Warning, file /frameworks/syntax-highlighting/autotests/html/test.suricata.dark.html was not indexed or was modified since last indexation (in which case cross-reference links may be missing, inaccurate or erroneous).
0001 <!DOCTYPE html> 0002 <html><head> 0003 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 0004 <title>test.suricata</title> 0005 <meta name="generator" content="KF5::SyntaxHighlighting - Definition (Snort/Suricata) - Theme (Breeze Dark)"/> 0006 </head><body style="background-color:#232629;color:#cfcfc2"><pre> 0007 <span style="color:#7a7c7d;"># Suricata Samples</span> 0008 <span style="color:#7a7c7d;"># See: https://suricata.readthedocs.io/en/latest/rules/intro.html</span> 0009 0010 <span style="color:#fdbc4b;font-weight:bold;">drop</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> -> <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">msg</span>:<span style="color:#f44f4f;">”ET TROJAN Likely Bot Nick in IRC (USA +..)”</span>; <span style="font-weight:bold;">flow</span>:established,to_server; <span style="font-weight:bold;">flowbits</span>:isset,is_proto_irc; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">”NICK ”</span>; <span style="font-weight:bold;">pcre</span>:<span style="color:#f44f4f;">”/NICK .*USA.*[0-9]{3,}/i”</span>; <span style="font-weight:bold;">reference</span>:url,doc.emergingthreats.net/<span style="color:#f67400;">2008124</span>; <span style="font-weight:bold;">classtype</span>:trojan-activity; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">2008124</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">2</span>;) 0011 0012 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="color:#f67400;">1</span>.<span style="color:#f67400;">2</span>.<span style="color:#f67400;">3</span>.<span style="color:#f67400;">4</span> <span style="color:#f67400;">1024</span> -> <span style="color:#f67400;">5</span>.<span style="color:#f67400;">6</span>.<span style="color:#f67400;">7</span>.<span style="color:#f67400;">8</span> <span style="color:#f67400;">80</span> 0013 0014 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">http</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">"index.php"</span>; <span style="font-weight:bold;">http_uri</span>; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1</span>;) 0015 0016 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">http</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> (http_response_line; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">"403 Forbidden"</span>; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1</span>;) 0017 0018 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> -> <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">msg</span>:<span style="color:#f44f4f;">”GPL DELETED typot trojan traffic”</span>; <span style="font-weight:bold;">flow</span>:stateless; <span style="font-weight:bold;">flags</span>:S,<span style="color:#f67400;">12</span>; <span style="font-weight:bold;">window</span>:<span style="color:#f67400;">55808</span>; <span style="font-weight:bold;">reference</span>:mcafee,<span style="color:#f67400;">100406</span>; <span style="font-weight:bold;">classtype</span>:trojan-activity; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">2182</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">8</span>;) 0019 0020 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> -> <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">flags</span>:S,<span style="color:#f67400;">12</span>; <span style="font-weight:bold;">tcp</span>.hdr; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">”|02 04|”</span>; <span style="font-weight:bold;">offset</span>:<span style="color:#f67400;">20</span>; <span style="font-weight:bold;">byte_test</span>:<span style="color:#f67400;">2</span>,<,<span style="color:#f67400;">536</span>,<span style="color:#f67400;">0</span>,big,relative; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1234</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">5</span>;) 0021 0022 <span style="color:#7a7c7d;"># Snort Samples</span> 0023 0024 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -> <span style="color:#f67400;">192</span>.<span style="color:#f67400;">168</span>.<span style="color:#f67400;">1</span>.<span style="color:#f67400;">0</span>/<span style="color:#f67400;">24</span> <span style="color:#f67400;">111</span> (<span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">"|00 01 86 a5|"</span>; <span style="font-weight:bold;">msg</span>: <span style="color:#f44f4f;">"mountd access"</span>;) 0025 </pre></body></html>