Snort mailing list archives
Re: Alerts for OOXML and MOX
From: wkitty42 () windstream net
Date: Sun, 3 Sep 2017 11:45:27 -0400
On 09/03/2017 11:32 AM, James Lay wrote:
On Sun, 2017-09-03 at 14:01 +0000, Will via Snort-sigs wrote:I am pretty new to the Snort world. I am wondering if it is possible to create an alert that can look inside OOXML or MOX type formats to find clear text content. The thing about these file types are they are compressed files with it's own file structure within the file. [...]
Check out the preproc sensitive-data.rules...should be what you need.
if they can decompress the OOXML or MOX type formats, right? ;) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Alerts for OOXML and MOX Will via Snort-sigs (Sep 03)
- Re: Alerts for OOXML and MOX James Lay (Sep 03)
- Re: Alerts for OOXML and MOX wkitty42 (Sep 03)
- Re: Alerts for OOXML and MOX James Lay (Sep 03)