Thanks for your help. In that case would you know a rule to use snort to sniff network traffic before and after an application is installed and show an alert if anything major has changed ?

On 29 March 2018 at 13:33, Shane Corridon <> wrote:
Hi All,

I am looking for a rule to scan the computer after a new program has been installed and return any alarming results or return an "Everything is normal" result.

Is there anything out there like this already?

Thanks for your help