Hi,
I have a requirement to upload the below snort rule to my sourcefire platform:
any any -> any any (msg:"Malicious SSL 01 Detected"; content:"17 03 01 00 08|"; pcre:/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; sid:9999998;)
However I keep ge...
Sourcefire Questions:
- How long do the events appear in the Intrusion-Events tab for you to be able to download the PCAP files? Is there a length of time these are visibile for or is there a limit on how many you can see/download?
- Once you hav...
Copied the rule wrong onto here, the rule is:
alert tcp any any -> any any (msg:"Malicious SSL 01 Detected"; content:"|17 03 01 00 08|"; pcre:"/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; rev:1; sid:9999998;)
Thanks