├── .last_used_sid ├── ChangeLog ├── README ├── adtran.rules ├── apache.rules ├── apc-emu.rules ├── arp.rules ├── artillery.rules ├── as400.rules ├── asterisk.rules ├── attack.rules ├── azure-eventhub-ad-geoip.rules ├── azure-eventhub-ad.rules ├── barracuda.rules ├── bash.rules ├── bind.rules ├── blacklist.rules ├── bluedot-categories.conf ├── bluedot.rules ├── bonding.rules ├── bro-bluedot.rules ├── bro-ids.rules ├── bro-intel.rules ├── cacti-thold.rules ├── carbonblack.rules ├── centrify.rules ├── cisco-aetas.rules ├── cisco-amp.rules ├── cisco-blacklist.rules ├── cisco-bluedot.rules ├── cisco-brointel.rules ├── cisco-correlated.rules ├── cisco-cucm.rules ├── cisco-geoip.rules ├── cisco-ios.rules ├── cisco-ise-blacklist.rules ├── cisco-ise-bluedot.rules ├── cisco-ise-brointel.rules ├── cisco-ise-geoip.rules ├── cisco-ise.rules ├── cisco-malware.rules ├── cisco-meraki.rules ├── cisco-pixasa.rules ├── cisco-prime.rules ├── cisco-sdee.rules ├── cisco-wlc.rules ├── citrix-blacklist.rules ├── citrix-bluedot.rules ├── citrix-brointel.rules ├── citrix-correlated.rules ├── citrix-geoip.rules ├── citrix.rules ├── classification.config ├── courier-bluedot.rules ├── courier-correlated.rules ├── courier-geoip.rules ├── courier.rules ├── crowdstrike.rules ├── cylance.rules ├── deleted.rules ├── digitalpersona.rules ├── dovecot.rules ├── dynamic.rules ├── f5-big-ip-bluedot.rules ├── f5-big-ip-geoip.rules ├── f5-big-ip.rules ├── fatpipe-aetas.rules ├── fatpipe-bluedot.rules ├── fatpipe-correlated.rules ├── fatpipe-geoip.rules ├── fatpipe.rules ├── fingerprint.rules ├── fipaypin.rules ├── fortinet-aetas.rules ├── fortinet-bluedot.rules ├── fortinet-correlated.rules ├── fortinet-geoip.rules ├── fortinet-malware.rules ├── fortinet.rules ├── ftpd.rules ├── gen-msg.map ├── grsec.rules ├── honeyd.rules ├── hordeimp.rules ├── hostapd.rules ├── huawei.rules ├── imapd-bluedot.rules ├── imapd-correlated.rules ├── imapd-geoip.rules ├── imapd.rules ├── incapsula.rules ├── ipop3d.rules ├── json-input.map ├── json-message.map ├── juniper-aetas.rules ├── juniper-bluedot.rules ├── juniper-geoip.rules ├── juniper.rules ├── kismet.rules ├── knockd.rules ├── linux-kernel.rules ├── mcafee-web-gateway.rules ├── milter.rules ├── mongodb.rules ├── msapi-airinvestigation.rules ├── msapi-azuread-bluedot.rules ├── msapi-azuread-geoip.rules ├── msapi-azuread.rules ├── msapi-exchange-bluedot.rules ├── msapi-exchange-geoip.rules ├── msapi-exchange.rules ├── msapi-microsoftflow-bluedot.rules ├── msapi-microsoftflow-geoip.rules ├── msapi-microsoftforms-bluedot.rules ├── msapi-microsoftforms-geoip.rules ├── msapi-microsoftstream-bluedot.rules ├── msapi-microsoftstream-geoip.rules ├── msapi-microsoftteams-bluedot.rules ├── msapi-microsoftteams-geoip.rules ├── msapi-onedrive-bluedot.rules ├── msapi-onedrive-geoip.rules ├── msapi-onedrive.rules ├── msapi-powerbi-bluedot.rules ├── msapi-powerbi-geoip.rules ├── msapi-securitycompliancecenter.rules ├── msapi-sharepoint-bluedot.rules ├── msapi-sharepoint-geoip.rules ├── msapi-sharepoint.rules ├── msapi-threatintelligence.rules ├── mysql.rules ├── nexpose.rules ├── nfcapd-malware.rules ├── nfcapd.rules ├── nginx.rules ├── normalization.rulebase ├── ntp.rules ├── nxlog.rules ├── office365.rules ├── onelogin.rules ├── openssh-aetas.rules ├── openssh-bluedot.rules ├── openssh-correlated.rules ├── openssh-geoip.rules ├── openssh.rules ├── openvpn.rules ├── oracle.rules ├── ossec-mi.rules ├── ossec.rules ├── palo-alto-geoip.rules ├── palo-alto.rules ├── passwordstate.rules ├── php.rules ├── postfix.rules ├── postgresql.rules ├── pptp.rules ├── procurve.rules ├── proftpd-aetas.rules ├── proftpd-bluedot.rules ├── proftpd-geoip.rules ├── proftpd.rules ├── proofpoint.rules ├── protocol.map ├── proxy-malware.rules ├── pure-ftpd.rules ├── racoon.rules ├── reference.config ├── riverbed-aetas.rules ├── riverbed-bluedot.rules ├── riverbed-geoip.rules ├── riverbed.rules ├── roundcube.rules ├── rsa-dpm.rules ├── rsync.rules ├── sagan-sid-msg.map ├── samba.rules ├── sendmail.rules ├── snort-bluedot.rules ├── snort-geoip.rules ├── snort.rules ├── solaris.rules ├── sonicwall.rules ├── squid.rules ├── ssh-tectia-server-aetas.rules ├── ssh-tectia-server-bluedot.rules ├── ssh-tectia-server-correlated.rules ├── ssh-tectia-server-geoip.rules ├── ssh-tectia-server.rules ├── su.rules ├── symantec-ems.rules ├── syslog.rules ├── tcp.rules ├── telnet.rules ├── trendmicro.rules ├── tripwire.rules ├── vmpop3d.rules ├── vmware-bluedot.rules ├── vmware-correlated.rules ├── vmware-geoip.rules ├── vmware.rules ├── vpopmail.rules ├── vsftpd-bluedot.rules ├── vsftpd-correlated.rules ├── vsftpd-geoip.rules ├── vsftpd.rules ├── watchguard-geoip.rules ├── watchguard.rules ├── web-attack.rules ├── weblabrinth.rules ├── windows-aetas.rules ├── windows-applocker.rules ├── windows-auth.rules ├── windows-blacklist.rules ├── windows-bluedot.rules ├── windows-brointel.rules ├── windows-correlated.rules ├── windows-emet.rules ├── windows-geoip.rules ├── windows-malware.rules ├── windows-misc.rules ├── windows-mssql.rules ├── windows-owa-blacklist.rules ├── windows-owa-bluedot.rules ├── windows-owa-brointel.rules ├── windows-owa-correlated.rules ├── windows-owa-geoip.rules ├── windows-owa.rules ├── windows-security.rules ├── windows-sysmon.rules ├── windows.rules ├── wordpress.rules ├── xinetd.rules ├── yubikey.rules ├── zeus.rules ├── zimbra-geoip.rules ├── zimbra.rules ├── zingbox.rules ├── zscaler-bluedot.rules └── zscaler.rules /.last_used_sid: -------------------------------------------------------------------------------- 1 | Normal Rule: 5005233 2 | Fingerprint: 5100132 3 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ChangeLog -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/README -------------------------------------------------------------------------------- /adtran.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/adtran.rules -------------------------------------------------------------------------------- /apache.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/apache.rules -------------------------------------------------------------------------------- /apc-emu.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/apc-emu.rules -------------------------------------------------------------------------------- /arp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/arp.rules -------------------------------------------------------------------------------- /artillery.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/artillery.rules -------------------------------------------------------------------------------- /as400.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/as400.rules -------------------------------------------------------------------------------- /asterisk.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/asterisk.rules -------------------------------------------------------------------------------- /attack.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/attack.rules -------------------------------------------------------------------------------- /azure-eventhub-ad-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/azure-eventhub-ad-geoip.rules -------------------------------------------------------------------------------- /azure-eventhub-ad.