Snort mailing list archives

Re: Snort rules

From: Y M via Snort-users <snort-users () lists snort org>
Date: Mon, 23 Jul 2018 17:56:42 +0000

The very same request was asked yesterday on the snort-sigs list, I believe. The rules to detect SSH brute force 
attempts is sid:19559 and exists in the indicator-scan.rules file. You can register to Snort website via 
https://www.snort.org/users/sign_up and download the rules tarball and look for the signature you are looking for.

Sending the same question over and over may actually be the opposite of getting the help you are seeking.
________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of jeanmicheltangue via Snort-users <snort-users 
() lists snort org>
Sent: Sunday, July 22, 2018 7:39 PM
To: snort-users () lists snort org
Subject: [Snort-users] Snort rules

if it's an emergency .. I need the rule that triggers an alert automatically when more than two or three ssh login 
attempts have been made

Envoyé depuis mon smartphone Samsung Galaxy.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort rules Jean Michel Tangué via Snort-sigs (Jul 22)
- Re: Snort rules Y M via Snort-sigs (Jul 22)
- <Possible follow-ups>
- Snort rules Jean Michel Tangué via Snort-sigs (Jul 22)
  - Re: Snort rules Y M via Snort-sigs (Jul 22)
- Snort rules jeanmicheltangue via Snort-users (Jul 23)
  - Re: Snort rules Y M via Snort-users (Jul 24)
- Snort rules jeanmicheltangue via Snort-users (Jul 23)
  - Re: Snort rules Y M via Snort-users (Jul 24)
- snort rules Jean Michel Tangué via Snort-sigs (Jul 23)
  - Re: snort rules Joel Esler (jesler) via Snort-sigs (Jul 23)
    - Re: snort rules wkitty42--- via Snort-sigs (Jul 23)