[Snort-sigs] Alerts for OOXML and MOX

wkitty42 at windstream.net wkitty42 at windstream.net
Sun Sep 3 11:45:27 EDT 2017


On 09/03/2017 11:32 AM, James Lay wrote:
> On Sun, 2017-09-03 at 14:01 +0000, Will via Snort-sigs wrote:
>>     I am pretty new to the Snort world.  I am wondering if it is possible to 
>> create an alert that can look inside OOXML or MOX type formats to find clear 
>> text content.  The thing about these file types are they are compressed files 
>> with it's own  file structure within the file. [...]

> Check out the preproc sensitive-data.rules...should be what you need.


if they can decompress the OOXML or MOX type formats, right? ;)


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*



More information about the Snort-sigs mailing list