CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 18:03:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
55ee697bbb4c2c88f2fb12da8a0f7d6f9891c498
securityonion/salt/pulledpork/etc/dropsid.conf
Mike Reeves 7826705469 PulledPork Salt Module
2018-02-07 10:48:53 -05:00

43 lines
2.0 KiB
Plaintext
Raw Blame History

# example dropsid.conf V3.1
#
# Note: This file is used to specify what rules you wish to be set to have
# an action of drop rather than alert. This means that you are running
# snort inline (more info about inline deployments at snort.org).
# Example of modifying state for individual rules
# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010
# Example of modifying state for rule ranges
# 1:220-1:3264,3:13010-3:13013
# Comments are allowed in this file, and can also be on the same line
# As the modify state syntax, as long as it is a trailing comment
# 1:1011 # I Disabled this rule because I could!
# Example of modifying state for MS and cve rules, note the use of the :
# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
# and all MS00 and all cve 2000 related sids! These support regular expression
# matching only after you have specified what you are looking for, i.e.
# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular
# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below)
# for this.
# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+
# Example of using the pcre: keyword to modify rulestate. the pcre keyword
# allows for full use of regular expression syntax, you do not need to designate
# with / and all pcre searches are treated as case insensitive. For more information
# about regular expression syntax: http://www.regular-expressions.info/
# The following example modifies state for all MS07 through MS10
# pcre:MS(0[7-9]|10)-\d+
# Example of modifying state for specific categories entirely (see README.CATEGORIES)
# VRT-web-iis,ET-shellcode,ET-emergingthreats-smtp,Custom-shellcode,Custom-emergingthreats-smtp
# Any of the above values can be on a single line or multiple lines, when
# on a single line they simply need to be separated by a ,
# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233
# The modifications in this file are for sample/example purposes only and
# should not actively be used, you need to modify this file to fit your
# environment.
Reference in New Issue View Git Blame Copy Permalink