bomgar.rules

# Sagan bomgar.rules
# Copyright (c) 2009-2024. Quadrant Information Security <www.quadrantsec.com>
# All rights reserved.
#
# Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list
#
#*************************************************************
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
#  following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#*************************************************************

# rules by "Bryant Smith" <bsmith@quadrantsec.com>
# 07/08/2024

#Bomgar was renamed to Beyond Trust!
#Reference: https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm

alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_group_added"; program:bomgar; content:"event=account_group_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014687; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_group_changed"; program:bomgar; content:"event=account_group_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014688; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_group_removed"; program:bomgar; content:"event=account_group_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014689; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_added"; program:bomgar; content:"event=account_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014690; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_changed"; program:bomgar; content:"event=account_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014691; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_removed"; program:bomgar; content:"event=account_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014692; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_jump_item_association_added"; program:bomgar; content:"event=account_jump_item_association_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014693; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_jump_item_association_changed"; program:bomgar; content:"event=account_jump_item_association_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014694; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_jump_item_direct_association_added"; program:bomgar; content:"event=account_jump_item_direct_association_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014695; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust account_jump_item_direct_association_removed"; program:bomgar; content:"event=account_jump_item_direct_association_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014696; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust accounts_changed"; program:bomgar; content:"event=accounts_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014697; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_added"; program:bomgar; content:"event=access_sponsor_group_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014698; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_changed"; program:bomgar; content:"event=access_sponsor_group_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014699; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_member_added"; program:bomgar; content:"event=access_sponsor_group_member_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014700; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_member_changed"; program:bomgar; content:"event=access_sponsor_group_member_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014701; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_member_removed"; program:bomgar; content:"event=access_sponsor_group_member_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014702; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust access_sponsor_group_removed"; program:bomgar; content:"event=access_sponsor_group_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014703; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust admin_password_reset_to_factory_default"; program:bomgar; content:"event=admin_password_reset_to_factory_default"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014704; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust api_account_added"; program:bomgar; content:"event=api_account_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014705; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust api_account_changed"; program:bomgar; content:"event=api_account_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014706; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust api_account_removed"; program:bomgar; content:"event=api_account_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014707; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust backup_created"; program:bomgar; content:"event=backup_created"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014708; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_added"; program:bomgar; content:"event=canned_message_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014709; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_category_added"; program:bomgar; content:"event=canned_message_category_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014710; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_cateogry_changed"; program:bomgar; content:"event=canned_message_cateogry_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014711; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_category_removed"; program:bomgar; content:"event=canned_message_category_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014712; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_changed"; program:bomgar; content:"event=canned_message_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014713; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_removed"; program:bomgar; content:"event=canned_message_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014714; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_team_added"; program:bomgar; content:"event=canned_message_team_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014715; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_team_changed"; program:bomgar; content:"event=canned_message_team_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014716; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_message_team_removed"; program:bomgar; content:"event=canned_message_team_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014717; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_added"; program:bomgar; content:"event=canned_script_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014718; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_category_added"; program:bomgar; content:"event=canned_script_category_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014719; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_category_removed"; program:bomgar; content:"event=canned_script_category_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014720; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_changed"; program:bomgar; content:"event=canned_script_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014721; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_file_added"; program:bomgar; content:"event=canned_script_file_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014722; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_file_removed"; program:bomgar; content:"event=canned_script_file_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014723; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_removed"; program:bomgar; content:"event=canned_script_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014724; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_team_added"; program:bomgar; content:"event=canned_script_team_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014725; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_script_team_removed"; program:bomgar; content:"event=canned_script_team_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014726; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_scripts_category_added"; program:bomgar; content:"event=canned_scripts_category_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014727; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_scripts_category_removed"; program:bomgar; content:"event=canned_scripts_category_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014728; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_scripts_file_added"; program:bomgar; content:"event=canned_scripts_file_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014729; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust canned_scripts_file_removed"; program:bomgar; content:"event=canned_scripts_file_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014730; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust certificate_export"; program:bomgar; content:"event=certificate_export"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014731; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust change_display_name"; program:bomgar; content:"event=change_display_name"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014732; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust change_password"; program:bomgar; content:"event=change_password"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014733; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust