Changes between Version 14 and Version 15 of icasIII

Timestamp:

May 30, 2011, 6:17:06 PM (15 years ago)

Author:

waue

Comment:

--

icasIII

@@ -90 +90 @@
 values: src_ip @@ des_ip @@ priority @@ t1-tn @@ [c1,c2,...] @@ [sid1,sid2] @@ attack_list @@ port_list @@ ids
 }}}
+ 
+ ==  sample ==
+
+ * input
+
+{{{
+#!text
+1;0;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
+2;0;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
+3;1;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
+1;2;FTP: Format String in ;no;1;2003811;150500;140.113.130.221;phe96.sro.nchc.org.tw;65432;
+2;2;FTP: Format String ;no;1;2003811;160500;140.113.130.221;phe96.sro.nchc.org.tw;65432;
+3;1;FTP: Format ;no;1;2003811;130500;140.113.130.221;phe96.sro.nchc.org.tw;65432;
+}}}
+
+ * result
+
+{{{
+#!text
+3-1-2@@ 140.113.130.221@@0.0.0.0@@1@@2003811_130500~2003811_130500@@[0]@@[0, 1]@@[FTP: Format String in Command]@@[65432]@@3
+3-1-2@@ 140.113.130.221@@phe96.sro.nchc.org.tw@@1@@2003811_130500~2003811_160500@@[0]@@[2, 1]@@[FTP: Format String in , FTP: Format String , FTP: Format ]@@[65432]@@3
+
+}}}