Snort mailing list archives
Re: Snort rule to monitor for a specific user login
From: Jesse Lands <cryptograffiti () gmail com>
Date: Thu, 13 Aug 2009 15:18:53 +0000
If you can see the data in network traffic, you can write a rule to find it. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
I guess it would have helped if I was a little more specific. I want to monitor for a list of Windows logins used across the network. Users who don't have access or shouldn't anymore. I have a list of logins that are in use, but don't have a central log collection and have to many computers to individually check each system. Thanks again Jesse
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort rule to monitor for a specific user login Jesse Lands (Aug 13)
- Re: Snort rule to monitor for a specific user login Nigel Houghton (Aug 13)
- Re: Snort rule to monitor for a specific user login Jesse Lands (Aug 13)
- Re: Snort rule to monitor for a specific user login Richard Bejtlich (Aug 13)
- Re: Snort rule to monitor for a specific user login Joel Esler (Aug 13)
- Re: Snort rule to monitor for a specific user login Will Metcalf (Aug 13)
- Re: Snort rule to monitor for a specific user login Jesse Lands (Aug 13)
- Re: Snort rule to monitor for a specific user login Nigel Houghton (Aug 13)