-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathELITEWOLF_SNORT_AllenBradley_RockwellAutomation.txt
14 lines (14 loc) · 2.35 KB
/
ELITEWOLF_SNORT_AllenBradley_RockwellAutomation.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-TCP REQUEST"; content:"/rokform/advancedDiags?pageReq=tcp"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-SYSTEM DATA DETAIL"; content:"/rokform/SysDataDetail?name="; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-UDP TABLE"; content:"/rokform/advancedDiags?pageReq=udptable"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-TCP CONNECT"; content:"rokform/advancedDiags?pageReq=tcpconn"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-IP ROUTE"; content:"/rokform/advancedDiags?pageReq=iproute"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-GENERAL MEMORY"; content:"/rokform/advancedDiags?pageReq=genmem"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-HEAP REQUEST"; content:"/rokform/advancedDiags?pageReq=heap"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-ICMP REQUEST"; content:"/rokform/advancedDiags?pageReq=icmp"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-ARP REQUEST"; content:"/rokform/advancedDiags?pageReq=arp"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-UDP REQUEST"; content:"/rokform/advancedDiags?pageReq=udp"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-IF REQUEST"; content:"/rokform/advancedDiags?pageReq=if"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-IP REQUEST"; content:"/rokform/advancedDiags?pageReq=ip"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-CSS Path"; content:"/css/radevice.css"; sid:1; rev:1;)
alert tcp any 80 -> any any (msg: "ELITEWOLF Allen-Bradley/Rockwell Automation URL Path Activity-SYSTEM LIST DATA"; content:"/rokform/SysListDetail?name=";sid:1;rev:1;)