question regarding snort rule
Hi,
I am somewhat new to reading snort rule sets. Can someone translate this for me. Thanks.
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup?)"; flow:established,to_server
I am somewhat new to reading snort rule sets. Can someone translate this for me. Thanks.
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup?)"; flow:established,to_server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.