change_username"; program:bomgar; content:"event=change_username"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014734; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_added"; program:bomgar; content:"event=cust_exit_survey_question_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014735; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_changed"; program:bomgar; content:"event=cust_exit_survey_question_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014736; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_option_added"; program:bomgar; content:"event=cust_exit_survey_question_option_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014737; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_option_changed"; program:bomgar; content:"event=cust_exit_survey_question_option_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014738; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_option_removed"; program:bomgar; content:"event=cust_exit_survey_question_option_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014739; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust cust_exit_survey_question_removed"; program:bomgar; content:"event=cust_exit_survey_question_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014740; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_rep_link_added"; program:bomgar; content:"event=custom_rep_link_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014741; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_rep_link_changed"; program:bomgar; content:"event=custom_rep_link_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014742; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_rep_link_removed"; program:bomgar; content:"event=custom_rep_link_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014743; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_attribute_added"; program:bomgar; content:"event=custom_session_attribute_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014744; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_attribute_changed"; program:bomgar; content:"event=custom_session_attribute_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014745; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_attribute_removed"; program:bomgar; content:"event=custom_session_attribute_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014746; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_policy_added"; program:bomgar; content:"event=custom_session_policy_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014747; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_policy_changed"; program:bomgar; content:"event=custom_session_policy_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014748; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_session_policy_removed"; program:bomgar; content:"event=custom_session_policy_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014749; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_special_action_added"; program:bomgar; content:"event=custom_special_action_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014750; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_special_action_changed"; program:bomgar; content:"event=custom_special_action_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014751; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust custom_special_action_removed"; program:bomgar; content:"event=custom_special_action_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014752; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customer_notice_added"; program:bomgar; content:"event=customer_notice_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014753; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customer_notice_changed"; program:bomgar; content:"event=customer_notice_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014754; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customer_notice_public_site_added"; program:bomgar; content:"event=customer_notice_public_site_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014755; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customer_notice_public_site_removed"; program:bomgar; content:"event=customer_notice_public_site_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014756; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customer_notice_removed"; program:bomgar; content:"event=customer_notice_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014757; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust customizable_text_changed"; program:bomgar; content:"event=customizable_text_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014758; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust default_site_changed"; program:bomgar; content:"event=default_site_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014759; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust discovery_error_added"; program:bomgar; content:"event=discovery_error_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014760; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust discovery_error_changed"; program:bomgar; content:"event=discovery_error_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014761; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust discovery_error_removed"; program:bomgar; content:"event=discovery_error_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014762; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust domain_added"; program:bomgar; content:"event=domain_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014763; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust domain_changed"; program:bomgar; content:"event=domain_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014764; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust domain_removed"; program:bomgar; content:"event=domain_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014765; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust downloaded_rep_client"; program:bomgar; content:"event=downloaded_rep_client"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014766; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust endpoint_changed"; program:bomgar; content:"event=endpoint_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014767; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust endpoint_removed"; program:bomgar; content:"event=endpoint_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014768; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust eula_accepted"; program:bomgar; content:"event=eula_accepted"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014769; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust fido2_credential_added"; program:bomgar; content:"event=fido2_credential_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014770; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust fido2_credential_changed"; program:bomgar; content:"event=fido2_credential_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014771; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust fido2_credential_removed"; program:bomgar; content:"event=fido2_credential_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014772; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust file_removed_from_file_store"; program:bomgar; content:"event=file_removed_from_file_store"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014773; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust file_uploaded_to_file_store"; program:bomgar; content:"event=file_uploaded_to_file_store"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014774; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_added"; program:bomgar; content:"event=group_policy_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014775; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_changed"; program:bomgar; content:"event=group_policy_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014776; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_member_added"; program:bomgar; content:"event=group_policy_member_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014777; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_member_removed"; program:bomgar; content:"event=group_policy_member_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014778; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_removed"; program:bomgar; content:"event=group_policy_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014779; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_setting_added"; program:bomgar; content:"event=group_policy_setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014780; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_setting_changed"; program:bomgar; content:"event=group_policy_setting_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014781; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust