[Oisf-users] doc for ssh parser

Russell Fulton r.fulton at auckland.ac.nz
Wed Dec 17 21:03:10 UTC 2014


I want to do some custom rules for ssh brute force and would like to leverage the ssh parser.

What I want to do initially is just count *established* ssh sessions and alert on thresholds.  The current rules trigger on scans and brute force since they alert on flags S12.


More information about the Oisf-users mailing list