lanakod/snort-docker
1
0
Fork 0
mirror of https://github.com/Lanakod-Networks/snort-docker.git synced 2025-07-04 13:26:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
ba2f7a5e03
snort-docker/snort-conf/sensitive_data.rules
Maxim Malakhov ba2f7a5e03
First working run
2024-08-14 15:31:36 +03:00

26 lines
5.3 KiB
Plaintext
Raw Blame History

alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Credit Card Numbers"; flow:only_stream; pkt_data; sd_pattern:"credit_card", threshold 2; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:1; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Credit Card Numbers"; file_data; sd_pattern:"credit_card", threshold 2; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:2; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Credit Card Numbers"; http_uri; sd_pattern:"credit_card", threshold 2; service:http; classtype:sdf; gid:13; sid:3; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Credit Card Numbers"; http_header; sd_pattern:"credit_card", threshold 2; service:http; classtype:sdf; gid:13; sid:4; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Credit Card Numbers"; http_client_body; sd_pattern:"credit_card", threshold 2; service:http; classtype:sdf; gid:13; sid:5; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; flow:only_stream; pkt_data; sd_pattern:"us_social", threshold 2; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:6; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; file_data; sd_pattern:"us_social", threshold 2; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:7; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; http_uri; sd_pattern:"us_social", threshold 2; service:http; classtype:sdf; gid:13; sid:8; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; http_header; sd_pattern:"us_social", threshold 2; service:http; classtype:sdf; gid:13; sid:9; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; http_client_body; sd_pattern:"us_social", threshold 2; service:http; classtype:sdf; gid:13; sid:10; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; flow:only_stream; pkt_data; sd_pattern:"us_social_nodashes", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:11; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; file_data; sd_pattern:"us_social_nodashes", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:12; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; http_uri; sd_pattern:"us_social_nodashes", threshold 20; service:http; classtype:sdf; gid:13; sid:13; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; http_header; sd_pattern:"us_social_nodashes", threshold 20; service:http; classtype:sdf; gid:13; sid:14; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; http_client_body; sd_pattern:"us_social_nodashes", threshold 20; service:http; classtype:sdf; gid:13; sid:15; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Email Addresses"; flow:only_stream; pkt_data; sd_pattern:"email", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:16; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Email Addresses"; file_data; sd_pattern:"email", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:17; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Email Addresses"; http_uri; sd_pattern:"email", threshold 20; service:http; classtype:sdf; gid:13; sid:18; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Email Addresses"; http_header; sd_pattern:"email", threshold 20; service:http; classtype:sdf; gid:13; sid:19; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA Email Addresses"; http_client_body; sd_pattern:"email", threshold 20; service:http; classtype:sdf; gid:13; sid:20; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Phone Numbers"; flow:only_stream; pkt_data; sd_pattern:"us_phone", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:21; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Phone Numbers"; file_data; sd_pattern:"us_phone", threshold 20; service:http, smtp, ftp-data, imap, pop3; classtype:sdf; gid:13; sid:22; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Phone Numbers"; http_uri; sd_pattern:"us_phone", threshold 20; service:http; classtype:sdf; gid:13; sid:23; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Phone Numbers"; http_header; sd_pattern:"us_phone", threshold 20; service:http; classtype:sdf; gid:13; sid:24; rev:1; )
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"SENSITIVE-DATA U.S. Phone Numbers"; http_client_body; sd_pattern:"us_phone", threshold 20; service:http; classtype:sdf; gid:13; sid:25; rev:1; )
Reference in New Issue View Git Blame Copy Permalink