Thanks for your help. In that case would you know a rule to use snort to sniff network traffic before and after an application is installed and show an alert if anything major has changed ?



On 29 March 2018 at 13:33, Shane Corridon <shane.corridon@mycit.ie> wrote:
Hi All,

I am looking for a rule to scan the computer after a new program has been installed and return any alarming results or return an "Everything is normal" result.

Is there anything out there like this already?

Thanks for your help