CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3049 from Security-Onion-Solutions/TOoSmOotH-patch-1

Browse Source 
Fix name and update examples
This commit is contained in:
Mike Reeves
2021-02-19 15:01:04 -05:00
committed by GitHub
parent 0ea29144a8 08abad747d
commit 8db3602679
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/idstools/sorules/filer.rules
View File

@@ -1,3 +0,0 @@
# Start the filters at sid 1200000
# Example of filtering out google.com from being dns logged.
#config dns any any -> any any (dns.query; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200000;)

11
salt/idstools/sorules/filter.rules Normal file
View File

@@ -0,0 +1,11 @@
# Start the filters at sid 1200000
# Example of filtering out *google.com from being in the dns log.
#config dns any any -> any any (dns.query; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200000;)
# Example of filtering out *google.com from being in the http log.
#config http any any -> any any (http.host; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200001;)
# Example of filtering out someuseragent from being in the http log.
#config http any any -> any any (http.user_agent; content:"someuseragent"; config: logging disable, type tx, scope tx; sid:1200002;)
# Example of filtering out Google's certificate from being in the ssl log.
#config tls any any -> any any (tls.fingerprint; content:"4f:a4:5e:58:7e:d9:db:20:09:d7:b6:c7:ff:58:c4:7b:dc:3f:55:b4"; config: logging disable, type tx, scope tx; sid:1200003;)
# Example of filtering out a md5 of a file from being in the files log.
#config fileinfo any any -> any any (fileinfo.filemd5; content:"google.com"; config: logging disable, type tx, scope tx; sid:1200004;)