Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:63806
This rule detects a crafted HTTP request commonly used by the Grandoreiro strain of malware
1:63728
This rule alerts on network communications from the Earthworm network proxy tool. This rule may alert on any of the subcommands involved in the client-server handshake of custom TCP protocol used by Earthworm, including the establishment of a reverse socks5 tunnel from the server to the client.
1:63727
This rule alerts on network communications from the Earthworm network proxy tool. This rule may alert on any of the subcommands involved in the client-server handshake of custom TCP protocol used by Earthworm, including the establishment of a reverse socks5 tunnel from the server to the client.
1:63618
This rule looks for command injection metacharacters in the "value" JSON key of a HTTP client body
1:63607
This rule looks for bytes known to be specific to a Win.Malware.ReconShark variant payload.
1:63587
This rule checks to see if the Content-Length of a request sent to a Windows Server Service is overly large and if at least 30 of these requests have been seen in 1 second