totals: yes
threads: no
deltas: no
- - flow
+ - flow:
+ exception-policy: true
- stats:
enabled: yes
filename: stats.log
stats.exception_policy.app_layer.error.pass_flow: 0
not-has-key: stats.app_layer.error.tls.exception_policy.drop_flow
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
totals: yes
threads: no
deltas: no
- - flow
+ - flow:
+ exception-policy: true
- stats:
enabled: yes
filename: stats.log
stats.app_layer.error.tls.exception_policy.drop_packet: 0
stats.exception_policy.app_layer.error.pass_packet: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
totals: yes
threads: no
deltas: no
- - flow
+ - flow:
+ exception-policy: true
- stats:
enabled: yes
filename: stats.log
stats.exception_policy.app_layer.error.pass_packet: 1
stats.exception_policy.app_layer.error.drop_packet: 0
- filter:
- min-version: 8
count: 1
match:
event_type: flow
event_type: tls
tls.sni: example.com
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
log_level: Warning
engine.module: exception-policy
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
log_level: Warning
engine.module: exception-policy
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- http
- drop:
alerts: yes
event_type: stats
stats.exception_policy.tcp.midstream.pass_flow: 9
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: start # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats
event_type: stats
stats.exception_policy.tcp.midstream.drop_flow: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
payload-printable: yes
packet: yes
http: yes
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- stats:
event_type: http
dest_port: 80
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
enabled: yes
types:
- alert
- - flow
+ - flow:
+ exception-policy: true
- http
- stats
- stats:
event_type: stats
stats.exception_policy.tcp.midstream.pass_flow: 2
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
mode: extra-data
deployment: reverse
header: X-Forwarded-For
- - flow
+ - flow:
+ exception-policy: true
- stats
- http
- drop:
event_type: stats
stats.exception_policy.tcp.midstream.bypass: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
- eve-log:
enabled: yes
types:
- - alert:
- - flow
+ - alert
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
event_type: stats
stats.exception_policy.tcp.midstream.drop_flow: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
filename: eve.json
types:
- alert
- - flow
+ - flow:
+ exception-policy: true
- smb
- drop:
alerts: yes
match:
event_type: smb
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
- eve-log:
enabled: yes
types:
- - alert:
- - flow
+ - alert
+ - flow:
+ exception-policy: true
- http
- stats
- drop:
event_type: flow
flow.action: drop
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
- drop:
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
- - flow
+ - flow:
+ exception-policy: true
- stats
exception-policy: ignore
stats.exception_policy.flow.memcap.drop_packet: 1
stats.exception_policy.flow.memcap.pass_packet: 0
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats:
totals: yes # stats for all threads merged together
threads: no # per thread stats
stats.ips.drop_reason.stream_reassembly: 1
stats.exception_policy.tcp.reassembly.drop_flow: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats
action-order:
- pass
app_proto: tls
flow.action: pass
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats
stats:
event_type: flow
flow.state: bypassed
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats:
totals: yes # stats for all threads merged together
threads: no # per thread stats
event_type: stats
stats.ips.drop_reason.stream_reassembly: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats:
totals: yes # stats for all threads merged together
threads: no # per thread stats
event_type: stats
stats.ips.drop_reason.stream_reassembly: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats
- stats:
event_type: stats
stats.exception_policy.tcp.reassembly.pass_packet: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
alerts: yes # log alerts that caused drops
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- - flow
+ - flow:
+ exception-policy: true
- stats
action-order:
event_type: stats
stats.exception_policy.tcp.ssn_memcap.drop_flow: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: flow
projects / thirdparty / suricata-verify.git / commitdiff