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/azure-eventhub-ad.rules -------------------------------------------------------------------------------- /barracuda.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/barracuda.rules -------------------------------------------------------------------------------- /bash.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bash.rules -------------------------------------------------------------------------------- /bind.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bind.rules -------------------------------------------------------------------------------- /blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/blacklist.rules -------------------------------------------------------------------------------- /bluedot-categories.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bluedot-categories.conf -------------------------------------------------------------------------------- /bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bluedot.rules -------------------------------------------------------------------------------- /bonding.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bonding.rules -------------------------------------------------------------------------------- /bro-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bro-bluedot.rules -------------------------------------------------------------------------------- /bro-ids.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bro-ids.rules -------------------------------------------------------------------------------- /bro-intel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/bro-intel.rules -------------------------------------------------------------------------------- /cacti-thold.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cacti-thold.rules -------------------------------------------------------------------------------- /carbonblack.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/carbonblack.rules -------------------------------------------------------------------------------- /centrify.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/centrify.rules -------------------------------------------------------------------------------- /cisco-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-aetas.rules -------------------------------------------------------------------------------- /cisco-amp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-amp.rules -------------------------------------------------------------------------------- /cisco-blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-blacklist.rules -------------------------------------------------------------------------------- /cisco-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-bluedot.rules -------------------------------------------------------------------------------- /cisco-brointel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-brointel.rules -------------------------------------------------------------------------------- /cisco-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-correlated.rules -------------------------------------------------------------------------------- /cisco-cucm.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-cucm.rules -------------------------------------------------------------------------------- /cisco-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-geoip.rules -------------------------------------------------------------------------------- /cisco-ios.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ios.rules -------------------------------------------------------------------------------- /cisco-ise-blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ise-blacklist.rules -------------------------------------------------------------------------------- /cisco-ise-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ise-bluedot.rules -------------------------------------------------------------------------------- /cisco-ise-brointel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ise-brointel.rules -------------------------------------------------------------------------------- /cisco-ise-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ise-geoip.rules -------------------------------------------------------------------------------- /cisco-ise.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-ise.rules -------------------------------------------------------------------------------- /cisco-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-malware.rules -------------------------------------------------------------------------------- /cisco-meraki.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-meraki.rules -------------------------------------------------------------------------------- /cisco-pixasa.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-pixasa.rules -------------------------------------------------------------------------------- /cisco-prime.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-prime.rules -------------------------------------------------------------------------------- /cisco-sdee.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-sdee.rules -------------------------------------------------------------------------------- /cisco-wlc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cisco-wlc.rules -------------------------------------------------------------------------------- /citrix-blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix-blacklist.rules -------------------------------------------------------------------------------- /citrix-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix-bluedot.rules -------------------------------------------------------------------------------- /citrix-brointel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix-brointel.rules -------------------------------------------------------------------------------- /citrix-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix-correlated.rules -------------------------------------------------------------------------------- /citrix-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix-geoip.rules -------------------------------------------------------------------------------- /citrix.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/citrix.rules -------------------------------------------------------------------------------- /classification.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/classification.config -------------------------------------------------------------------------------- /courier-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/courier-bluedot.rules -------------------------------------------------------------------------------- /courier-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/courier-correlated.rules -------------------------------------------------------------------------------- /courier-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/courier-geoip.rules -------------------------------------------------------------------------------- /courier.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/courier.rules -------------------------------------------------------------------------------- /crowdstrike.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/crowdstrike.rules -------------------------------------------------------------------------------- /cylance.