[Snort-users] Help with snort rule and notifications

SnortFan SnortFan at ...131...
Sat Feb 15 11:02:14 EST 2014


Here's a quick and dirty way. You can take another rule and copy it. Then you have to pick a Sid that's not in use. 

Change the msg content to the URL. 

If you create a new rules file, you will have to include it in your snort.conf. 

If you using something like barnyard2 there's more to do.  

Cheers,
Ed



Sent from a mobile device. 

> On Feb 14, 2014, at 4:33 PM, Trever Leingod <treverleingod at ...125...> wrote:
> 
> I am quite new to using Snort. 
> 
> 
> 
> I was hoping to get pointers on how write a rule to get notification if a certain website, like say www.facebook.com, is opened in a web browser, and how would I get this notification/alert to show.
> 
> 
> 
> Trever Leingod
> 
> ------------------------------------------------------------------------------
> Android apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience.  Start now.
> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140215/a71d450e/attachment.html>


More information about the Snort-users mailing list