Skip to content
Snippets Groups Projects
Commit 58f4dd70 authored by pharook's avatar pharook
Browse files

pridan typ incidentu 'probe'

parent 4a2fbcab
No related branches found
No related tags found
No related merge requests found
...@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls ...@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls
# portscan - scannig of TCP/UDP ports # portscan - scannig of TCP/UDP ports
# bruteforce - bruteforce/dictionary attack against authentication # bruteforce - bruteforce/dictionary attack against authentication
# service(s) # service(s)
# probe - other connection attempts (for example ICMP) or
# unrecognized/undecided portscan or bruteforce
# spam - unsolicited e-mail that does not have phishing-like # spam - unsolicited e-mail that does not have phishing-like
# character # character
# phishing - e-mail attempting to gather sensitive data # phishing - e-mail attempting to gather sensitive data
......
...@@ -128,6 +128,8 @@ D. Types of events ...@@ -128,6 +128,8 @@ D. Types of events
* portscan - TCP/UDP port scanning/sweeping * portscan - TCP/UDP port scanning/sweeping
* bruteforce - dictionary/bruteforce attack to services authentication * bruteforce - dictionary/bruteforce attack to services authentication
* probe - other connection attempts (for example ICMP) or
unrecognized/undecided portscan or bruteforce
* spam - unsolicited commercial email (except phishing) * spam - unsolicited commercial email (except phishing)
* phishing - email, trying to scam user to revealing personal information * phishing - email, trying to scam user to revealing personal information
(possibly by some other channel) (possibly by some other channel)
......
...@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000"; ...@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000";
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
%VALID_STRINGS = ( %VALID_STRINGS = (
"type" => ["portscan", "bruteforce", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"], "type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
); );
...@@ -232,7 +232,7 @@ make_server_conf() ...@@ -232,7 +232,7 @@ make_server_conf()
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
%VALID_STRINGS = ( %VALID_STRINGS = (
\"type\" => [\"portscan\", \"bruteforce\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"], \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
); );
" > $server_conf 2> $err; ret_val=`echo $?` " > $server_conf 2> $err; ret_val=`echo $?`
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment