| Version 5 (modified by waue, 16 years ago) (diff) |
|---|
參數說明
參數 說明 $dst_IP 被攻擊的IP $src_IP 攻擊來源IP $alert_name 警訊名稱 $sid snort警訊編號 $priority 攻擊等級: 1~3 (強~弱) $class 攻擊分類名稱 $src_port 來源port $dst_port 被攻擊的port $type 封包型態
實驗一
格式:
$dst_IP : $sid
Column Family : Column Qulify cell value name:$alert_name priority= $priority ; class= $class from:$source $src_IP : $src_port => $dst_IP : $dst_port payload:$type $type
範例:
| Row | Column | Cell |
|---|---|---|
| 105.175.203.246<=402 | from:168.150.177.165 | 168.150.177.165:0 => 105.175.203.246:0 |
| 105.175.203.246<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
| 105.175.203.246<=402 | payload:ICMP | ICMP |