group_policy_setting_removed"; program:bomgar; content:"event=group_policy_setting_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014782; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ios_content_item_added"; program:bomgar; content:"event=ios_content_item_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014783; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ios_content_item_changed"; program:bomgar; content:"event=ios_content_item_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014784; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ios_content_item_removed"; program:bomgar; content:"event=ios_content_item_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014785; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_item_role_added"; program:bomgar; content:"event=jump_item_role_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014786; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_item_role_changed"; program:bomgar; content:"event=jump_item_role_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014787; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_item_role_removed"; program:bomgar; content:"event=jump_item_role_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014788; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_policy:schedule_entry_added"; program:bomgar; content:"event=jump_policy:schedule_entry_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014789; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_policy:schedule_entry_removed"; program:bomgar; content:"event=jump_policy:schedule_entry_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014790; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_policy_added"; program:bomgar; content:"event=jump_policy_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014791; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_policy_changed"; program:bomgar; content:"event=jump_policy_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014792; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jump_policy_removed"; program:bomgar; content:"event=jump_policy_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014793; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jumpoint_cluster_added"; program:bomgar; content:"event=jumpoint_cluster_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014794; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jumpoint_cluster_changed"; program:bomgar; content:"event=jumpoint_cluster_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014795; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jumpoint_cluster_removed"; program:bomgar; content:"event=jumpoint_cluster_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014796; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jumpoint_user_added"; program:bomgar; content:"event=jumpoint_user_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014797; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust jumpoint_user_removed"; program:bomgar; content:"event=jumpoint_user_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014798; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust kerberos_keytab_added"; program:bomgar; content:"event=kerberos_keytab_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014799; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust kerberos_keytab_removed"; program:bomgar; content:"event=kerberos_keytab_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014800; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust license_pool_added"; program:bomgar; content:"event=license_pool_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014801; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust license_pool_changed"; program:bomgar; content:"event=license_pool_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014802; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust license_pool_removed"; program:bomgar; content:"event=license_pool_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014803; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust license_usage_report_generated"; program:bomgar; content:"event=license_usage_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014804; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust Login Failure - Brute Force [3/1]"; program:bomgar; content:"event=login"; content:"status=failure"; after:track by_src, count 3, seconds 60; threshold:type suppress, track by_src, count 1, seconds 14400; xbits:set,brute_force,track ip_src,expire 14400; classtype:system-event; parse_src_ip:1; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014805; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust Login After Brute Force"; program:bomgar; content:"event=login"; content:"status=success"; xbits:isset,brute_force,track ip_src; classtype:system-event; parse_src_ip:1; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014806; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust Login from Outside HOME_COUNTRY"; program:bomgar; content:"event=login"; content:"status=success"; country_code:track by_src, isnot $HOME_COUNTRY; parse_src_ip:1; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014807; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust login_schedule_entry_added"; program:bomgar; content:"event=login_schedule_entry_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014808; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust login_schedule_entry_removed"; program:bomgar; content:"event=login_schedule_entry_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014809; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust logout"; program:bomgar; content:"event=logout"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014810; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust management_account_added"; program:bomgar; content:"event=management_account_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014811; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust management_account_changed"; program:bomgar; content:"event=management_account_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014812; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust management_account_removed"; program:bomgar; content:"event=management_account_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014813; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust msgraph_http_recipient_added"; program:bomgar; content:"event=msgraph_http_recipient_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014814; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust msgraph_http_recipient_changed"; program:bomgar; content:"event=msgraph_http_recipient_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014815; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust msgraph_http_recipient_removed"; program:bomgar; content:"event=msgraph_http_recipient_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014816; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_address_added"; program:bomgar; content:"event=network_address_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014817; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_address_changed"; program:bomgar; content:"event=network_address_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014818; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_address_removed"; program:bomgar; content:"event=network_address_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014819; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_changed"; program:bomgar; content:"event=network_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014820; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_route_changed"; program:bomgar; content:"event=network_route_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014821; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_tunnel_jump_item_added"; program:bomgar; content:"event=network_tunnel_jump_item_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014822; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_tunnel_jump_item_changed"; program:bomgar; content:"event=network_tunnel_jump_item_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014823; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust network_tunnel_jump_item_removed"; program:bomgar; content:"event=network_tunnel_jump_item_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014824; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_email_recipient_added"; program:bomgar; content:"event=outbound_event_email_recipient_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014825; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_email_recipient_changed"; program:bomgar; content:"event=outbound_event_email_recipient_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014826; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_email_recipient_removed"; program:bomgar; content:"event=outbound_event_email_recipient_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014827; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_email_trigger_added"; program:bomgar; content:"event=outbound_event_email_trigger_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014828; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_email_trigger_removed"; program:bomgar; content:"event=outbound_event_email_trigger_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014829; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_http_recipient_added"; program:bomgar; content:"event=outbound_event_http_recipient_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014830; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_http_recipient_changed"; program:bomgar; content:"event=outbound_event_http_recipient_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014831; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_http_recipient_removed"; program:bomgar; content:"event=outbound_event_http_recipient_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014832; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_http_trigger_added"; program:bomgar; content:"event=outbound_event_http_trigger_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014833; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust