Fix name and update examples

2025-12-06 09:12:45 +01:00 · 2021-02-19 14:59:27 -05:00
parent 0ea29144a8
commit 08abad747d
2 changed files with 11 additions and 3 deletions
--- a/salt/idstools/sorules/filer.rules
+++ b/salt/idstools/sorules/filer.rules
@@ -1,3 +0,0 @@
-# Start the filters at sid 1200000
-# Example of filtering out google.com from being dns logged.
-#config dns any any -> any any (dns.query; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200000;)
--- a/salt/idstools/sorules/filter.rules
+++ b/salt/idstools/sorules/filter.rules
@@ -0,0 +1,11 @@
+# Start the filters at sid 1200000
+# Example of filtering out *google.com from being in the dns log.
+#config dns any any -> any any (dns.query; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200000;)
+# Example of filtering out  *google.com from being in the http log.
+#config http any any -> any any (http.host; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200001;)
+# Example of filtering out  someuseragent from being in the http log.
+#config http any any -> any any (http.user_agent; content:"someuseragent"; config: logging disable, type tx, scope tx; sid:1200002;)
+# Example of filtering out  Google's certificate from being in the ssl log.
+#config tls any any -> any any (tls.fingerprint; content:"4f:a4:5e:58:7e:d9:db:20:09:d7:b6:c7:ff:58:c4:7b:dc:3f:55:b4"; config: logging disable, type tx, scope tx; sid:1200003;)
+# Example of filtering out a md5 of a file from being in the files log.
+#config fileinfo any any -> any any (fileinfo.filemd5; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200004;)