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/cylance.rules -------------------------------------------------------------------------------- /deleted.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/deleted.rules -------------------------------------------------------------------------------- /digitalpersona.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/digitalpersona.rules -------------------------------------------------------------------------------- /dovecot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/dovecot.rules -------------------------------------------------------------------------------- /dynamic.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/dynamic.rules -------------------------------------------------------------------------------- /f5-big-ip-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/f5-big-ip-bluedot.rules -------------------------------------------------------------------------------- /f5-big-ip-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/f5-big-ip-geoip.rules -------------------------------------------------------------------------------- /f5-big-ip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/f5-big-ip.rules -------------------------------------------------------------------------------- /fatpipe-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fatpipe-aetas.rules -------------------------------------------------------------------------------- /fatpipe-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fatpipe-bluedot.rules -------------------------------------------------------------------------------- /fatpipe-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fatpipe-correlated.rules -------------------------------------------------------------------------------- /fatpipe-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fatpipe-geoip.rules -------------------------------------------------------------------------------- /fatpipe.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fatpipe.rules -------------------------------------------------------------------------------- /fingerprint.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fingerprint.rules -------------------------------------------------------------------------------- /fipaypin.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fipaypin.rules -------------------------------------------------------------------------------- /fortinet-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet-aetas.rules -------------------------------------------------------------------------------- /fortinet-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet-bluedot.rules -------------------------------------------------------------------------------- /fortinet-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet-correlated.rules -------------------------------------------------------------------------------- /fortinet-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet-geoip.rules -------------------------------------------------------------------------------- /fortinet-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet-malware.rules -------------------------------------------------------------------------------- /fortinet.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/fortinet.rules -------------------------------------------------------------------------------- /ftpd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ftpd.rules -------------------------------------------------------------------------------- /gen-msg.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/gen-msg.map -------------------------------------------------------------------------------- /grsec.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/grsec.rules -------------------------------------------------------------------------------- /honeyd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/honeyd.rules -------------------------------------------------------------------------------- /hordeimp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/hordeimp.rules -------------------------------------------------------------------------------- /hostapd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/hostapd.rules -------------------------------------------------------------------------------- /huawei.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/huawei.rules -------------------------------------------------------------------------------- /imapd-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/imapd-bluedot.rules -------------------------------------------------------------------------------- /imapd-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/imapd-correlated.rules -------------------------------------------------------------------------------- /imapd-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/imapd-geoip.rules -------------------------------------------------------------------------------- /imapd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/imapd.rules -------------------------------------------------------------------------------- /incapsula.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/incapsula.rules -------------------------------------------------------------------------------- /ipop3d.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ipop3d.rules -------------------------------------------------------------------------------- /json-input.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/json-input.map -------------------------------------------------------------------------------- /json-message.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/json-message.map -------------------------------------------------------------------------------- /juniper-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/juniper-aetas.rules -------------------------------------------------------------------------------- /juniper-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/juniper-bluedot.rules -------------------------------------------------------------------------------- /juniper-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/juniper-geoip.rules -------------------------------------------------------------------------------- /juniper.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/juniper.rules -------------------------------------------------------------------------------- /kismet.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/kismet.rules -------------------------------------------------------------------------------- /knockd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/knockd.rules -------------------------------------------------------------------------------- /linux-kernel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/linux-kernel.rules -------------------------------------------------------------------------------- /mcafee-web-gateway.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/mcafee-web-gateway.rules -------------------------------------------------------------------------------- /milter.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/milter.rules -------------------------------------------------------------------------------- /mongodb.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/mongodb.rules -------------------------------------------------------------------------------- /msapi-airinvestigation.