Snort mailing list archives
Re: new rule 40268
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 26 Sep 2016 22:03:49 +0000
You can submit false positives for us to review by going to Snort.org<http://Snort.org>, logging in at the top right, and visiting our community page: https://www.snort.org/community At the bottom, you’ll see a place to submit false positives to us. We are currently revamping this to make it easier to get to. -- Joel Esler Manager Talos Group http://www.talosintelligence.com On Sep 26, 2016, at 3:15 PM, Stanwyck, Carraig - ASOC - Kansas City, MO <Carraig.Stanwyck () asoc usda gov<mailto:Carraig.Stanwyck () asoc usda gov>> wrote: John, I just emailed them this morning on the same issue. We’re seeing FPs on this rule too. -C Carraig Stanwyck USDA | OCIO | ASOC From: Johnson, John [mailto:jj () wfec com] Sent: Monday, September 26, 2016 1:50 PM To: snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net> Subject: [Snort-sigs] new rule 40268 Hey. The new rule 40268 (9/22/16) has triggered a couple of times here and I’m not really convinced its not a false positive. I see a match on the 32 characters in an email – what else can I do to verify this is a legitimate hit? -j This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- new rule 40268 Johnson, John (Sep 26)
- Re: new rule 40268 Stanwyck, Carraig - ASOC - Kansas City, MO (Sep 26)
- Re: new rule 40268 Joel Esler (jesler) (Sep 26)
- Re: new rule 40268 Stanwyck, Carraig - ASOC - Kansas City, MO (Sep 26)