On Sat, Dec 2, 2017 at 1:34 AM, Vakati Abilash <[email protected]> wrote:
> Hi,
> I was trying to cheeck the event id 20100 for IDS that is configured
> internally,What kind of attack can be performed to enable the this kind of
> event id from an agent machine and please share us the information
>
<rule id="20100" level="8">
<category>ids</category>
<if_fts></if_fts>
<description>First time this IDS alert is generated.</description>
<group>fts,</group>
</rule>
If a decoder that sets the category to "ids" is triggered for the
first time, it should trigger 20100.
For example:
<decoder name="snort">
<type>ids</type>
<prematch>^[**] [\d+:\d+:\d+] </prematch>
</decoder>
> Regards
> Abilash
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
