[Snort-users] Rule set for non-intrusive events?

Steve Marotta smarotta at ...16014...
Wed Jan 9 11:47:06 EST 2013

Has anyone ever developed and published a Snort rule set that reports normal, non-intrusive, high-level events? Something like, SSH login, MySQL transaction, HTTP response, that sort of thing. I realize that's not quite in the domain for which Snort was intended, but it's technically possible and seems like someone that at least one other person out there has wanted to do. Or maybe not. Do any of you know if something like that is available?

THIS MESSAGE IS INTENDED FOR THE USE OF THE PERSON TO WHOM IT IS ADDRESSED. IT MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If you are not the intended recipient, your use of this message for any purpose is strictly prohibited. If you have received this communication in error, please delete the message and notify the sender so that we may correct our records.

More information about the Snort-users mailing list