Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:64300
This rule looks for attempts to bypass authentication to invoke an unsafe function in the Windows Open Management Infrastructure web application.
1:64299
This rule looks for requests to the Zabbix "/setup.php" endpoint that attempt to reconfigure the Zabbix database settings. Malicious actors, if successful, can utilize this to get administrative access to the Zabbix frontend.
1:63806
This rule detects a crafted HTTP request commonly used by the Grandoreiro strain of malware
1:63728
This rule alerts on network communications from the Earthworm network proxy tool. This rule may alert on any of the subcommands involved in the client-server handshake of custom TCP protocol used by Earthworm, including the establishment of a reverse socks5 tunnel from the server to the client.
1:63727
This rule alerts on network communications from the Earthworm network proxy tool. This rule may alert on any of the subcommands involved in the client-server handshake of custom TCP protocol used by Earthworm, including the establishment of a reverse socks5 tunnel from the server to the client.
1:63618
This rule looks for command injection metacharacters in the "value" JSON key of a HTTP client body