Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updates for SQL injection attack detection to match the metrics framework updates.

Browse source
This commit is contained in:
Seth Hall 2011-08-16 08:28:08 -04:00
parent 79601ca0c3
commit 8286fdeea1
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
scripts/policy/protocols/http/detect-sqli.bro
View file

@ -35,13 +35,13 @@ export {
event bro_init()
{
Metrics::add_filter(SQL_ATTACKS, [$log=T,
$break_interval=1mins,
Metrics::add_filter(SQL_ATTACKS, [$log=F,
$break_interval=5mins,
$note=SQL_Injection_Attacker]);
Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=T,
$break_interval=1mins,
Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=F,
$break_interval=5mins,
$note=SQL_Injection_Attack,
$notice_thresholds=vector(10,100)]);
$notice_threshold=50]);
}
event http_request(c: connection, method: string, original_URI: string,
@ -51,7 +51,7 @@ event http_request(c: connection, method: string, original_URI: string,
{
add c$http$tags[URI_SQLI];
Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h]);
Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h]);
Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h], 1);
Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h], 1);
}
}