Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-52450
This event is generated when an attempt to trigger a buffer overflow in the Squid caching proxy is observed.
1-52449
This event is generated when an outbound connection to ddns.net is detected. This could mean that a device is accessing a distributed DNS outside of its network and may be relying on an external service, instead of a trusted internal distributed DNS, to resolve its requests.
1-52448
This event is generated when a Doc.Malware.Gamaredon variant second stage download detected. This download will be an encoded text file that will later be decoded by the malware into an .exe file.
1-52447
This event is generated when a Doc.Malware.Gamaredon variant second stage download detected. This download will be an encoded text file that will later be decoded by the malware into an .exe file.
1-52446
This event is generated when a Doc.Malware.Gamaredon variant second stage download detected. This download will be a .dot file.
1-52445
This event is generated when a Doc.Malware.Gamaredon outbound connection is detected.