We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hey, these are the snort3-community-rules rules from https://www.snort.org/downloads/#rule-downloads
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"MALWARE-CNC HttpBrowser User-Agent outbound communication attmept"; flow:to_server,established; http_header:field user-agent; content:"HttpBrowser/1.0",fast_pattern,nocase; metadata:impact_flag red,ruleset community; service:http; classtype:trojan-activity; gid:1; sid:42886; rev:4; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${",fast_pattern; content:"atlassian.",distance 0; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?atlassian\x2e[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59941; rev:3; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"sun.misc.Unsafe",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?sun\x2emisc\x2eUnsafe[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59947; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"com.opensymphony.",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?com\x2eopensymphony\x2e(xwork2|webwork)\x2e(Servlet)?ActionContext[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59948; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_client_body; content:"bootstrapStatusProvider.applicationConfig.setupComplete",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62506; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_uri; content:"bootstrapStatusProvider.applicationConfig.setupComplete=",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62507; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt"; flow:to_server,established; http_raw_uri; content:"/vpns/",fast_pattern,nocase; pcre:"/vpn.?(\x2e|%(25)?2e){2}(\x2f|%(25)?2f).?vpns/i"; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2019-19781; reference:url,support.citrix.com/article/CTX267027; classtype:web-application-attack; sid:300001; rev:1; )
Exception: Snort rule header is malformed ['alert', 'ssl'] alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa1; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300306; rev:3; )
Exception: Snort rule header is malformed ['alert', 'ssl'] alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa0; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300307; rev:3; )
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hey, these are the snort3-community-rules rules from https://www.snort.org/downloads/#rule-downloads
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"MALWARE-CNC HttpBrowser User-Agent outbound communication attmept"; flow:to_server,established; http_header:field user-agent; content:"HttpBrowser/1.0",fast_pattern,nocase; metadata:impact_flag red,ruleset community; service:http; classtype:trojan-activity; gid:1; sid:42886; rev:4; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${",fast_pattern; content:"atlassian.",distance 0; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?atlassian\x2e[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59941; rev:3; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"sun.misc.Unsafe",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?sun\x2emisc\x2eUnsafe[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59947; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"com.opensymphony.",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?com\x2eopensymphony\x2e(xwork2|webwork)\x2e(Servlet)?ActionContext[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59948; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_client_body; content:"bootstrapStatusProvider.applicationConfig.setupComplete",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62506; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_uri; content:"bootstrapStatusProvider.applicationConfig.setupComplete=",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62507; rev:1; )
Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt"; flow:to_server,established; http_raw_uri; content:"/vpns/",fast_pattern,nocase; pcre:"/vpn.?(\x2e|%(25)?2e){2}(\x2f|%(25)?2f).?vpns/i"; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2019-19781; reference:url,support.citrix.com/article/CTX267027; classtype:web-application-attack; sid:300001; rev:1; )
Exception: Snort rule header is malformed ['alert', 'ssl']
alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa1; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300306; rev:3; )
Exception: Snort rule header is malformed ['alert', 'ssl']
alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa0; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300307; rev:3; )
The text was updated successfully, but these errors were encountered: