代码拉取完成,页面将自动刷新
# RSA DPM - "Data Protection Management"
# kcomollo 12-01-2017 edited to change protocol type to any
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Physical Memory status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "|5b|Type|3a|Physical"; content: "YELLOW"; distance: 45; within: 25; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003938; sid:5003938; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Physical Memory status RED [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "|5b|Type|3a|Physical"; content: "RED"; distance: 45; within: 25; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003939; sid:5003939; rev:3;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Swap-Memory Memory status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "Type|3a|Swap-Memory"; content: "YELLOW"; distance: 45; within: 25; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003940; sid:5003940; rev:3;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Swap-Memory Memory status Red [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "Type|3a|Swap-Memory"; content: "RED"; distance: 45; within: 25; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003941; sid:5003941; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Disk status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "DiskInfo|3d|"; content: "YELLOW"; distance: 25; within: 10; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003942; sid:5003942; rev:3;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Disk status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "DiskInfo|3d|"; content: "RED"; distance: 25; within: 10; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003943; sid:5003943; rev:3;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] CPU status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "No|3a|CPU|2d|"; content: "YELLOW"; distance: 20; within: 12; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003944; sid:5003944; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] CPU status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "No|3a|CPU|2d|"; content: "RED"; distance: 20; within: 12; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003945; sid:5003945; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] APACHE status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "APACHE|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003946; sid:5003946; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] APACHE status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "APACHE|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003947; sid:5003947; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] TOMCAT status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "TOMCAT|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003948; sid:5003948; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] TOMCAT status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "TOMCAT|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003949; sid:5003949; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] ORACLE status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "ORACLE|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003950; sid:5003950; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] ORACLE status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "ORACLE|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003951; sid:5003951; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] AXM status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "AXM|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003952; sid:5003952; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] AXM status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "AXM|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003953; sid:5003953; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] APPLIANCE_SYSTEM status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "APPLIANCE|5f|SYSTEM|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003954; sid:5003954; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] APPLIANCE_SYSTEM status Red"; content: "RKMA_MONITORING_EVENT"; content: "APPLIANCE|5f|SYSTEM|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003955; sid:5003955; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/appliance-console status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "appliance|2d|console|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003956; sid:5003956; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/appliance-console status Red - [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "appliance|2d|console|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003957; sid:5003957; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/admingui status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "admingui|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003958; sid:5003958; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/admingui status Red"; content: "RKMA_MONITORING_EVENT"; content: "admingui|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003959; sid:5003959; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/KMS/diagnostics.jsp status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "diagnostics|2e|jsp|2c|Status|3a|YELLOW";threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003960; sid:5003960; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] URL:/KMS/diagnostics.jsp status Red [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "diagnostics|2e|jsp|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003961; sid:5003961; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Certificate ServerCert status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "ServerCert|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003962; sid:5003962; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Certificate ServerCert status Red [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "ServerCert|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003963; sid:5003963; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Certificate RootCA status Yellow"; content: "RKMA_MONITORING_EVENT"; content: "RootCA|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 5, secounds 900; reference: url,wiki.quadrantsec.com/bin/view/Main/5003964; sid:5003964; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Certificate RootCA status Red [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "RootCA|2c|Status|3a|RED"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003965; sid:5003965; rev:2;)
alert any $HOME_NET any -> $EXTERNAL_NET any (msg: "[RSA-DPM] Certificate ChainCA status Red [Critical]"; content: "RKMA_MONITORING_EVENT"; content: "ChainCA|2c|Status|3a|YELLOW"; threshold: type suppress, track by_src, count 2, seconds 300; reference: url,wiki.quadrantsec.com/bin/view/Main/5003966; sid:5003966; rev:2;)
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化