mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-11-14 04:37:16 +01:00
New correlation rules, now installing doc and share stuff
This commit is contained in:
parent
e8c7c64608
commit
97d5f8f28d
2 changed files with 28 additions and 0 deletions
14
corr_rules/1-1924-8.xml
Normal file
14
corr_rules/1-1924-8.xml
Normal file
|
@ -0,0 +1,14 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE hyperalert PUBLIC "-//blacklighth//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
||||
|
||||
<hyperalert>
|
||||
<snort-id>1.1924.8</snort-id>
|
||||
<desc>RPC mountd UDP export request</desc>
|
||||
|
||||
<pre>HostExists(+DST_ADDR+)</pre>
|
||||
<pre>HasService(+DST_ADDR+, +DST_PORT+)</pre>
|
||||
<pre>HasRemoteAccess(+SRC_ADDR+, +DST_ADDR+)</pre>
|
||||
|
||||
<post>HasNfsAccess(+SRC_ADDR+, +DST_ADDR+)</post>
|
||||
</hyperalert>
|
||||
|
14
corr_rules/1-579-10.xml
Normal file
14
corr_rules/1-579-10.xml
Normal file
|
@ -0,0 +1,14 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE hyperalert PUBLIC "-//blacklighth//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
||||
|
||||
<hyperalert>
|
||||
<snort-id>1.579.10</snort-id>
|
||||
<desc>RPC portmap mountd request UDP</desc>
|
||||
|
||||
<pre>HostExists(+DST_ADDR+)</pre>
|
||||
<pre>HasService(+DST_ADDR+, +DST_PORT+)</pre>
|
||||
<pre>HasRemoteAccess(+SRC_ADDR+, +DST_ADDR+)</pre>
|
||||
|
||||
<post>HasNfsAccess(+SRC_ADDR+, +DST_ADDR+)</post>
|
||||
</hyperalert>
|
||||
|
Loading…
Reference in a new issue