Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-61884
This rule looks for known strings in the Win.Earthworm proxy tool.
1-61883
This rule looks for known strings in the Win.Earthworm proxy tool.
1-61882
This rule looks for strings known to be specific to PowerShell scripts that are used to dump credentials from a Veeam Backup Server database.
1-61881
This rule looks for strings known to be specific to PowerShell scripts that are used to dump credentials from a Veeam Backup Server database.
1-61880
This rule detects an attempted inbound communication from the Win.Trojan.RedLine C2 server by looking for specific data used at the start of the server response.
1-61879
This rule looks for key sequences associated with the webshell used in the MOVEIt SQL injection vulnerability from June, 2023 that does not yet have any associated CVE.