Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-54706
The rule is looking for DNS response with CNAME record containing more than 20 pointer
1-54705
The rule is looking for DNS response with CNAME record containing more than 20 pointer
1-54703
This rule alerts on outbound C2 traffic from a QNAP device infected by a QSnatch/Derek malware variant.
1-54693
This rule alerts when Win.Trojan.Ursnif traffic is detected.
1-51475
This event is generated when an attempt is made to perform an unsafe deserialization function against a Microsoft SharePoint application. Impact: Remote Code Execution Details: Microsoft SharePoint suffers from an unsafe deserialization vulnerability that could allow malicious users the ability run unauthorized code on a server. To take advantage of this vulnerability the malicious user must have credentials to the system that allow them the ability to make changes and upload BCD model files on the system. Ease of Attack: Simple
1-48579
This event is generated when an attacker attempts to exploit a UAF vulnerability in Adobe Acrobat Reader. Impact: Attempted User Privilege Gain Details: Rule checks for attempts to exploit a UAF vulnerability in Adobe Acrobat Reader. Ease of Attack: