So I have installed BotHunter on my Untangle box. Looks like a slew of specially crafted snort rules IMHO. So in any case I am trying to test some snort rules on the BotHunter and on the Untangle box to make sure they work well together but BotHunter doesn't seem to see the alert. I have tested the alert in the Untangle and it works like a charm.
Right now I'm thinking it's a matter of the listening interface but I'm still investigating. I just wanted to update everyone on the status of my testing. Any suggestions are welcome. Here is the rule I'm testing with:
tcp $HOME_NET any -> any $HTTP_PORTS (msg:"E8[rb] BotHunter Test Rule:Visiting www.google.com"; flow:established,to_server; content:"www.google.com"; nocase; classtypeolicy-violation; sid:90909090; rev:1