outbound_event_http_trigger_removed"; program:bomgar; content:"event=outbound_event_http_trigger_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014834; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust pdcust_banner_reverted_to_factory_default"; program:bomgar; content:"event=pdcust_banner_reverted_to_factory_default"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014835; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust pdcust_banner_uploaded"; program:bomgar; content:"event=pdcust_banner_uploaded"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014836; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust presentation_session_detail_generated"; program:bomgar; content:"event=presentation_session_detail_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014837; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust presentation_session_report_generated"; program:bomgar; content:"event=presentation_session_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014838; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_added"; program:bomgar; content:"event=public_site_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014839; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_address_added"; program:bomgar; content:"event=public_site_address_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014840; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_address_removed"; program:bomgar; content:"event=public_site_address_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014841; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_changed"; program:bomgar; content:"event=public_site_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014842; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_customer_banner_reverted_to_factory_default"; program:bomgar; content:"event=public_site_customer_banner_reverted_to_factory_default"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014843; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_customer_banner_uploaded"; program:bomgar; content:"event=public_site_customer_banner_uploaded"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014844; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_exit_survey_added"; program:bomgar; content:"event=public_site_exit_survey_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014845; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_exit_survey_removed"; program:bomgar; content:"event=public_site_exit_survey_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014846; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_removed"; program:bomgar; content:"event=public_site_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014847; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_session_attribute_added"; program:bomgar; content:"event=public_site_session_attribute_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014848; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_session_attribute_changed"; program:bomgar; content:"event=public_site_session_attribute_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014849; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_session_attribute_removed"; program:bomgar; content:"event=public_site_session_attribute_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014850; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_setting_added"; program:bomgar; content:"event=public_site_setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014851; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_setting_changed"; program:bomgar; content:"event=public_site_setting_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014852; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_team_added"; program:bomgar; content:"event=public_site_team_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014853; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_team_removed"; program:bomgar; content:"event=public_site_team_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014854; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_template_asset_uploaded"; program:bomgar; content:"event=public_site_template_asset_uploaded"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014855; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_site_template_asset_reverted"; program:bomgar; content:"event=public_site_template_asset_reverted"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014856; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_template_deleted"; program:bomgar; content:"event=public_template_deleted"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014857; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust public_template_written"; program:bomgar; content:"event=public_template_written"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014858; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust reboot"; program:bomgar; content:"event=reboot"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014859; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust remote_rfb_jump_item_added"; program:bomgar; content:"event=remote_rfb_jump_item_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014860; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust remote_rfb_jump_item_removed"; program:bomgar; content:"event=remote_rfb_jump_item_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014861; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_client_connection_terminated"; program:bomgar; content:"event=rep_client_connection_terminated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014862; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_console_setting_added"; program:bomgar; content:"event=rep_console_setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014863; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_console_setting_changed"; program:bomgar; content:"event=rep_console_setting_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014864; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_console_setting_removed"; program:bomgar; content:"event=rep_console_setting_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014865; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_added"; program:bomgar; content:"event=rep_exit_survey_question_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014866; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_changed"; program:bomgar; content:"event=rep_exit_survey_question_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014867; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_option_added"; program:bomgar; content:"event=rep_exit_survey_question_option_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014868; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_option_changed"; program:bomgar; content:"event=rep_exit_survey_question_option_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014869; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_option_removed"; program:bomgar; content:"event=rep_exit_survey_question_option_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014870; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_exit_survey_question_removed"; program:bomgar; content:"event=rep_exit_survey_question_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014871; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_invite_added"; program:bomgar; content:"event=rep_invite_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014872; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust rep_invite_removed"; program:bomgar; content:"event=rep_invite_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014873; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust repinvite_setting_added"; program:bomgar; content:"event=repinvite_setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014874; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust repinvite_setting_removed"; program:bomgar; content:"event=repinvite_setting_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014875; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust reporting_erasure"; program:bomgar; content:"event=reporting_erasure"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014876; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust restored_from_backup"; program:bomgar; content:"event=restored_from_backup"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014877; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust restoring_from_backup"; program:bomgar; content:"event=restoring_from_backup"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014878; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust scheduled_discovery_job_added"; program:bomgar; content:"event=scheduled_discovery_job_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014879; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust scheduled_discovery_job_changed"; program:bomgar; content:"event=scheduled_discovery_job_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014880; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust sdcust_exit_survey_report_generated"; program:bomgar; content:"event=sdcust_exit_survey_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014881; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust