Warning, file /frameworks/syntax-highlighting/autotests/html/test.suricata.dark.html was not indexed or was modified since last indexation (in which case cross-reference links may be missing, inaccurate or erroneous).

0001 <!DOCTYPE html>
0002 <html><head>
0003 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
0004 <title>test.suricata</title>
0005 <meta name="generator" content="KF5::SyntaxHighlighting - Definition (Snort/Suricata) - Theme (Breeze Dark)"/>
0006 </head><body style="background-color:#232629;color:#cfcfc2"><pre>
0007 <span style="color:#7a7c7d;"># Suricata Samples</span>
0008 <span style="color:#7a7c7d;"># See: https://suricata.readthedocs.io/en/latest/rules/intro.html</span>
0009 
0010 <span style="color:#fdbc4b;font-weight:bold;">drop</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> -&gt; <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">msg</span>:<span style="color:#f44f4f;">”ET TROJAN Likely Bot Nick in IRC (USA +..)”</span>; <span style="font-weight:bold;">flow</span>:established,to_server; <span style="font-weight:bold;">flowbits</span>:isset,is_proto_irc; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">”NICK ”</span>; <span style="font-weight:bold;">pcre</span>:<span style="color:#f44f4f;">”/NICK .*USA.*[0-9]{3,}/i”</span>; <span style="font-weight:bold;">reference</span>:url,doc.emergingthreats.net/<span style="color:#f67400;">2008124</span>; <span style="font-weight:bold;">classtype</span>:trojan-activity; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">2008124</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">2</span>;)
0011 
0012 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="color:#f67400;">1</span>.<span style="color:#f67400;">2</span>.<span style="color:#f67400;">3</span>.<span style="color:#f67400;">4</span> <span style="color:#f67400;">1024</span> -&gt; <span style="color:#f67400;">5</span>.<span style="color:#f67400;">6</span>.<span style="color:#f67400;">7</span>.<span style="color:#f67400;">8</span> <span style="color:#f67400;">80</span>
0013 
0014 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">http</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -&gt; <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">&quot;index.php&quot;</span>; <span style="font-weight:bold;">http_uri</span>; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1</span>;)
0015 
0016 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">http</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -&gt; <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> (http_response_line; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">&quot;403 Forbidden&quot;</span>; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1</span>;)
0017 
0018 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> -&gt; <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">msg</span>:<span style="color:#f44f4f;">”GPL DELETED typot trojan traffic”</span>; <span style="font-weight:bold;">flow</span>:stateless; <span style="font-weight:bold;">flags</span>:S,<span style="color:#f67400;">12</span>; <span style="font-weight:bold;">window</span>:<span style="color:#f67400;">55808</span>; <span style="font-weight:bold;">reference</span>:mcafee,<span style="color:#f67400;">100406</span>; <span style="font-weight:bold;">classtype</span>:trojan-activity; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">2182</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">8</span>;)
0019 
0020 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">$EXTERNAL_NET</span> <span style="font-weight:bold;">any</span> -&gt; <span style="font-weight:bold;">$HOME_NET</span> <span style="font-weight:bold;">any</span> (<span style="font-weight:bold;">flags</span>:S,<span style="color:#f67400;">12</span>; <span style="font-weight:bold;">tcp</span>.hdr; <span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">”|02 04|”</span>; <span style="font-weight:bold;">offset</span>:<span style="color:#f67400;">20</span>; <span style="font-weight:bold;">byte_test</span>:<span style="color:#f67400;">2</span>,&lt;,<span style="color:#f67400;">536</span>,<span style="color:#f67400;">0</span>,big,relative; <span style="font-weight:bold;">sid</span>:<span style="color:#f67400;">1234</span>; <span style="font-weight:bold;">rev</span>:<span style="color:#f67400;">5</span>;)
0021 
0022 <span style="color:#7a7c7d;"># Snort Samples</span>
0023 
0024 <span style="color:#fdbc4b;font-weight:bold;">alert</span> <span style="font-weight:bold;">tcp</span> <span style="font-weight:bold;">any</span> <span style="font-weight:bold;">any</span> -&gt; <span style="color:#f67400;">192</span>.<span style="color:#f67400;">168</span>.<span style="color:#f67400;">1</span>.<span style="color:#f67400;">0</span>/<span style="color:#f67400;">24</span> <span style="color:#f67400;">111</span> (<span style="font-weight:bold;">content</span>:<span style="color:#f44f4f;">&quot;|00 01 86 a5|&quot;</span>; <span style="font-weight:bold;">msg</span>: <span style="color:#f44f4f;">&quot;mountd access&quot;</span>;)
0025 </pre></body></html>