Hi all I want to detect cralerwrs on my serach engine, I put this rule on LocalRules.xml I don't know why is not working, ideas?
Thanks
<rule id="100101" level="14" frequency="10" timeframe="360">
<if_matched_sid>31100</if_matched_sid>
<same_source_ip />
<options>alert_by_email</options>
<url>^/search?|^buscar?</url>
<description>Multiple Search from same ip.</description>
<group>attack,</group>
</rule>
