbits: set,brute force,...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FORTINET MALWARE Potential malware traffic detected`; content: `msg 22 Botnet`; content: !`dtype 22 ip 2d...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Proftp logs detected via program.`; program: proftpd; dynamic load: $RULE PATH/proftpd.rules; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC SSH Tectia Server logs detected via program.`; program: SSH Tectia Server; dynamic load: $RULE PATH...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` DYNAMIC Cisco ASA logs detected via program.`; program: %ASA %FWSM ; dynamic load: $RULE PATH/bro ids.rules...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` VSFTPD BLUEDOT File uploaded from outside HOME COUNTRY`; content: `OK UPLOAD`; classtype: suspicious traffic...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` VSFTPD BLUEDOT Authentication successful from outside HOME COUNTRY`; content: `OK LOGIN`; classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE BLUEDOT User login successful from a suspicious source`; content: `Accepted password`; classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE BLUEDOT User login successful from a suspicious source`; content: ` logged in `; classtype: successful...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` VMWARE BLUEDOT User login successful from a suspicious source`; pcre: `/Accepted password for login from/i...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` SSH TECTIA SERVER BLUEDOT Authentication success from a suspicious source`; content: `Login success`; classtype...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FILE BLUEDOT Flash Downloaded a suspicious source`; program: snort; bluedot: type ip reputation, track by...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FILE BLUEDOT PDF Downloaded a suspicious source`; program: snort; bluedot: type ip reputation, track by src...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FILE BLUEDOT Jar/Zip Downloaded a suspicious source`; program: snort; bluedot: type ip reputation, track by...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FILE BLUEDOT Java Downloaded from a suspicious source`; program: snort; bluedot: type ip reputation, track...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` FILE BLUEDOT Executable Downloaded from a suspicious source`; program: snort; bluedot: type ip reputation...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` RIVERBED BLUEDOT Administrator Login a suspicious source`; content: `logged in`; parse src ip: 1; classtype...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` PROFTPD BLUEDOT Authentication success from suspicious source`; content: `Login successful`; bluedot: type...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH BLUEDOT Authentication success via keyboard from suspicious source`; content: `Accepted keyboard...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH BLUEDOT Authentication success via publickey from suspicious source`; content: `Accepted publickey...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH BLUEDOT Authentication success via password from suspicious source`; content: `Accepted password...
alert tcp $HOME NET any $EXTERNAL NET $SSH PORT (msg: ` ScreenOS BLUEDOT Juniper ScreenOS Admin Login from suspicious source`; content: `Admin user`; content:...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` JUNIPER BLUEDOT VPN Logout from suspicious source`; program: Juniper; content: `Logout from`; bluedot...
alert tcp $HOME NET any $EXTERNAL NET $HTTPS PORT (msg: ` JUNIPER BLUEDOT VPN Login from suspicious source`; program: Juniper; pcre: `/Authentication successful...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` FATPIPE BLUEDOT Login Success ADMINISTRATOR from suspicious source`; content: `Login 3a Success`...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` FATPIPE BLUEDOT Login Success from suspicious source`; content: `Login 3a Success`; classtype: successful...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Unsuccessful Configuration Utility Login from suspicious source`; content: `failed...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP BLUEDOT Successful Configuration Utility Login from suspicious source`; content: `mod auth...

«Previous   1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16   Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback