Snort mailing list archives
Re: Help with snort rule and notifications
From: SnortFan <SnortFan () yahoo com>
Date: Sat, 15 Feb 2014 11:02:14 -0500
Here's a quick and dirty way. You can take another rule and copy it. Then you have to pick a Sid that's not in use. Change the msg content to the URL. If you create a new rules file, you will have to include it in your snort.conf. If you using something like barnyard2 there's more to do. Cheers, Ed Sent from a mobile device.
On Feb 14, 2014, at 4:33 PM, Trever Leingod <treverleingod () hotmail com> wrote: I am quite new to using Snort. I was hoping to get pointers on how write a rule to get notification if a certain website, like say www.facebook.com, is opened in a web browser, and how would I get this notification/alert to show. Trever Leingod ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help with snort rule and notifications Trever Leingod (Feb 14)
- Re: Help with snort rule and notifications SnortFan (Feb 15)
- Re: Help with snort rule and notifications Trever Leingod (Feb 15)
- Re: Help with snort rule and notifications Jeremy Hoel (Feb 15)
- Re: Help with snort rule and notifications Trever Leingod (Feb 16)
- Re: Help with snort rule and notifications Carter Waxman (cwaxman) (Feb 17)
- Message not available
- FW: Help with snort rule and notifications Trever Leingod (Feb 17)
- Re: FW: Help with snort rule and notifications Carter Waxman (cwaxman) (Feb 17)
- Re: FW: Help with snort rule and notifications Trever Leingod (Feb 17)
- Re: FW: Help with snort rule and notifications Carter Waxman (cwaxman) (Feb 17)
- Message not available
- FW: FW: Help with snort rule and notifications Trever Leingod (Feb 17)
- Re: FW: FW: Help with snort rule and notifications Carter Waxman (cwaxman) (Feb 18)
- Re: Help with snort rule and notifications Trever Leingod (Feb 15)
- Re: Help with snort rule and notifications SnortFan (Feb 15)