Tri
Reputation: 3039
Snort Rule to detect http, https and email
I configured the snort rule to detect ping and tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
How do I configure the snort rule to detect http, https and email?
Upvotes: 1
Views: 13142
Answers (1)
Dalya
Reputation: 404
Snort rule to detect http:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
Snort rule to detect https:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)
Upvotes: 5
Related Questions
- Snort Rule - HTTP Body Content
- Configuring rules to detect SMTP, HTTP and DNS traffic
- snort | pcre| rule specification
- Snort Website Block Rule
- Snort rule failing to alert to log
- Snort Rules Configuration Issue
- Snort rule to detect http flood
- Snort rule to verify content of an http request doesnt work
- Snort Rule to Alert DNS that has ACK
- Rule for capturing SYN-scanning