[Snort-sigs] Help needed writing GET requests

Sabawoon Mageedzada sabawoon.majeedzada at ...2420...
Mon Jul 14 14:52:10 EDT 2014


Hello Everyone,

I would appreciate if someone can help me with writing a rule that helps me
detect GET requests to a web application. I am a new b and I have tried
some rules which did not worked.

The next step : There will be multiple GET request to a web application,
and a dynamic rule that can detect a specific pattern inside the GET
request would also help me. These are get request that are suspicions to
web application and they are crafted to attack the web application. What
types of attack this kind of scenario is ?

Also,what output module should I use for my alerts to be human reader.
unified2 and fast are all binary, I would like to have a better alert files
that would help me read the alert files in /logs directory.

using snort 2.9.3 version.

Thanks,
SF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140714/546d5688/attachment.html>


More information about the Snort-sigs mailing list