Skip to content

Commit

Permalink
refactor: Update snort rules and priorities
Browse files Browse the repository at this point in the history 
The `local.rules` file in the `scripts/windows` directory is modified to update the priorities of the Snort rules. The priorities are adjusted to ensure that higher priority rules are given more attention and are more likely to trigger alerts. This change improves the effectiveness of the Snort intrusion detection system.

Refactor `local.rules` to update Snort rule priorities
  • Loading branch information
@bengo237
bengo237 committed Sep 10, 2024
1 parent b9d985f commit 348cae2
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions scripts/windows/local.rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@
#-------------
# LOCAL RULES
#-------------
alert icmp any any -> any any (msg:"ICMP connection attempt:"; sid:1000010; rev:1;)
alert icmp any any -> 8.8.8.8 any (msg:"Pinging...";sid:1000004;)
alert tcp any any -> any 6667 (msg:"IRC protocol traffic";sid:1000005;)
alert tcp any 6667 -> any any (msg:"C&C Server sent netinfo command";content:"!netinfo";sid:1000006;)
alert tcp any 6667 -> any any (msg:"C&C Server sent sysinfo command";content:"!sysinfo";sid:1000007;)
alert tcp any 6667 -> any any (msg:"C&C Server sent port scan command";content:"!scan";sid:1000008;)
alert tcp any 6667 -> any any (msg:"C&C Server sent download command";content:"!download";sid:1000009;)
alert icmp any any -> any any (msg:"ICMP connection attempt:"; sid:1000010; rev:1; priority:3;)
alert icmp any any -> 8.8.8.8 any (msg:"Pinging..."; sid:1000004; priority:3;)
alert tcp any any -> any 6667 (msg:"IRC protocol traffic"; sid:1000005; priority:3;)
alert tcp any 6667 -> any any (msg:"C&C Server sent netinfo command"; content:"!netinfo"; sid:1000006; priority:4;)
alert tcp any 6667 -> any any (msg:"C&C Server sent sysinfo command"; content:"!sysinfo"; sid:1000007; priority:5;)
alert tcp any 6667 -> any any (msg:"C&C Server sent port scan command"; content:"!scan"; sid:1000008; priority:3;)
alert tcp any 6667 -> any any (msg:"C&C Server sent download command"; content:"!download"; sid:1000009; priority:7;)

0 comments on commit 348cae2

Please sign in to comment.