Update 100002-suricata.xml

This commit is contained in:
taylor_socfortress
2023-03-16 15:59:23 -05:00
committed by GitHub
parent c3d681eff8
commit 3654530fc0

View File

@@ -1,47 +1,53 @@
<!-- Suricata Rules -->
<group name="suricata,netflow">
<rule id="100002" level="3">
<if_sid>86600</if_sid>
<description>Suricata Traffic - $(event_type).</description>
</rule>
<rule id="100002" level="1">
<if_sid>86600</if_sid>
<options>no_full_log</options>
<description>Suricata Traffic - $(event_type).</description>
</rule>
</group>
<group name="suricata,suricata_severity2">
<rule id="100003" level="10">
<if_sid>86601</if_sid>
<field name="alert.severity">2</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
<rule id="100003" level="10">
<if_sid>86601</if_sid>
<field name="alert.severity">2</field>
<options>no_full_log</options>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group>
<group name="suricata,suricata_severity1">
<rule id="100004" level="13">
<if_sid>86601</if_sid>
<field name="alert.severity">1</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
<rule id="100004" level="10">
<if_sid>86601</if_sid>
<field name="alert.severity">1</field>
<options>no_full_log</options>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group>
<group name="suricata,suricata_severity3">
<rule id="100005" level="5">
<if_sid>86601</if_sid>
<field name="alert.severity">3</field>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
<rule id="100005" level="5">
<if_sid>86601</if_sid>
<field name="alert.severity">3</field>
<options>no_full_log</options>
<description>Suricata Alert - $(alert.signature). Signature ID: $(alert.signature_id).</description>
</rule>
</group>
<group name="suricata,suricata_http">
<rule id="100006" level="3">
<if_sid>86602</if_sid>
<description>Suricata HTTP Traffic.</description>
</rule>
<rule id="100006" level="1">
<if_sid>86602</if_sid>
<options>no_full_log</options>
<description>Suricata HTTP Traffic.</description>
</rule>
</group>
<group name="suricata,suricata_dns">
<rule id="100007" level="3">
<if_sid>86603</if_sid>
<description>Suricata DNS Traffic.</description>
</rule>
<rule id="100007" level="1">
<if_sid>86603</if_sid>
<options>no_full_log</options>
<description>Suricata DNS Traffic.</description>
</rule>
</group>
<group name="suricata,suricata_tls">
<rule id="100008" level="3">
<if_sid>86604</if_sid>
<description>Suricata TLS Traffic.</description>
</rule>
<rule id="100008" level="1">
<if_sid>86604</if_sid>
<options>no_full_log</options>
<description>Suricata TLS Traffic.</description>
</rule>
</group>