--- /dev/null
+%YAML 1.1
+---
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - alert:
+ tagged-packets: yes
+ - tls:
+ extended: no # enable this for extended logging information
+ - drop:
+ alerts: yes # log alerts that caused drops
+ flows: start # start or all: 'start' logs only a single drop
+ - flow
+
+action-order:
+- pass
+- drop
+- reject
+- alert
--- /dev/null
+pass tcp [100.117.241.128/27,100.117.241.0/26,100.117.241.64/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+pass IP [100.117.241.0/25,100.117.241.128/27] any -> [10.68.242.211,10.68.242.242] [4433,8143] (msg:"c5b0ff9d-defb-4f60-a02e-64974161076d"; ip_proto:6; sid:2410020; rev:1;)
+drop tcp [100.117.241.0/26,100.117.241.128/27,100.117.241.64/26] any -> any any (msg:"Will drop established tcp-flow ACK from client to server if it turns out to be non HTTP/TLS or not in the allowed Domains or not allowed by some other TCP rule."; flow: from_client, established; sid:261000; rev:1;)
--- /dev/null
+requirements:
+ min-version: 5
+
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 0
+ match:
+ event_type: alert
--- /dev/null
+%YAML 1.1
+---
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - alert:
+ payload: no # enable dumping payload in Base64
+ # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+ # payload-printable: yes # enable dumping payload in printable (lossy) format
+ packet: no # enable dumping of packet (without stream segments)
+ # metadata: no # enable inclusion of app layer metadata with alert. Default yes
+ http-body: no # Requires metadata; enable dumping of HTTP body in Base64
+ # http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
+
+ # Enable the logging of tagged packets for rules using the
+ # "tag" keyword.
+ tagged-packets: yes
+ - tls:
+ extended: no # enable this for extended logging information
+ - drop:
+ alerts: yes # log alerts that caused drops
+ flows: start # start or all: 'start' logs only a single drop
+ # per flow direction. All logs each dropped pkt.
+ - flow
+
+
+action-order:
+ - pass
+ - drop
+ - reject
+ - alert
--- /dev/null
+pass tcp [100.117.241.128/27,100.117.241.64/26,100.117.241.0/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+#pass tcp [100.117.241.128/27,100.117.241.0/26,100.117.241.64/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+pass IP [100.117.241.0/25,100.117.241.128/27] any -> [10.68.242.211,10.68.242.242] [4433,8143] (msg:"c5b0ff9d-defb-4f60-a02e-64974161076d"; ip_proto:6; sid:2410020; rev:1;)
+drop tcp [100.117.241.0/26,100.117.241.128/27,100.117.241.64/26] any -> any any (msg:"Will drop established tcp-flow ACK from client to server if it turns out to be non HTTP/TLS or not in the allowed Domains or not allowed by some other TCP rule."; flow: from_client, established; sid:261000; rev:1;)
--- /dev/null
+requirements:
+ min-version: 5
+
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 0
+ match:
+ event_type: alert
--- /dev/null
+%YAML 1.1
+---
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - alert:
+ payload: no # enable dumping payload in Base64
+ # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+ # payload-printable: yes # enable dumping payload in printable (lossy) format
+ packet: no # enable dumping of packet (without stream segments)
+ # metadata: no # enable inclusion of app layer metadata with alert. Default yes
+ http-body: no # Requires metadata; enable dumping of HTTP body in Base64
+ # http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
+
+ # Enable the logging of tagged packets for rules using the
+ # "tag" keyword.
+ tagged-packets: yes
+ - tls:
+ extended: no # enable this for extended logging information
+ - drop:
+ alerts: yes # log alerts that caused drops
+ flows: start # start or all: 'start' logs only a single drop
+ # per flow direction. All logs each dropped pkt.
