mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
113 lines
2.9 KiB
INI
113 lines
2.9 KiB
INI
# Snort2Bro
|
|
|
|
# Bro Signature ID prefix
|
|
# May only contain alphanumberic and dash characters
|
|
#
|
|
# sigprefix s2b-
|
|
##
|
|
|
|
# Configuration directory
|
|
#
|
|
# configdir /usr/local/etc/bro/s2b
|
|
##
|
|
#configdir /home/rwinslow/projects/s2b
|
|
configdir ./
|
|
|
|
# Augment Configuration filename
|
|
#
|
|
# augmentconfig s2b-augment.cfg
|
|
##
|
|
|
|
# Ruleset Augment Configuration filename
|
|
# This file contains Bro signature options and contexts which are included
|
|
# into rules based on the ruleset filenames from which they come. The syntax
|
|
# rules for this file are the same as s2b-augment.cfg
|
|
# This file is used during augment building only.
|
|
#
|
|
# rulesetaugmentconfig s2b-ruleset-augment.cfg
|
|
##
|
|
|
|
# User Augment Configuration filename
|
|
# This is the user level augment config file which should be the location in
|
|
# which behavior for individual signatures is controlled.
|
|
#
|
|
# useraugmentconfig s2b-user-augment.cfg
|
|
##
|
|
|
|
# Bro signature output filename
|
|
# This should probably be a full path name otherwise it will write
|
|
# to the present working directory
|
|
#
|
|
# brosignaturedest s2b.sig
|
|
##
|
|
|
|
# Bro sigaction output filename
|
|
# This should probably be a full path name otherwise it will write to the
|
|
# present working directory.
|
|
# This file contains mappings of signature id to SigActions which
|
|
# will be included into a running Bro instance. These mappings are created
|
|
# for any Bro signature which uses anything but the default SigAction.
|
|
#
|
|
# sigactiondest s2b-sigaction.bro
|
|
##
|
|
|
|
# Debug level
|
|
#
|
|
# debug 0
|
|
##
|
|
|
|
# sid prefix
|
|
#
|
|
# sigprefix s2b-
|
|
##
|
|
|
|
# Mappings for Snort alert classtype to Bro SigAction.
|
|
#
|
|
# sigmapconfig s2b-sigmap.cfg
|
|
##
|
|
|
|
# Snort ruleset directory
|
|
# All files ending in .rules are considered during parsing by default
|
|
#
|
|
# snortrulesetdir './'
|
|
##
|
|
|
|
# Snort rule sets to exclude from conversion
|
|
# Any filename specified here will not even be read by the program
|
|
# There are two different ways to specify the list. Both are listed but only
|
|
# one style may be used.
|
|
#
|
|
#<ignoresnortrulesets>
|
|
# porn.rules
|
|
# icmp.rules
|
|
# experimental.rules
|
|
# deleted.rules
|
|
# policy.rules
|
|
# bad-traffic.rules
|
|
# info.rules
|
|
#</ignoresnortrulesets>
|
|
##
|
|
|
|
ignoresnortruleset porn.rules
|
|
#ignoresnortruleset icmp.rules
|
|
ignoresnortruleset experimental.rules
|
|
ignoresnortruleset deleted.rules
|
|
ignoresnortruleset policy.rules
|
|
ignoresnortruleset bad-traffic.rules
|
|
#ignoresnortruleset info.rules
|
|
|
|
# Default Bro SigAction that will be used for creating the Bro signature
|
|
# s2b.sig and the Bro SigAction file s2b-sigaction.bro
|
|
#
|
|
# defaultsigaction SIG_LOG
|
|
##
|
|
|
|
# This option will apply a signature to traffic flowing in either direction.
|
|
# Snort defines two networks, $HOME_NET and $EXTERNAL_NET, for a source
|
|
# and destination pairing. These two variables will be ignored and not
|
|
# converted if this option is set to true. The default is set to true.
|
|
# There is one exception. If the destination or source is a subnet or ip
|
|
# address then it will remain intact.
|
|
#
|
|
# ignorehostdirection true
|
|
##
|