Changes between Version 17 and Version 18 of icasIII

Timestamp:

May 31, 2011, 5:18:33 PM (13 years ago)

Author:

waue

Comment:

--

icasIII

@@ -87 +87 @@
  == reduce output ==
 {{{
-key: src_ip @@ des_ip 
-values: priority @@ t1-tn @@ [c1,c2,...] @@ [sid1,sid2] @@ attack_list @@ port_list @@ ids @@ 
-        "tatal_count"-"class_count"-"sid_count"
+key: src_ip -> des_ip
+values: priority @@ t1~tn @@ [class,...] @@ [sig_id,...] @@ [attact,...] @@
+        [port,...] @@ [ids,...] @@
+        "tatal_count"-"class_count"-"sig_id_count"
 }}}
  
@@ -100 +101 @@
 1;0;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
 2;0;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
-3;1;FTP: Format String in Command;no;1;2003811;130500;140.113.130.221;0.0.0.0;65432;
+3;1;FTP: Format String in Command;no;1;2003811;130500;140.113.130.222;10.10.0.2;65432;
 1;2;FTP: Format String in ;no;1;2003811;150500;140.113.130.221;phe96.sro.nchc.org.tw;65432;
 2;2;FTP: Format String ;no;1;2003811;160500;140.113.130.221;phe96.sro.nchc.org.tw;65432;
@@ -110 +111 @@
 {{{
 #!text
-3-1-2@@ 140.113.130.221@@0.0.0.0@@1@@2003811_130500~2003811_130500@@[0]@@[0, 1]@@[FTP: Format String in Command]@@[65432]@@3
-3-1-2@@ 140.113.130.221@@phe96.sro.nchc.org.tw@@1@@2003811_130500~2003811_160500@@[0]@@[2, 1]@@[FTP: Format String in , FTP: Format String , FTP: Format ]@@[65432]@@3
-
+140.113.130.221->0.0.0.0        @@@@2003811_130500~2003811_130500@@[0]@@[0]@@[FTP: Format String in Command]@@[65432]@@[1, 2]@@2-1-1
+140.113.130.221->phe96.sro.nchc.org.tw  @@@@2003811_130500~2003811_160500@@[0]@@[2, 1]@@[FTP: Format String in , FTP: Format String , FTP: Format ]@@[65432]@@[1, 2, 3]@@3-1-2
+140.113.130.222->10.10.0.2      @@@@2003811_130500~2003811_130500@@[0]@@[1]@@[FTP: Format String in Command]@@[65432]@@[3]@@1-1-1
 }}}