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-airinvestigation.rules -------------------------------------------------------------------------------- /msapi-azuread-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-azuread-bluedot.rules -------------------------------------------------------------------------------- /msapi-azuread-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-azuread-geoip.rules -------------------------------------------------------------------------------- /msapi-azuread.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-azuread.rules -------------------------------------------------------------------------------- /msapi-exchange-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-exchange-bluedot.rules -------------------------------------------------------------------------------- /msapi-exchange-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-exchange-geoip.rules -------------------------------------------------------------------------------- /msapi-exchange.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-exchange.rules -------------------------------------------------------------------------------- /msapi-microsoftflow-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftflow-bluedot.rules -------------------------------------------------------------------------------- /msapi-microsoftflow-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftflow-geoip.rules -------------------------------------------------------------------------------- /msapi-microsoftforms-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftforms-bluedot.rules -------------------------------------------------------------------------------- /msapi-microsoftforms-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftforms-geoip.rules -------------------------------------------------------------------------------- /msapi-microsoftstream-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftstream-bluedot.rules -------------------------------------------------------------------------------- /msapi-microsoftstream-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftstream-geoip.rules -------------------------------------------------------------------------------- /msapi-microsoftteams-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftteams-bluedot.rules -------------------------------------------------------------------------------- /msapi-microsoftteams-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-microsoftteams-geoip.rules -------------------------------------------------------------------------------- /msapi-onedrive-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-onedrive-bluedot.rules -------------------------------------------------------------------------------- /msapi-onedrive-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-onedrive-geoip.rules -------------------------------------------------------------------------------- /msapi-onedrive.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-onedrive.rules -------------------------------------------------------------------------------- /msapi-powerbi-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-powerbi-bluedot.rules -------------------------------------------------------------------------------- /msapi-powerbi-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-powerbi-geoip.rules -------------------------------------------------------------------------------- /msapi-securitycompliancecenter.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-securitycompliancecenter.rules -------------------------------------------------------------------------------- /msapi-sharepoint-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-sharepoint-bluedot.rules -------------------------------------------------------------------------------- /msapi-sharepoint-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-sharepoint-geoip.rules -------------------------------------------------------------------------------- /msapi-sharepoint.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-sharepoint.rules -------------------------------------------------------------------------------- /msapi-threatintelligence.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/msapi-threatintelligence.rules -------------------------------------------------------------------------------- /mysql.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/mysql.rules -------------------------------------------------------------------------------- /nexpose.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/nexpose.rules -------------------------------------------------------------------------------- /nfcapd-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/nfcapd-malware.rules -------------------------------------------------------------------------------- /nfcapd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/nfcapd.rules -------------------------------------------------------------------------------- /nginx.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/nginx.rules -------------------------------------------------------------------------------- /normalization.rulebase: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/normalization.rulebase -------------------------------------------------------------------------------- /ntp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ntp.rules -------------------------------------------------------------------------------- /nxlog.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/nxlog.rules -------------------------------------------------------------------------------- /office365.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/office365.rules -------------------------------------------------------------------------------- /onelogin.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/onelogin.rules -------------------------------------------------------------------------------- /openssh-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openssh-aetas.rules -------------------------------------------------------------------------------- /openssh-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openssh-bluedot.rules -------------------------------------------------------------------------------- /openssh-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openssh-correlated.rules -------------------------------------------------------------------------------- /openssh-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openssh-geoip.rules -------------------------------------------------------------------------------- /openssh.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openssh.rules -------------------------------------------------------------------------------- /openvpn.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/openvpn.rules -------------------------------------------------------------------------------- /oracle.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/oracle.rules -------------------------------------------------------------------------------- /ossec-mi.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ossec-mi.rules -------------------------------------------------------------------------------- /ossec.