Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-56088
This rule looks for HTTP traffic associated with Unix.Spyware.WellMess or Dos.Spyware.WellMess samples.
1-56086
This rule detects an attempted denial of service attack against vulnerable versions of Apache Tomcat by looking for a WebSocket header that supplies an overly large packet size.
1-56083
This rule looks for command injection characters in the vulnerable parameters of the 'WP Database Backup' Wordpress plugin.
1-56082
This rule looks for command injection characters in the vulnerable parameters of the 'WP Database Backup' Wordpress plugin.
1-56081
The rule looks for the presence of known bytes in the packet data sent to C2 by DONOT Trojan Android APK variant.
1-56080
This rule alerts when an attempt to download an executable matching ClamAV signature Win.Malware.Upatre-9780659-0 is detected