[Snort-openappid] [Snort-sigs] Snort Rule
Joel Esler (jesler)
jesler at cisco.com
Sat Mar 31 09:06:40 EDT 2018
Well, all of the rules can be used like that. I think you aren’t familiar with Snort...
Sent from my iPhone
On Mar 31, 2018, at 05:32, Shane Corridon via Snort-sigs <snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>> wrote:
Thanks for your help. In that case would you know a rule to use snort to sniff network traffic before and after an application is installed and show an alert if anything major has changed ?
On 29 March 2018 at 13:33, Shane Corridon <shane.corridon at mycit.ie<mailto:shane.corridon at mycit.ie>> wrote:
I am looking for a rule to scan the computer after a new program has been installed and return any alarming results or return an "Everything is normal" result.
Is there anything out there like this already?
Thanks for your help
Snort-sigs mailing list
Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org>
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org<http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid