[Snort-users] Snort rule to monitor for a specific user login

Jesse Lands cryptograffiti at ...11827...
Thu Aug 13 11:18:53 EDT 2009


> If you can see the data in network traffic, you can write a rule to find
> it.
>
> --
> Nigel Houghton
> Head Mentalist
> SF VRT
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
>

I guess it would have helped if I was a little more specific.  I want to
monitor for a list of Windows logins used across the network.  Users who
don't have access or shouldn't anymore.  I have a list of logins that are in
use, but don't have a central log collection and have to many computers to
individually check each system.

Thanks again
Jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090813/2eaebc0f/attachment.html>


More information about the Snort-users mailing list