mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-11-27 14:15:13 +01:00
Adding more ICMP ping hyperalert modules
This commit is contained in:
parent
829a6d3616
commit
e0e669f278
3 changed files with 27 additions and 0 deletions
9
corr_rules/1-366-7.xml
Normal file
9
corr_rules/1-366-7.xml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
||||||
|
|
||||||
|
<hyperalert>
|
||||||
|
<snort-id>1.366.7</snort-id>
|
||||||
|
<desc>ICMP PING *NIX</desc>
|
||||||
|
<post>HostExists(+DST_ADDR+)</post>
|
||||||
|
</hyperalert>
|
||||||
|
|
9
corr_rules/1-368-6.xml
Normal file
9
corr_rules/1-368-6.xml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
||||||
|
|
||||||
|
<hyperalert>
|
||||||
|
<snort-id>1.368.6</snort-id>
|
||||||
|
<desc>ICMP PING BSDtype</desc>
|
||||||
|
<post>HostExists(+DST_ADDR+)</post>
|
||||||
|
</hyperalert>
|
||||||
|
|
9
corr_rules/1-384-5.xml
Normal file
9
corr_rules/1-384-5.xml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
|
||||||
|
|
||||||
|
<hyperalert>
|
||||||
|
<snort-id>1.384.5</snort-id>
|
||||||
|
<desc>ICMP PING</desc>
|
||||||
|
<post>HostExists(+DST_ADDR+)</post>
|
||||||
|
</hyperalert>
|
||||||
|
|
Loading…
Reference in a new issue