[Oisf-users] doc for ssh parser

Russell Fulton r.fulton at auckland.ac.nz
Wed Dec 17 21:03:10 UTC 2014

Previous message (by thread): [Oisf-users] Packet data in JSON
Next message (by thread): [Oisf-users] doc for ssh parser
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

I want to do some custom rules for ssh brute force and would like to leverage the ssh parser.

What I want to do initially is just count *established* ssh sessions and alert on thresholds.  The current rules trigger on scans and brute force since they alert on flags S12.

Russell

Previous message (by thread): [Oisf-users] Packet data in JSON
Next message (by thread): [Oisf-users] doc for ssh parser
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Oisf-users mailing list