sdrep_exit_survey_report_generated"; program:bomgar; content:"event=sdrep_exit_survey_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014882; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_added"; program:bomgar; content:"event=security_provider_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014883; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_changed"; program:bomgar; content:"event=security_provider_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014884; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_removed"; program:bomgar; content:"event=security_provider_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014885; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_setting_added"; program:bomgar; content:"event=security_provider_setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014886; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_setting_changed"; program:bomgar; content:"event=security_provider_setting_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014887; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust security_provider_setting_removed"; program:bomgar; content:"event=security_provider_setting_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014888; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust session_policy_added"; program:bomgar; content:"event=session_policy_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014889; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust session_policy_changed"; program:bomgar; content:"event=session_policy_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014890; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust session_policy_removed"; program:bomgar; content:"event=session_policy_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014891; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust server_software_restarted"; program:bomgar; content:"event=server_software_restarted"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014892; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust setting_added"; program:bomgar; content:"event=setting_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014893; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust setting_changed"; program:bomgar; content:"event=setting_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014894; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust skill_added"; program:bomgar; content:"event=skill_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014895; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust skill_changed"; program:bomgar; content:"event=skill_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014896; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust skill_removed"; program:bomgar; content:"event=skill_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014897; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust SNMP_changed"; program:bomgar; content:"event=SNMP_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014898; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ssh_account_added"; program:bomgar; content:"event=ssh_account_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014899; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ssh_account_changed"; program:bomgar; content:"event=ssh_account_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014900; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust ssh_account_removed"; program:bomgar; content:"event=ssh_account_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014901; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust starting_support_tunnel"; program:bomgar; content:"event=starting_support_tunnel"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014902; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_button_profile_added"; program:bomgar; content:"event=support_button_profile_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014903; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_button_profile_changed"; program:bomgar; content:"event=support_button_profile_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014904; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_button_profile_icon_uploaded"; program:bomgar; content:"event=support_button_profile_icon_uploaded"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014905; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_button_profile_removed"; program:bomgar; content:"event=support_button_profile_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014906; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_issue_added"; program:bomgar; content:"event=support_issue_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014907; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_issue_changed"; program:bomgar; content:"event=support_issue_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014908; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_issue_removed"; program:bomgar; content:"event=support_issue_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014909; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_issue_skill_added"; program:bomgar; content:"event=support_issue_skill_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014910; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_issue_skill_removed"; program:bomgar; content:"event=support_issue_skill_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014911; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_session_detail_generated"; program:bomgar; content:"event=support_session_detail_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014912; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_session_report_generated"; program:bomgar; content:"event=support_session_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014913; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_session_summary_report_generated"; program:bomgar; content:"event=support_session_summary_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014914; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_added"; program:bomgar; content:"event=support_team_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014915; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_changed"; program:bomgar; content:"event=support_team_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014916; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_jump_access_added"; program:bomgar; content:"event=support_team_jump_access_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014917; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_jump_access_removed"; program:bomgar; content:"event=support_team_jump_access_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014918; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_member_added"; program:bomgar; content:"event=support_team_member_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014919; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_member_changed"; program:bomgar; content:"event=support_team_member_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014920; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_member_removed"; program:bomgar; content:"event=support_team_member_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014921; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust support_team_removed"; program:bomgar; content:"event=support_team_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014922; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust syslog_server_changed"; program:bomgar; content:"event=syslog_server_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014923; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust team_activity_report_generated"; program:bomgar; content:"event=team_activity_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014924; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_account_report_generated"; program:bomgar; content:"event=user_account_report_generated"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014925; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_added"; program:bomgar; content:"event=user_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014926; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_changed"; program:bomgar; content:"event=user_changed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014927; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_removed"; program:bomgar; content:"event=user_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014928; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_session_policy_added"; program:bomgar; content:"event=user_session_policy_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014929; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_session_policy_removed"; program:bomgar; content:"event=user_session_policy_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014930; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_skill_added"; program:bomgar; content:"event=user_skill_added"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014931; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust user_skill_removed"; program:bomgar; content:"event=user_skill_removed"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014932; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)
#alert any $HOME_NET any -> $HOME_NET any (msg:"[BOMGAR] Beyond Trust vault_account_password_rotation"; program:bomgar; content:"event=vault_account_password_rotation"; classtype:system-event; reference:url,https://www.beyondtrust.com/docs/remote-support/how-to/integrations/syslog/events.htm; sid:5014933; rev:1; metadata:created_at 2024_07_01, updated_at 2024_07_01;)