首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 0

OSSIM/sagan-rules

代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
incapsula.rules 5.24 KB
一键复制 编辑 原始数据 按行查看 历史
Champ Clark III 提交于 2020-07-22 03:12 . thresholds on incapsula rules.
12345678910111213141516171819202122232425262728293031323334353637383940
# Sagan incapsula.rules

# Copyright (c) 2009-2020. Quadrant Information Security <www.quadrantsec.com>

# All rights reserved.

#

# Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list

#

#*************************************************************

#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the

#  following conditions are met:

#

#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following

#    disclaimer.

#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the

#    following disclaimer in the documentation and/or other materials provided with the distribution.

#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived

#    from this software without specific prior written permission.

#

#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,

#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE

#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#

#*************************************************************                                                                                          

# rules by "Brian Echeverry" <becheverry@quadrantsec.com>                                                                                              # 2018/05/25



alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Visitor from blacklisted IPs"; program: Incapsula*|incapsula*; content: "|7c|Visitors from blacklisted IPs|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003915; sid:5003915; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Visitor from blacklisted Countries"; program: Incapsula*|incapsula*; content: "|7c|Visitors from blacklisted Countries|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003916; sid:5003916; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Visitor from blacklisted URLs"; program: Incapsula*|incapsula*; content: "|7c|Visitors from blacklisted URLs|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003917; sid:5003917; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Bot Access Control"; program: Incapsula*|incapsula*; content: "|7c|Bot Access Control|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003918; sid:5003918; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Suspected Bots"; program: Incapsula*|incapsula*; content: "|7c|Suspected Bots|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003919; sid:5003919; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Remote File Inclusion"; program: Incapsula*|incapsula*; content: "|7c|Remote File Inclusion|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003920; sid:5003920; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] SQL Injection"; program: Incapsula*|incapsula*; content: "|7c|SQL Injection|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003921; sid:5003921; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Cross Site Scripting"; program: Incapsula*|incapsula*; content: "|7c|Cross Site Scripting|7c|"; parse_src_ip: 1; threshold: type suppress, track by_src, count 50, seconds 1800; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003922; sid:5003922; rev:4;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Illegal Resource Access"; program: Incapsula*|incapsula*; content: "|7c|Illegal Resource Access|7c|"; parse_src_ip: 1; threshold: type suppress, track by_src, count 50, seconds 1800; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003923; sid:5003923; rev:4;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] DDoS"; program: Incapsula*|incapsula*; content: "|7c|DDoS|7c|"; parse_src_ip: 1; threshold: type suppress, track by_src, count 50, seconds 1800; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003924; sid:5003924; rev:5;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[INCAPSULA] Backdoor Protect"; program: Incapsula*|incapsula*; content: "|7c|Backdoor Protect|7c|"; parse_src_ip: 1; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5003925; sid:5003925; rev:3;)
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化