Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1559
Views
0
Helpful
1
Replies

Uploading own snort rules

danlawrance1
Level 1
Level 1

‎11-20-2017 01:41 AM - edited ‎02-21-2020 06:47 AM

Hi,

 

I have a requirement to upload the below snort rule to my sourcefire platform:

 

any any -> any any (msg:"Malicious SSL 01 Detected"; content:"17 03 01 00 08|"; pcre:/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; sid:9999998;)

 

However I keep getting an error message that I cannot seem to fix, I have attached the error.

 

Snort.PNG

 

Thanks

Labels:
0 Helpful
1 Reply 1

danlawrance1
Level 1
Level 1

‎11-20-2017 01:45 AM

Copied the rule wrong onto here, the rule is:

 

alert tcp any any -> any any (msg:"Malicious SSL 01 Detected"; content:"|17 03 01 00 08|"; pcre:"/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; rev:1; sid:9999998;)

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card