--- /dev/null
+alert ssh any any -> any any (ssh.software; content:"OpenSSH"; sid:1;)
+# broken?
+#alert ssh any any -> any any (ssh.softwareversion:OpenSSH_7.4; sid:2;)
+alert ssh any any -> any any (ssh.proto; content:"2"; sid:3;)
ssh.client.proto_version: "2.0"
ssh.server.proto_version: "2.0"
ssh.client.software_version: "OpenSSH_for_Windows_7.7"
- ssh.server.software_version: "OpenSSH_7.4"
\ No newline at end of file
+ ssh.server.software_version: "OpenSSH_7.4"
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 1
projects / thirdparty / suricata-verify.git / commitdiff
