#snort

Related news
  • Re: Snort read file to generate u2 logs.

    Published: 22/02/2017
    Posted by Paul Li on Feb 21 (Sorry the previous email was broke. ) Al, do you indicate that Snort should generate .u2 files when it reads from a file? Thanks, Paul ------------------------------------ ... Read more
    Source: seclists.org
  • Snort read file to generate u2 logs.

    Published: 22/02/2017
    Posted by Paul Li on Feb 21 I'm using Snort read a file to generate alerts with the following command: sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r file-name Snort can g ... Read more
    Source: seclists.org
  • Re: Barnyard2 launching problem

    Published: 22/02/2017
    Posted by Marcin Dulak on Feb 21 the old tools like barnyard2, snorby, sguil etc. are no longer maintained. Maybe try https://securityonion.net/ where barnyard2 has been installed? which barnyard2 bar ... Read more
    Source: seclists.org
  • Barnyard2 launching problem

    Published: 22/02/2017
    Posted by Abdullah AL-Mutairy on Feb 21 Hello everyone .. I've been trying to make snort work with MySQL for almost a month but i keep getting errors in each step > look for a solution then by ... Read more
    Source: seclists.org
  • Snort Subscriber Rules Update 2017-02-21

    Published: 21/02/2017
    Posted by Research on Feb 21 Talos Snort Subscriber Rules Update Synopsis: This release adds and modifies rules in several categories. Details: Talos has added and modified multiple rules in the black ... Read more
    Source: seclists.org
  • Report PDF from Snort

    Published: 21/02/2017
    Posted by tantioification . on Feb 21 Hi, What if I want to receive the report as a pdf from Snort? What should I install? ----------------------------------------------------------------------------- ... Read more
    Source: seclists.org
  • Re: Andr.Trojan.Femas (ViperRAT)

    Published: 20/02/2017
    Posted by Tyler Montier on Feb 20 Yaser, Thanks for your submission. We will review the rule and get back to you when its finished. Sincerely, Tyler Montier Cisco Talos ------------------------------- ... Read more
    Source: seclists.org
  • Process Snort alerts on real time

    Published: 20/02/2017
    Posted by Nora Aron on Feb 20 Hi, I'm wondering if there is a tool to get Snort alerts on real time. I have configured Snort to get unified2 output. Now, when I run Snort it starts writing in a n ... Read more
    Source: seclists.org
  • Re: Local Rule Error

    Published: 20/02/2017
    Posted by wkitty42 on Feb 19 that'll do it every time :) the first thing i see is that you should add the classification... classtype:blahblah; select your classification from your classification ... Read more
    Source: seclists.org
  • Re: snort log formats: .log v.s .u2

    Published: 19/02/2017
    Posted by Marcin Dulak on Feb 19 Snort log output depends on what's in snort.conf and the command line switches like -y, -N. It takes some experimentation to figure out how they interact. Marcin ... Read more
    Source: seclists.org
  • snort log formats: .log v.s .u2

    Published: 19/02/2017
    Posted by Paul Li on Feb 18 I've experiencing inconsistent behavior of Snort generating log. (Using Snort 2.9.9 on Ubuntu 14.04.) After a fresh installation, the file format is .u2, but the log f ... Read more
    Source: seclists.org
  • Win.Malware.Disttrack

    Published: 19/02/2017
    Posted by Y M on Feb 18 Hello, The below signatures address the following hashes and the observed C&C traffic. Pcaps and samples should be publicly available. If not, please let me know. - f4d1831 ... Read more
    Source: seclists.org
  • Andr.Trojan.Femas (ViperRAT)

    Published: 19/02/2017
    Posted by Y M on Feb 18 Hello, The below signature was derived from the articles from the reference. No pcaps available. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ... Read more
    Source: seclists.org
  • Crashlytics via Umbrella FP

    Published: 18/02/2017
    Posted by James Lay on Feb 18 Appears to fire off: Feb 18 08:28:28 snort[10548]: [3:13667:18] PROTOCOL-DNS dns cache poisoning attempt [Classification: Misc Attack] [Priority: 2] {UDP} 208.67.220.220: ... Read more
    Source: seclists.org
  • Re: libnghttp2 query for snort 2.9.9.0

    Published: 18/02/2017
    Posted by tantioification . on Feb 17 i've tried to install Snort 2.9.9.0 on CentOS 7 and yes CentOS requires libnghttp2 as depedency. Both of them from source and yum. Before you install libnght ... Read more
    Source: seclists.org
FACEBOOK