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ossec.rules -------------------------------------------------------------------------------- /palo-alto-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/palo-alto-geoip.rules -------------------------------------------------------------------------------- /palo-alto.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/palo-alto.rules -------------------------------------------------------------------------------- /passwordstate.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/passwordstate.rules -------------------------------------------------------------------------------- /php.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/php.rules -------------------------------------------------------------------------------- /postfix.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/postfix.rules -------------------------------------------------------------------------------- /postgresql.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/postgresql.rules -------------------------------------------------------------------------------- /pptp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/pptp.rules -------------------------------------------------------------------------------- /procurve.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/procurve.rules -------------------------------------------------------------------------------- /proftpd-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proftpd-aetas.rules -------------------------------------------------------------------------------- /proftpd-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proftpd-bluedot.rules -------------------------------------------------------------------------------- /proftpd-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proftpd-geoip.rules -------------------------------------------------------------------------------- /proftpd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proftpd.rules -------------------------------------------------------------------------------- /proofpoint.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proofpoint.rules -------------------------------------------------------------------------------- /protocol.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/protocol.map -------------------------------------------------------------------------------- /proxy-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/proxy-malware.rules -------------------------------------------------------------------------------- /pure-ftpd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/pure-ftpd.rules -------------------------------------------------------------------------------- /racoon.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/racoon.rules -------------------------------------------------------------------------------- /reference.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/reference.config -------------------------------------------------------------------------------- /riverbed-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/riverbed-aetas.rules -------------------------------------------------------------------------------- /riverbed-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/riverbed-bluedot.rules -------------------------------------------------------------------------------- /riverbed-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/riverbed-geoip.rules -------------------------------------------------------------------------------- /riverbed.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/riverbed.rules -------------------------------------------------------------------------------- /roundcube.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/roundcube.rules -------------------------------------------------------------------------------- /rsa-dpm.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/rsa-dpm.rules -------------------------------------------------------------------------------- /rsync.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/rsync.rules -------------------------------------------------------------------------------- /sagan-sid-msg.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/sagan-sid-msg.map -------------------------------------------------------------------------------- /samba.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/samba.rules -------------------------------------------------------------------------------- /sendmail.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/sendmail.rules -------------------------------------------------------------------------------- /snort-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/snort-bluedot.rules -------------------------------------------------------------------------------- /snort-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/snort-geoip.rules -------------------------------------------------------------------------------- /snort.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/snort.rules -------------------------------------------------------------------------------- /solaris.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/solaris.rules -------------------------------------------------------------------------------- /sonicwall.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/sonicwall.rules -------------------------------------------------------------------------------- /squid.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/squid.rules -------------------------------------------------------------------------------- /ssh-tectia-server-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ssh-tectia-server-aetas.rules -------------------------------------------------------------------------------- /ssh-tectia-server-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ssh-tectia-server-bluedot.rules -------------------------------------------------------------------------------- /ssh-tectia-server-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ssh-tectia-server-correlated.rules -------------------------------------------------------------------------------- /ssh-tectia-server-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ssh-tectia-server-geoip.rules -------------------------------------------------------------------------------- /ssh-tectia-server.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/ssh-tectia-server.rules -------------------------------------------------------------------------------- /su.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/su.rules -------------------------------------------------------------------------------- /symantec-ems.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/symantec-ems.rules -------------------------------------------------------------------------------- /syslog.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/syslog.rules -------------------------------------------------------------------------------- /tcp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/tcp.rules -------------------------------------------------------------------------------- /telnet.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/telnet.rules -------------------------------------------------------------------------------- /trendmicro.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/trendmicro.rules -------------------------------------------------------------------------------- /tripwire.