Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:64120
This rule looks for JSON key-values containing data indicating an attempt to trigger a remote code execution vulnerability.
1:64119
This rule looks for JSON key-values containing data indicating an attempt to trigger a remote code execution vulnerability.
1:64118
This rules specifically looks for known-unique strings inside a Cicada3301 ransomware executable.
1:64117
This rules specifically looks for known-unique strings inside a Cicada3301 ransomware executable.
1:64116
This rule looks for outbound HTTP requests known to be specific to Win.Trojan.DustyHammock outbound cnc communications.
1:64115
This rule looks for a excessive number of requests to '/secure/ViewUserHover.jspa' that exceed a threshold. Such a number of requests could indicate a potential recon attempt by an attacker.