About Joel Esler

Joel Esler · 01-24-2018

https://snort.org/advisories/talos-rules-2018-01-04-1-4-2018

Joel Esler · 01-24-2018

You'd have to have a common triggering condition for all three commands.. For instance: alert tcp any any -> 10.X.X.X/24 any (msg:"Malicious code detection";flow:to_server,established; content:"GET /"; depth:5; content:"GET"; http_method; content:...

Joel Esler · 01-23-2018

This rule, as written will require that all three need to be in the same uri, in any order.

Joel Esler · 01-23-2018

You need to write three different rules to do what you are trying to do here. One for each command.

Joel Esler · 06-01-2017

1. If you can afford to enable it, and the customer has no privacy concerns, then yes, you can enable it. 2. AMP is not all hash based, despite what our competitors believe. There are many systems in AMP that identify malware *not* based on hash...

Member Since	‎11-28-2014 03:11 PM
Date Last Visited	‎05-27-2020 12:02 AM
Posts	22

User Statistics

User Activity

Re: Signature name & id for Meltdown & Spectre vulnerabilities

Re: Snort Signature Help Required.

Re: Snort Signature Help Required.

Re: Snort Signature Help Required.

1. If you can afford to