Create a few snort alerts and get them to import into Sguil
$10-20 USD
Avslutat
Publicerad över två år sedan
$10-20 USD
Betalning vid leverans
Need help creating a few alerts and trigger the alerts. The monitor in Sguil where the alert was triggered.
These are the rules I need to create.
1. Outgoing traffic to port 23
2. Navigates to [login to view URL]
3. UDP traffic to ip 8.8.8.8 (Google DNS)
4. Downloads an executable
5. Downloads a pdf or Microsoft Word document
Then I need to run tcpdump on the interface and then so-import-pcap-test and check the alerts in Sguil to see if the alerts worked.