Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-58956
This rule alerts on strings from a known ELF binary that is used for privilege escalation within Linux environments. It will detect the attempt to use Polkit's pkexec as a vehicle for this escalation.
1-58955
This rule alerts on strings from a known ELF binary that is used for privilege escalation within Linux environments. It will detect the attempt to use Polkit's pkexec as a vehicle for this escalation.
1-58950
This rule detects an attempted pre-authentication token leak in vulnerable versions of OneDev by looking for connection attempts to the unprotected URI.
1-58949
This rule alerts on outgoing POST requests trying to reach a command and control attacker server to retrieve the Qakbot malware.
1-58946
This rule looks for a vulnerable file handler protocol in the PEAR software when dealing with TAR files while using the Phar protocol. A maliciously crafted file could lead to an insecure data deserialization which could take to execute code in the target computer as a privileged user.
1-58945
This rule looks for a vulnerable file handler protocol in the PEAR software when dealing with TAR files while using the Phar protocol. A maliciously crafted file could lead to an insecure data deserialization which could take to execute code in the target computer as a privileged user.