The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Latest rule documents - Search
This rule will alert when it sees a pdf that is trying to use the a function which initiates network communication and can violate corporate policy and is used in a number of adobe exploits.
This rule detects specific binary artifacts of RC4 decryption
This rule looks for requests for ASP files coming from an attacked host during a secondary stage of attack.
This rule looks for the use of the StartRemoteProjectCopy function of Rockwell FactoryTalk View SE to cause the server to copy a project from an attacker controlled URI locally to the server.
This rule looks for the use of the BackupHMI function in an HTTP request coming from a FactoryTalk device. This could be an indication of potential compromise.
This rule looks for a large number of page requests to ASP files in a short period of time to the Rockwell FactoryTalk server in an attempt win a race condition to trigger an attackers uploaded ASP file.