Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-53735
The rule checks for requests to generate and retrieve a new password for an existing user by providing an an associated sessionId token. An attacker may use this method to take over administrative account control and to gain an API access token.
1-53734
This rule looks for attempts to likely trigger a command execution vulnerability in IBM's Data Risk Manager's nmap scan API. This rule looks for all requests to the vulnerable nmap scan API.
1-53733
The rule looks for HTTP traffic to `/albatross/eurekaservice/fetchLogFiles` endpoint with `logFileNameList` JSON key with value that has directory traversal attempt.
1-53728
This rule looks for a crafted repository that, when opened, will execute an arbitrary command on the victim's machine.
1-53727
This rule looks for a crafted repository that, when opened, will execute an arbitrary command on the victim's machine.
1-53726
This rule alerts when an attempt to download an executable matching ClamAV signature Win.Trojan.Sdbot-7674650-0 is detected