Hi Shane, i suggest looking into ossec or wazuh or another host intrusion detection system for this not snort.

On Mar 31, 2018 9:06 AM, "Joel Esler (jesler) via Snort-openappid" <snort-openappid@lists.snort.org> wrote:
Well, all of the rules can be used like that.   I think you aren’t familiar with Snort...

Sent from my iPhone

On Mar 31, 2018, at 05:32, Shane Corridon via Snort-sigs <snort-sigs@lists.snort.org> wrote:

Thanks for your help. In that case would you know a rule to use snort to sniff network traffic before and after an application is installed and show an alert if anything major has changed ?



On 29 March 2018 at 13:33, Shane Corridon <shane.corridon@mycit.ie> wrote:
Hi All,

I am looking for a rule to scan the computer after a new program has been installed and return any alarming results or return an "Everything is normal" result.

Is there anything out there like this already?

Thanks for your help

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!