[Snort-users] Rule set for non-intrusive events?

Castle, Shane scastle at ...14946...
Wed Jan 9 11:51:06 EST 2013

Look at Bro: http://bro-ids.org/ 

Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: Steve Marotta [mailto:smarotta at ...16014...] 
Sent: Wednesday, January 09, 2013 09:47
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Rule set for non-intrusive events?

Has anyone ever developed and published a Snort rule set that reports normal, non-intrusive, high-level events? Something like, SSH login, MySQL transaction, HTTP response, that sort of thing. I realize that's not quite in the domain for which Snort was intended, but it's technically possible and seems like someone that at least one other person out there has wanted to do. Or maybe not. Do any of you know if something like that is available?

THIS MESSAGE IS INTENDED FOR THE USE OF THE PERSON TO WHOM IT IS ADDRESSED. IT MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If you are not the intended recipient, your use of this message for any purpose is strictly prohibited. If you have received this communication in error, please delete the message and notify the sender so that we may correct our records.

Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list