[Oisf-users] classtype drop +oinkmaster
mouna amani
amani.smiai.insat at gmail.com
Sat Jul 6 12:49:14 UTC 2013
I used my rules on alert first and I got alerts with classtype Web
Application Attack and Misc activity and Attempted Information Leak
so I decided to make them all the rules with those classtypes drop
using the following syntaxe in oinkmaster.conf :
modifysid * "^alert (.*classtype\s*:\s*Misc activity)" | "drop ${1}"
modifysid * "^alert (.*classtype\s*:\s*Web Application Attack)" | "drop ${1}"
modifysid * "^alert (.*classtype\s*:\s*Attempted Information Leak)" |
"drop ${1}"
but I did not get drop events in my fast.log
Any advice??
More information about the Oisf-users
mailing list