Hello, I am looking for a few alerts to be written for snort on a security onion OS The below 5 are the rules I need
1. Outgoing traffic to port 23
2. Navigates to [login to view URL]
3. UDP traffic to ip 8.8.8.8 (Google DNS)
4. Downloads an executable
5. Downloads a pdf or Microsoft Word document
I am pretty sure I figured out the 1st one already. Just need help with the others This is what I got for the 1st rule alert tcp any any -> any 23 (msg: "Outgoing traffic on port 23"; sid: 91000101; rev:1;) Please let me know if you can help
Hello sir, I am network engineer, I am familiar with protocols and rules related to networking. I also have good skills in programming. I can help you with this.
Please contact me for more details.
Best regards!!