Snort mailing list archives
Re: Detect posted data?
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 10 Jul 2019 14:47:33 +0000
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node32.html The section on content matches and http methods is probably a good start. Your rule will match on http posts and then do a content match on the data/payload for email addresses (i.e pcre) Albert Lewis ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org> on behalf of Science Guy via Snort-users <snort-users () lists snort org> Reply-To: Science Guy <kyhowa () gmail com> Date: Wednesday, July 10, 2019 at 10:34 AM To: "snort-users () lists snort org" <snort-users () lists snort org> Subject: [Snort-users] Detect posted data? Hi, I'm new to Snort. So, I'm sorry if the question is.. silly. I've a small c# app which connects to a url and POSTs some data. The data is a list of email addresses. Is it possible to use Snort to detect such outgoing traffic? I want to be able to get a message like: email addresses have been POSTEd. If it is possible, I would highly appreciate some tips about how to achieve this. Regards Science Guy.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Detect posted data? Science Guy via Snort-users (Jul 10)
- Re: Detect posted data? Nihal Desai (nihdesai) via Snort-users (Jul 10)
- Re: Detect posted data? Al Lewis (allewi) via Snort-users (Jul 10)