| Version 13 (modified by waue, 16 years ago) (diff) |
|---|
參數說明
參數 說明 $dst_IP 被攻擊的IP $src_IP 攻擊來源IP $alert_name 警訊名稱 $sid snort警訊編號 $priority 攻擊等級: 1~3 (強~弱) $class 攻擊分類名稱 $src_port 來源port $dst_port 被攻擊的port $type 封包型態
實驗一 (detail)
- select * from flex
98 row(s) in set. (0.30 sec)
- 格式:
$dst_IP
Column Family : Column Qulify cell value direction:dstport $dst_port direction:soure $src_IP direction:srcport $src_port id:gid $generation_id id:priority $priority id:sid $sid id:version $version name:class $class name:name $alert_name payload:type $type
- 範例:
Row Column Cell 105.175.203.246 direction:dstport 0 105.175.203.246 direction:soure 168.150.177.165 105.175.203.246 direction:srcport 0 105.175.203.246 id:gid 1 105.175.203.246 id:priority 3 105.175.203.246 id:sid 402 105.175.203.246 id:version 7 105.175.203.246 name:class Misc activity 105.175.203.246 name:name ICMP Destination Unreachable Port Unreachable 105.175.203.246 payload:type ICMP
實驗二(detail)
- 目的:
矯正不同攻擊在同一個目標ip只能紀錄最後一筆的問題
- select * from NewSnort
128 row(s) in set. (0.29 sec)
- 格式:
$dst_IP : $sid
Column Family : Column Qulify cell value name:$alert_name priority= $priority ; class= $class from:$source $src_IP : $src_port => $dst_IP : $dst_port payload:$type $type
- 範例:
Row Column Cell 105.175.203.246<=402 from:168.150.177.165 168.150.177.165:0 => 105.175.203.246:0 105.175.203.246<=402 name:ICMP Destination Unreachable Port Unreachable priority=3class=Misc activity 105.175.203.246<=402 payload:ICMP ICMP
實驗三(detail)
- select * from
- 格式:
$dst_IP : $sid
Column Family : Column Qulify cell value name:$alert_name priority= $priority ; class= $class from:$source $src_IP : $src_port => $dst_IP : $dst_port payload:$type $type
- 範例:
Row Column Cell
