[Snort-sigs] Snort rules

Y M snort at outlook.com
Sun Jul 22 14:58:58 EDT 2018


I will assume you already have the registered ruleset. Look for sid:19559 (INDICATOR-SCAN SSH brute force login attempt).
________________________________
From: Snort-sigs <snort-sigs-bounces at lists.snort.org> on behalf of Jean Michel Tangu? via Snort-sigs <snort-sigs at lists.snort.org>
Sent: Sunday, July 22, 2018 9:49 PM
To: snort-sigs at lists.snort.org
Subject: [Snort-sigs] Snort rules

please it's an emergency .. I need the rule that triggers an alert automatically when more than two or three ssh login attempts have been made
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180722/245ad26b/attachment.html>


More information about the Snort-sigs mailing list