Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates for SQL injection attack detection to match the metrics framework updates.

Browse source
This commit is contained in:
Seth Hall 2011-08-16 08:28:08 -04:00
parent 79601ca0c3
commit 8286fdeea1
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
scripts/policy/protocols/http/detect-sqli.bro
View file

@ -35,13 +35,13 @@ export {
event bro_init() event bro_init()
{ {
Metrics::add_filter(SQL_ATTACKS, [$log=T, Metrics::add_filter(SQL_ATTACKS, [$log=F,
$break_interval=1mins, $break_interval=5mins,
$note=SQL_Injection_Attacker]); $note=SQL_Injection_Attacker]);
Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=T, Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=F,
$break_interval=1mins, $break_interval=5mins,
$note=SQL_Injection_Attack, $note=SQL_Injection_Attack,
$notice_thresholds=vector(10,100)]); $notice_threshold=50]);
} }
event http_request(c: connection, method: string, original_URI: string, event http_request(c: connection, method: string, original_URI: string,
@ -51,7 +51,7 @@ event http_request(c: connection, method: string, original_URI: string,
{ {
add c$http$tags[URI_SQLI]; add c$http$tags[URI_SQLI];
Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h]); Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h], 1);
Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h]); Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h], 1);
} }
} }