Recent Changes in Main Web retrieved at 22:36 (GMT)

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station blacklisted`; program: snmptrapd; content: ` STATION BLACKLISTED 28 `; classtype: suspicious...

5002133

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station association failure`; program: snmptrapd; content: ` STATION ASSOCIATE FAIL 28 `; classtype...

5002132

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station authentication failure`; program: snmptrapd; content: ` STATION AUTHENTICATION FAIL...

5002131

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal low temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE LOW...

5002130

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal high temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE HIGH...

5002129

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP has been removed`; program: snmptrapd; content: ` ROGUE AP REMOVED 28 `; classtype: suspicious...

5002128

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP on the network!`; program: snmptrapd; content: ` ROGUE AP ON NETWORK 28 `; classtype...

5002127

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP or ADHOC detected`; program: snmptrapd; content: ` ROGUE AP DETECTED 28 `; classtype...

5002126

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Authentication failure by local management user/MAC `; program: snmptrapd; content: ` BSN AUTHENTICATION...

5002125

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME SNMP Authentication failure`; program: snmptrapd; content: ` AUTHENTICATION FAILURE 28 `; classtype...

5002124

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detected exceed theshold`; program: snmptrapd; content: ` AP MAX ROGUE COUNT EXCEEDED...

5002123

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detect and contained`; program: snmptrapd; content: ` AP CONTAINED AS ROGUE 28 `; classtype...

5002122

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME BIG NAV DOS Attack`; program: snmptrapd; content: ` AP BIG NAV DOS ATTACK 28 `; classtype: attempted...

5002103

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE RASWMI Malware process detected`; pcre: `/ 4688: 592: /`; content: ` 3a \Windows\system...

5002102

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS EMET EMET process stopped, but not due to reboot`; pcre: `/ 4689: 593: /` ; content: `EMET Agent...

5002089

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` ARTILLERY SSH brute force violation`; content: `SSH brute forcing violations`; classtype: unsuccessful user...

5002087

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport attack detected`; content: `detected an attack`; content: `honeypot`; parse src ip: 1;...

5002086

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport blocked/blacklisted address`; content: `honeypot restricted port`; content: `blocked`;...

5002081

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` ARTILLERY FTP brute force violation`; content: `FTP brute forcing`; flowbits: set,brute force,86400; classtype...

5002067

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg: ` BRO SSH Login By Password Guesser`; content: `SSH 3a 3a Login By Password Guesser`; program: bro; parse...

5002063

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` BRO SSH Password Guessing 0/5 `; content: `SSH 3a 3a Password Guessing`; program: bro; classtype: misc...

5002060

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by dst...

5002059

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by src...

5002057

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials at suspicious time`; pcre: `/ 552: 4648: /`; content...

5002056

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 at suspicious time`; pcre: `/ 528: 4624: /`; content: `Logon Type 3a...

5002055

1 year ago - NEW Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS GEOIP Windows Logon at suspicious time`; pcre: `/ 540: 4624: /`; classtype: successful user; program...

5002051

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via keyboard at suspicious time`; content: `Accepted keyboard interactive...

5002050

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via publickey at suspicious time`; content: `Accepted publickey`; classtype...

5002049

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via password at suspicious time`; content: `Accepted password`; classtype...

5002033

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` RIVERBED Administrator Login Failure Brute Force 5/5 `; content: `password is not recognized`; parse...

5002023

1 year ago - NEW Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` JUNIPER VPN Login failed Brute Force 10/5 `; program: Juniper; pcre: `/ Login failed authentication...

5002020

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials from outside HOME COUNTRY`; pcre: `/ 552: 4648: /`;...

5002016

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 from outside HOME COUNTRY `; pcre: `/ 528: 4624: /`; content: `Logon Type...

5002006

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious Tool Event`; pcre: `/ 4688: 592: /`; pcre: `/win32dd.exe win64dd.exe cachedump...

5002003

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious application crash`; content: ` 4097 3a `; pcre: `/Adobe Microsoft Office Java...

5002002

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for explorer.exe`; pcre: `/ 4688: 592: /`; content: `\explorer.exe...

5002001

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for svchost.exe`; pcre: `/ 4688: 592: /`; content: `\svchost.exe`...

5001999

1 year ago - NEW Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious misspelled process`; pcre: `/ 4688: 592: /`; pcre: `/(scvhost svcdost scvdost...

5001998

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 23 (msg: ` NFCAPD Telnet Traffic Detected via PUSH/ACK 5/5 `; program: nfcapd; normalize: nfcapd; content: `/23, protocol...

5001996

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 22 (msg: ` NFCAPD PUSH/ACK Traffic Detected 5/5 `; program: nfcapd; normalize: nfcapd; content: `/22, protocol 3a TCP,...

5001995

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 7000 (msg: ` NFCAPD Possible IRC Port 7000 5/5 `; program: nfcapd; normalize: nfcapd; content: `/7000, protocol 3a TCP...

5001994

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6999 (msg: ` NFCAPD Possible IRC Port 6669 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6669, protocol 3a TCP...

5001993

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6998 (msg: ` NFCAPD Possible IRC Port 6668 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6668, protocol 3a TCP...

5001992

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6666 (msg: ` NFCAPD Possible IRC Port 6666 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6666, protocol 3a TCP...

5001991

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6665 (msg: ` NFCAPD Possible IRC Port 6665 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6665, protocol 3a TCP...

5001990

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6664 (msg: ` NFCAPD Possible IRC Port 6664 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6664, protocol 3a TCP...

5001989

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6663 (msg: ` NFCAPD Possible IRC Port 6663 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6663, protocol 3a TCP...

5001988

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6662 (msg: ` NFCAPD Possible IRC Port 6662 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6662, protocol 3a TCP...

5001987

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6661 (msg: ` NFCAPD Possible IRC Port 6661 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6661, protocol 3a TCP...

5001986

1 year ago - NEW Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET 6660 (msg: ` NFCAPD Possible IRC Port 6660 5/5 `; program: nfcapd; normalize: nfcapd; content: `/6660, protocol 3a TCP...

«Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r5 - 2006-11-15 - TWikiContributor