DenyAll Probe¶
Description¶
Constructor : DenyAll
Device : Probe
Theoretical injector performance¶
N/A
Log sample¶
1 | 10.240.150.70 alert_dispatcher 136668 2016-02-23 11:52:01.574529 10.10.150.70 10.10.1.130 - 4.1.4.2 d1fe42d6-52ca-11e3-a0dc-005056000092 Vsw50X8AAQEAAHjrI1YAAABd 90001-0 90001-2 90001-3 90001-23 90001-25 90001-33 90001-50 9000 22222222-2222-2222-2222-222222222222 'Attack blocked by scoringlist' 'Custom Rule'" |
Normalized fields¶
| Constructor field | LMC field |
|---|---|
| rule | [rule][name] |
| obs_ip | [obs][host][ip] |
| app_name | [app][name] |
| instance | [denyall][instance] |
| other_ip | [denyall][other_ip] |
| unknown | [denyall][unknown] |
| unknown2 | [denyall][unknown2] |
| alarm_id | [denyall][alarm_id] |
| session_ID2 | [denyall][session_ID2] |
| alert | [denyall][alert] |
| session_ID | [session][id] |
| date | [obs][ts] |
| src_ip | [init][host][ip] |
| dst_ip | [target][host][ip] |