Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-54675
This rule looks for requests for ASP files coming from an attacked host during a secondary stage of attack.
1-54674
This rule looks for the use of the StartRemoteProjectCopy function of Rockwell FactoryTalk View SE to cause the server to copy a project from an attacker controlled URI locally to the server.
1-54673
This rule looks for the use of the BackupHMI function in an HTTP request coming from a FactoryTalk device. This could be an indication of potential compromise.
1-54672
This rule looks for a large number of page requests to ASP files in a short period of time to the Rockwell FactoryTalk server in an attempt win a race condition to trigger an attackers uploaded ASP file.
1-54671
This rule looks for the use of the GetHMIProjectPath function of Rockwell FactoryTalk View SE to get local path information about an installed project.
1-54670
The rule looks for the use of the GetHMIProjects to get a list of installed projects on the device.