alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Duplicate IP address assigned to controller`; program: snmptrapd; content: ` SWITCH DETECTED DUPLICATE...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station blacklisted`; program: snmptrapd; content: ` STATION BLACKLISTED 28 `; classtype: suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station association failure`; program: snmptrapd; content: ` STATION ASSOCIATE FAIL 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Station authentication failure`; program: snmptrapd; content: ` STATION AUTHENTICATION FAIL...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal low temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE LOW...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Internal high temperature detected!`; program: snmptrapd; content: ` SENSED TEMPERATURE HIGH...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP has been removed`; program: snmptrapd; content: ` ROGUE AP REMOVED 28 `; classtype: suspicious...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP on the network!`; program: snmptrapd; content: ` ROGUE AP ON NETWORK 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP or ADHOC detected`; program: snmptrapd; content: ` ROGUE AP DETECTED 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Authentication failure by local management user/MAC `; program: snmptrapd; content: ` BSN AUTHENTICATION...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME SNMP Authentication failure`; program: snmptrapd; content: ` AUTHENTICATION FAILURE 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detected exceed theshold`; program: snmptrapd; content: ` AP MAX ROGUE COUNT EXCEEDED...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME Rogue AP detect and contained`; program: snmptrapd; content: ` AP CONTAINED AS ROGUE 28 `; classtype...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` CISCO PRIME BIG NAV DOS Attack`; program: snmptrapd; content: ` AP BIG NAV DOS ATTACK 28 `; classtype: attempted...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE RASWMI Malware process detected`; pcre: `/ 4688: 592: /`; content: ` 3a \Windows\system...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS EMET EMET process stopped, but not due to reboot`; pcre: `/ 4689: 593: /` ; content: `EMET Agent...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` ARTILLERY SSH brute force violation`; content: `SSH brute forcing violations`; classtype: unsuccessful user...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport attack detected`; content: `detected an attack`; content: `honeypot`; parse src ip: 1;...
alert syslog $EXTERNAL NET any $HOME NET any (msg:` ARTILLERY Honeyport blocked/blacklisted address`; content: `honeypot restricted port`; content: `blocked`;...
alert tcp $EXTERNAL NET any $HOME NET $FTP PORT (msg:` ARTILLERY FTP brute force violation`; content: `FTP brute forcing`; flowbits: set,brute force,86400; classtype...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg: ` BRO SSH Login By Password Guesser`; content: `SSH 3a 3a Login By Password Guesser`; program: bro; parse...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by dst...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` CISCO GEOIP FTP file transfer from outside HOME COUNTRY`; program: %ASA 6 303002; country code: track by src...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials at suspicious time`; pcre: `/ 552: 4648: /`; content...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 at suspicious time`; pcre: `/ 528: 4624: /`; content: `Logon Type 3a...
alert syslog $EXTERNAL NET any $HOME NET any (msg: ` WINDOWS GEOIP Windows Logon at suspicious time`; pcre: `/ 540: 4624: /`; classtype: successful user; program...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via keyboard at suspicious time`; content: `Accepted keyboard interactive...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via publickey at suspicious time`; content: `Accepted publickey`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $SSH PORT (msg:` OPENSSH AETAS Authentication success via password at suspicious time`; content: `Accepted password`; classtype...
alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg:` RIVERBED Administrator Login Failure Brute Force 5/5 `; content: `password is not recognized`; parse...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP Logon attempt using explicit credentials from outside HOME COUNTRY`; pcre: `/ 552: 4648: /`;...
alert tcp $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS GEOIP RDP / Logon type 10 from outside HOME COUNTRY `; pcre: `/ 528: 4624: /`; content: `Logon Type...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious Tool Event`; pcre: `/ 4688: 592: /`; pcre: `/win32dd.exe win64dd.exe cachedump...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious application crash`; content: ` 4097 3a `; pcre: `/Adobe Microsoft Office Java...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for explorer.exe`; pcre: `/ 4688: 592: /`; content: `\explorer.exe...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Incorrect path called for svchost.exe`; pcre: `/ 4688: 592: /`; content: `\svchost.exe`...
alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Suspicious misspelled process`; pcre: `/ 4688: 592: /`; pcre: `/(scvhost svcdost scvdost...