Skip to content

Instantly share code, notes, and snippets.

@defensivedepth

defensivedepth/gist:fd33cc6e7bbd8826ce7e4b27c4841aec

Created March 19, 2021 14:01
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save defensivedepth/fd33cc6e7bbd8826ce7e4b27c4841aec to your computer and use it in GitHub Desktop.
Save defensivedepth/fd33cc6e7bbd8826ce7e4b27c4841aec to your computer and use it in GitHub Desktop.
Download ZIP
Security Onion 2 - Hunt query for HTTP over non-HTTP ports
Raw
gistfile1.txt
# Security Onion 2 - Hunt query for HTTP over non-HTTP ports grouped by port, http method, virtual host, uri & user agent
event.dataset:http AND NOT destination.port: "80" AND NOT destination.port: "8080" | groupby destination.port http.method http.virtual_host http.uri http.useragent
@defensivedepth
Copy link
Author

defensivedepth commented Mar 23, 2021
edited

np! Defenders have to stick together! :)

Also, had help from the team to find that zscaler link, wasn't just me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment