[Snort-users] Snort rule to monitor for a specific user login
cryptograffiti at ...11827...
Thu Aug 13 11:18:53 EDT 2009
> If you can see the data in network traffic, you can write a rule to find
> Nigel Houghton
> Head Mentalist
> SF VRT
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
I guess it would have helped if I was a little more specific. I want to
monitor for a list of Windows logins used across the network. Users who
don't have access or shouldn't anymore. I have a list of logins that are in
use, but don't have a central log collection and have to many computers to
individually check each system.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users