I´m very new at Suricata, sorry if i made some mistakes. And English isn´t my language.
Thne goal to put a Surcita server on mi LAN and check who are checking for snmp open machines on the network. Because or snmp activated UPS, are sending us menssages that someone one the LAN are try to ask for snmp data.
Server install Already Done.
But i need some help to create a rule for SNMP attacking the suricata server.
#TESTING MY OWN RULES
alert snmp any any -> any any (msg:"old SNMP version (<3)"; snmp.version:<3; sid:1; rev:1;)
alert snmp any any -> any any (msg:"SNMP community private"; snmp.community; content:"private"; sid:2; rev:1;)
alert snmp any any -> any any (msg:"SNMP community public"; snmp.community; content:"public"; sid:2; rev:1;)
Access remotely with snmp to the server and not get any alert on fast.log