[Snort-users] Help with a rule

Joel Esler jesler at ...1935...
Sat Jan 19 11:44:02 EST 2013


Dear Michael,

Thanks for your email.  I believe you will find what you are looking for here: http://manual.snort.org/node291.html


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Jan 19, 2013, at 9:45 AM, Michael Bower <mbower2 at ...11827...> wrote:

> I am needing to  write a rule to look for file downloads of 2 files.  We have found some bytes that the 2 binaries have in common.  Is there a way to use these in a rule to alert me on download of the files or anything with the similar bytes?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130119/d4dc6973/attachment.html>


More information about the Snort-users mailing list