Skip to content

DenyAll Probe

Description

Constructor : DenyAll

Device : Probe

Theoretical injector performance

N/A

Log sample

1
10.240.150.70 alert_dispatcher 136668 2016-02-23 11:52:01.574529 10.10.150.70 10.10.1.130 - 4.1.4.2 d1fe42d6-52ca-11e3-a0dc-005056000092 Vsw50X8AAQEAAHjrI1YAAABd 90001-0 90001-2 90001-3 90001-23 90001-25 90001-33 90001-50 9000 22222222-2222-2222-2222-222222222222 'Attack blocked by scoringlist' 'Custom Rule'"

Normalized fields

Constructor field LMC field
rule   [rule][name]
obs_ip   [obs][host][ip]
app_name   [app][name]
instance   [denyall][instance]
other_ip   [denyall][other_ip]
unknown   [denyall][unknown]
unknown2   [denyall][unknown2]
alarm_id   [denyall][alarm_id]
session_ID2   [denyall][session_ID2]
alert   [denyall][alert]
session_ID   [session][id]
date   [obs][ts]
src_ip   [init][host][ip]
dst_ip   [target][host][ip]