+ - flow
+
+
+action-order:
+ - pass
+ - drop
+ - reject
+ - alert
--- /dev/null
+pass tcp [100.117.241.128/27,100.117.241.0/26,100.117.241.64/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+pass IP [100.117.241.128/27,100.117.241.0/25] any -> [10.68.242.211,10.68.242.242] [4433,8143] (msg:"c5b0ff9d-defb-4f60-a02e-64974161076d"; ip_proto:6; sid:2410020; rev:1;)
+drop tcp [100.117.241.0/26,100.117.241.128/27,100.117.241.64/26] any -> any any (msg:"Will drop established tcp-flow ACK from client to server if it turns out to be non HTTP/TLS or not in the allowed Domains or not allowed by some other TCP rule."; flow: from_client, established; sid:261000; rev:1;)
--- /dev/null
+requirements:
+ min-version: 5
+
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 0
+ match:
+ event_type: alert
--- /dev/null
+%YAML 1.1
+---
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - alert:
+ payload: no # enable dumping payload in Base64
+ # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+ # payload-printable: yes # enable dumping payload in printable (lossy) format
+ packet: no # enable dumping of packet (without stream segments)
+ # metadata: no # enable inclusion of app layer metadata with alert. Default yes
+ http-body: no # Requires metadata; enable dumping of HTTP body in Base64
+ # http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
+
+ # Enable the logging of tagged packets for rules using the
+ # "tag" keyword.
+ tagged-packets: yes
+ - tls:
+ extended: no # enable this for extended logging information
+ - drop:
+ alerts: yes # log alerts that caused drops
+ flows: start # start or all: 'start' logs only a single drop
+ # per flow direction. All logs each dropped pkt.
+ - flow
+
+
+action-order:
+ - pass
+ - drop
+ - reject
+ - alert
--- /dev/null
+pass tcp [100.117.241.128/27,100.117.241.64/26,100.117.241.0/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+pass IP [100.117.241.128/27,100.117.241.0/25] any -> [10.68.242.211,10.68.242.242] [4433,8143] (msg:"c5b0ff9d-defb-4f60-a02e-64974161076d"; ip_proto:6; sid:2410020; rev:1;)
+drop tcp [100.117.241.0/26,100.117.241.128/27,100.117.241.64/26] any -> any any (msg:"Will drop established tcp-flow ACK from client to server if it turns out to be non HTTP/TLS or not in the allowed Domains or not allowed by some other TCP rule."; flow: from_client, established; sid:261000; rev:1;)
--- /dev/null
+requirements:
+ min-version: 5
+
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 0
+ match:
+ event_type: alert
--- /dev/null
+%YAML 1.1
+---
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - alert:
+ payload: no # enable dumping payload in Base64
+ # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+ # payload-printable: yes # enable dumping payload in printable (lossy) format
+ packet: no # enable dumping of packet (without stream segments)
+ # metadata: no # enable inclusion of app layer metadata with alert. Default yes
+ http-body: no # Requires metadata; enable dumping of HTTP body in Base64
+ # http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
+
+ # Enable the logging of tagged packets for rules using the
+ # "tag" keyword.
+ tagged-packets: yes
+ - tls:
+ extended: no # enable this for extended logging information
+ - drop:
+ alerts: yes # log alerts that caused drops
+ flows: start # start or all: 'start' logs only a single drop
+ # per flow direction. All logs each dropped pkt.
+ - flow
+
+
+action-order:
+ - pass
+ - drop
+ - reject
+ - alert
--- /dev/null
+pass tcp [100.117.241.128/27,100.117.241.0/26,100.117.241.64/26] any -> 100.64.4.0/23 443 (msg:"Will allow connect to shared endpoints"; sid:221001; rev:1;)
+#pass IP [100.117.241.0/25,100.117.241.128/27] any -> [10.68.242.211,10.68.242.242] [4433,8143] (msg:"c5b0ff9d-defb-4f60-a02e-64974161076d"; ip_proto:6; sid:2410020; rev:1;)
+drop tcp [100.117.241.0/26,100.117.241.128/27,100.117.241.64/26] any -> any any (msg:"Will drop established tcp-flow ACK from client to server if it turns out to be non HTTP/TLS or not in the allowed Domains or not allowed by some other TCP rule."; flow: from_client, established; sid:261000; rev:1;)
--- /dev/null
+requirements:
+ min-version: 5
+
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 0
+ match:
+ event_type: alert
projects / thirdparty / suricata-verify.git / commitdiff
