-
Notifications
You must be signed in to change notification settings - Fork 19
/
config.txt
51 lines (51 loc) · 1.08 KB
/
config.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path reporter
#fields parameter value
#types string string
local_net 1.1.1.0/24,2.2.2.0/24
th_addr_scan 20
weight_addr_scan 0.8
th_addr_scan_critical 15
weight_addr_scan_critical 1.0
th_port_scan 15
weight_port_scan 0.25
th_low_port_troll 10
weight_low_port_troll 0.5
wnd_addr_scan 15mins
wnd_port_scan 15mins
scan_evaluation_mode OR
th_ssh_login 10
weight_breakin 1.0
wnd_breakin 15mins
wnd_exploit 15mins
weight_exploit_blacklist_match 0.5
exploit_evaluation_mode OR
evaluation_breakin_mode OR
th_disguised_exe 0
weight_disguised_exe 0.8
weight_egg_signature_match 1.0
wnd_egg 10mins
evaluation_mode OR
th_dns_failure 15
weight_dns_failure 0.8
evaluation_mode OR
wnd_cnc 15mins
weight_cnc_blacklist_match 1.0
weight_cnc_blacklist_dns_match 0.5
weight_cnc_signature_match 0.8
weight_rbn_blacklist_match 0.5
th_sqli_attempt 10
wnd_sqli 5mins
weight_sqli 0.5
sqli_evaluation_mode OR
th_mx_queries 0
th_smtp 15
weight_spam_failed_mx 1.0
weight_spam_failed_smtp 0.8
wnd_spam 15mins
spam_evaluation_mode OR
wnd_correlation 12hrs
wnd_bot 1day