Final Year Project Custom MySQL Database Server Rules and Classifications Review

[Jack Eastwood via Snort-devel <snort-devel () lists snort org>]

Good Afternoon,

I’m a final year Computer Forensics and Security student representing Leeds Beckett University in the UK and finalizing 
my final year project based on using Snort as an IDS to monitor an active MySQL server.

For the basis of my project I have installed and configured Snort as an IDS to monitor an array of activity against a 
MySQL community server with a vulnerable application called “damn vulnerable web application” (DVWA) that is connected 
the MySQL database. I have uploaded three files in this email: a general MySQL rules file, a MySQL exploit rules file 
-where I have written custom made snort rules to detect an array of activity - and a classification configuration file 
which I have also written custom made classifications in context to my project. For each rule I have inserted comments 
explaining the function of each rule and the requirements on how each rule gets triggered.

I would be thankful if anyone could review these files and provide any form of feedback that could enhance these rules 
for future research or even potentially be published as official Snort rules.

If you would like any more information regarding my project, Snort or MySQL configuration settings or anything else 
that could benefit the reviewing process then don’t hesitate to contact me.

Thanks you and regards
Jack Eastwood

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

Attachment: general-mysql.rules
Description: general-mysql.rules

Attachment: mysql-exploit.rules
Description: mysql-exploit.rules

Attachment: classification.config
Description: classification.config

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!