mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 11:08:20 +00:00
38 lines
No EOL
1.2 KiB
INI
38 lines
No EOL
1.2 KiB
INI
# this table is used to generate the automatic sid-to-sig action table that bro imports
|
|
# the fields here are used as a table translation between snort and bro
|
|
# currently there is no sound reason not to change any of this
|
|
# *do not* make any comment line the same as any snort alert type!!
|
|
|
|
attempted-admin SIG_LOG
|
|
attempted-user SIG_LOG
|
|
shellcode-detect SIG_FILE
|
|
successful-admin SIG_LOG
|
|
successful-user SIG_LOG
|
|
trojan-activity SIG_LOG
|
|
unsuccessful-user SIG_FILE
|
|
web-application-attack SIG_LOG
|
|
attempted-dos SIG_FILE
|
|
attempted-recon SIG_FILE
|
|
bad-unknown SIG_FILE
|
|
denial-of-service SIG_FILE
|
|
misc-attack SIG_LOG
|
|
non-standard-protocol SIG_FILE
|
|
rpc-portmap-decode SIG_FILE
|
|
successful-dos SIG_LOG
|
|
successful-recon-largescale SIG_LOG
|
|
successful-recon-limited SIG_LOG
|
|
suspicious-filename-detect SIG_LOG
|
|
suspicious-login SIG_LOG
|
|
system-call-detect SIG_LOG
|
|
unusual-client-port-connection SIG_LOG
|
|
web-application-activity SIG_LOG
|
|
icmp-event SIG_FILE
|
|
misc-activity SIG_LOG
|
|
network-scan SIG_FILE
|
|
not-suspicious SIG_QUIET
|
|
protocol-command-decode SIG_FILE
|
|
string-detect SIG_LOG
|
|
unknown SIG_FILE
|
|
policy-violation SIG_QUIET
|
|
kickass-porn SIG_QUIET
|
|
default-login-attempt SIG_LOG |