-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.rules
20 lines (20 loc) · 2.45 KB
/
test.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
alert tcp any any -> any 80 (msg:"HTTP test.gilgil.net access"; content:"GET /"; content:"Host: ";content:"test.gilgil.net"; sid:10000; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.naver.com access"; tls.sni; content:"www.naver.com"; nocase; sid: 10001; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.google.com access"; tls.sni; content:"www.google.com"; nocase; sid: 10002; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS github.com access"; tls.sni; content:"github.com"; nocase; sid: 10003; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS nlog.dev access"; tls.sni; content:"nlog.dev"; nocase; sid: 10004; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS t.me access"; tls.sni; content:"t.me"; nocase; sid: 10005; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.youtube.com access"; tls.sni; content:"www.youtube.com"; nocase; sid: 10006; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.acmicpc.net access"; tls.sni; content:"www.acmicpc.net"; nocase; sid: 10007; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS codeforces.com access"; tls.sni; content:"codeforces.com"; nocase; sid: 10008; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.office.com access"; tls.sni; content:"www.office.com"; nocase; sid: 10009; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS koi.or.kr access"; tls.sni; content:"koi.or.kr"; nocase; sid: 10010; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS codeup.kr access"; tls.sni; content:"codeup.kr"; nocase; sid: 10011; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.kitribob.kr access"; tls.sni; content:"www.kitribob.kr"; nocase; sid: 10012; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS nnnlog.tistory.com access"; tls.sni; content:"nnnlog.tistory.com"; nocase; sid: 10013; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS cloud.mongodb.com access"; tls.sni; content:"cloud.mongodb.com"; nocase; sid: 10014; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS www.ebsi.co.kr access"; tls.sni; content:"www.ebsi.co.kr"; nocase; sid: 10015; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS tcpschool.com access"; tls.sni; content:"tcpschool.com"; nocase; sid: 10016; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS atcoder.jp access"; tls.sni; content:"atcoder.jp"; nocase; sid: 10017; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS gitlab.com access"; tls.sni; content:"gitlab.com"; nocase; sid: 10018; rev:1;)
alert tcp any any -> any 443 (msg:"HTTPS solved.ac access"; tls.sni; content:"solved.ac"; nocase; sid: 10019; rev:1;)