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/tripwire.rules -------------------------------------------------------------------------------- /vmpop3d.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vmpop3d.rules -------------------------------------------------------------------------------- /vmware-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vmware-bluedot.rules -------------------------------------------------------------------------------- /vmware-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vmware-correlated.rules -------------------------------------------------------------------------------- /vmware-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vmware-geoip.rules -------------------------------------------------------------------------------- /vmware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vmware.rules -------------------------------------------------------------------------------- /vpopmail.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vpopmail.rules -------------------------------------------------------------------------------- /vsftpd-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vsftpd-bluedot.rules -------------------------------------------------------------------------------- /vsftpd-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vsftpd-correlated.rules -------------------------------------------------------------------------------- /vsftpd-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vsftpd-geoip.rules -------------------------------------------------------------------------------- /vsftpd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/vsftpd.rules -------------------------------------------------------------------------------- /watchguard-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/watchguard-geoip.rules -------------------------------------------------------------------------------- /watchguard.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/watchguard.rules -------------------------------------------------------------------------------- /web-attack.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/web-attack.rules -------------------------------------------------------------------------------- /weblabrinth.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/weblabrinth.rules -------------------------------------------------------------------------------- /windows-aetas.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-aetas.rules -------------------------------------------------------------------------------- /windows-applocker.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-applocker.rules -------------------------------------------------------------------------------- /windows-auth.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-auth.rules -------------------------------------------------------------------------------- /windows-blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-blacklist.rules -------------------------------------------------------------------------------- /windows-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-bluedot.rules -------------------------------------------------------------------------------- /windows-brointel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-brointel.rules -------------------------------------------------------------------------------- /windows-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-correlated.rules -------------------------------------------------------------------------------- /windows-emet.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-emet.rules -------------------------------------------------------------------------------- /windows-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-geoip.rules -------------------------------------------------------------------------------- /windows-malware.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-malware.rules -------------------------------------------------------------------------------- /windows-misc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-misc.rules -------------------------------------------------------------------------------- /windows-mssql.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-mssql.rules -------------------------------------------------------------------------------- /windows-owa-blacklist.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa-blacklist.rules -------------------------------------------------------------------------------- /windows-owa-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa-bluedot.rules -------------------------------------------------------------------------------- /windows-owa-brointel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa-brointel.rules -------------------------------------------------------------------------------- /windows-owa-correlated.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa-correlated.rules -------------------------------------------------------------------------------- /windows-owa-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa-geoip.rules -------------------------------------------------------------------------------- /windows-owa.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-owa.rules -------------------------------------------------------------------------------- /windows-security.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-security.rules -------------------------------------------------------------------------------- /windows-sysmon.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows-sysmon.rules -------------------------------------------------------------------------------- /windows.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/windows.rules -------------------------------------------------------------------------------- /wordpress.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/wordpress.rules -------------------------------------------------------------------------------- /xinetd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/xinetd.rules -------------------------------------------------------------------------------- /yubikey.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/yubikey.rules -------------------------------------------------------------------------------- /zeus.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zeus.rules -------------------------------------------------------------------------------- /zimbra-geoip.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zimbra-geoip.rules -------------------------------------------------------------------------------- /zimbra.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zimbra.rules -------------------------------------------------------------------------------- /zingbox.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zingbox.rules -------------------------------------------------------------------------------- /zscaler-bluedot.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zscaler-bluedot.rules -------------------------------------------------------------------------------- /zscaler.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/beave/sagan-rules/HEAD/zscaler.rules --------------------------------------------------------------------------------