Re: Additional Info on Log4J Rules

["Chapman, Sean via Snort-sigs" <snort-sigs () lists snort org>]

Thanks for replying Joel.  I understand that those are the official docs.  I was hoping someone more familiar with 
Snort rules had a source for more complete information, maybe something from Talos, I don't know.  The goal is just to 
find out the logic of the rule such as "log TCP any any -> 192.168.1.0/24 !6000:6010"


________________________________
From: Joel Esler <joel.esler () me com>
Sent: Monday, February 14, 2022, 7:14 PM
To: Chapman, Sean
Cc: snort-sigs () lists snort org
Subject: Re: [Snort-sigs] Additional Info on Log4J Rules

Those are the official docs

----------------------------------------------------------------------
CONFIDENTIALITY NOTICE: The content of this message and any files transmitted with it is a confidential and proprietary 
business communication, which is solely for the use of the intended recipient(s). Any use, distribution, duplication or 
disclosure by any other person or entity is strictly prohibited.  If you are not an intended recipient or this has been 
received in error, please notify the sender and immediately delete all copies of this communication.

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!