Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
m-hansson
Level 1
Level 1
Member since ‎01-02-2006
‎08-18-2017
Recent Badges
Awards

User Statistics

  • 31 Posts
  • 1 Solutions
  • 7 Helpful votes Given
  • 0 Helpful votes Received
Recent Badges
See all
1 Accepted Solution
20 Replies
10 Replies
5 Replies

User Activity

5894:1 Storm Worm

09-27-2007
The signature generates false positives on DNS traffic.An example is a DNS query with an Transaction ID: 0xE30FAt networks with a lot of DNS traffic the signature will produces 30+ alarms per day.

5591:1 SMB: Windows Share Enumeration

04-03-2007
We're getting alarms with Victim address = n/a and attacker/victim port = n/a for this signature. We've tried to change the Event count key to "Attacker and victim addresses" and/or "Attacker and victim addresses and ports" but there are still alot o...

3171:0/1 Ftp Privledged Login

01-30-2007
This signatures seems to fire towards FTP servers with a welcome message before the login prompt.E.g.Connected to 127.0.0.1.220-##220-##220-*--------------------------------------------------------------------------------*220-*-----------------------...

Tuning sweep signature 3030 - TCP SYN Host Sweep

11-03-2006
I want this signature to have the old behaviour as it had in 4.x. So I changed the Keys from Axxx to Axxp. Also I wanted to exclude port 80 and 443 entirely, so I added 0-79,81-442,444-65535 to Port Range.This does not seem to work. The following sce...

Malformed HTTP Request 5769.0

08-08-2006
Should this signature trigger for:GET /\r\nI thought it should trigger for something like:GET /\rHTTP/1.1\r\n\r\n
View more
Community Statistics
Member Since ‎01-02-2006 12:31 AM
Date Last Visited ‎08-18-2017 03:54 AM
Posts 31
Helpful Votes Given To