Snort mailing list archives

Re: Snort rules

From: Y M via Snort-users <snort-users () lists snort org>
Date: Mon, 23 Jul 2018 17:54:01 +0000

The very same request was asked yesterday on the snort-sigs list, I believe. The rules to detect SSH brute force 
attempts is sid:19559 and exists in the indicator-scan.rules file. You can register to Snort website via 
https://www.snort.org/users/sign_up and download the rules tarball and look for the signature you are looking for.
________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of jeanmicheltangue via Snort-users <snort-users 
() lists snort org>
Sent: Sunday, July 22, 2018 7:22 PM
To: Snort-users () lists snort org
Subject: [Snort-users] Snort rules

if it's an emergency .. I need the rule that triggers an alert automatically when more than two or three ssh login 
attempts have been made

Envoyé depuis mon smartphone Samsung Galaxy.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort rules Jean Michel Tangué via Snort-sigs (Jul 22)
- Re: Snort rules Y M via Snort-sigs (Jul 22)
- <Possible follow-ups>
- Snort rules Jean Michel Tangué via Snort-sigs (Jul 22)
  - Re: Snort rules Y M via Snort-sigs (Jul 22)
- Snort rules jeanmicheltangue via Snort-users (Jul 23)
  - Re: Snort rules Y M via Snort-users (Jul 24)
- Snort rules jeanmicheltangue via Snort-users (Jul 23)
  - Re: Snort rules Y M via Snort-users (Jul 24)
- snort rules Jean Michel Tangué via Snort-sigs (Jul 23)
  - Re: snort rules Joel Esler (jesler) via Snort-sigs (Jul 23)
    - Re: snort rules wkitty42--- via Snort-sigs (Jul 23)