Documentation #2620
open
Documentation: tagged_packets / event_type packet
Added by Jack Mott about 6 years ago.
Updated 10 months ago.
Description
Improve logging documentation around tagged_packets and eve json field "event_type packet".
- Target version set to Documentation
We need to add it to the keywords section as well to the EVE (JSON Format) section.
Suggested example rule:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender? Root Kit Remote Connection Attempt Detected"; flow: established,to_server; content:"|01 9a 8c 66 af c0 4a 11 9e 3f 40 88 12 2c 3a 4a 84 65 38 b0 b4 08 0b af db ce 02 94 34 5f 22|"; rawbytes; tag: session, 20, packets; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2001743; classtype:trojan-activity; sid:2001743; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
- Assignee set to Community Ticket
- Target version changed from Documentation to TBD
- Tracker changed from Optimization to Documentation
- Assignee changed from Community Ticket to Juliana Fajardini Reichow
- Target version changed from TBD to 8.0.0-beta1
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Also available in: Atom
PDF