•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Step Description Command Keys
13 Define the traffic classification which
will record to the log when this rule will
trigger (optional).
esr(config-ips-category-rule)#
meta classification-type
{ not-suspicious | unknown | bad-
unknown | attempted-recon |
successful-recon-limited |
successful-recon-largescale |
attempted-dos | successful-dos |
attempted-user |
unsuccessful-user | successful-
user | attempted-admin |
successful-admin | rpc-portmap-
decode | shellcode-detect |
string-detect | suspicious-
filename-detect | suspicious-login |
system-call-detect | tcp-
connection | trojan-activity |
unusual-client-port-connection |
network-scan |
denial-of-service | non-standard-
protocol |
protocol-command-decode | web-
application-activity |
web-application-attack | misc-
activity | misc-attack |
icmp-event | inappropriate-content
| policy-violation |
default-login-attempt }
not-suspicious – not
suspicious traffic;
unknown– unknown
traffic.
bad-unknown –
potentially bad traffic.
attempted-recon –
information leak attempt.
successful-recon-limited
– information leak.
successful-recon-
largescale – large-scale
information leak.
attempted-dos – denial
of service attempt.
successful-dos – denial
of service.
attempted-user –
attempt to obtain user
privileges.
unsuccessful-user –
unsuccessful attempt to
obtain user privileges.
successful-user –
successful attempt to
obtain user privileges.
successful-admin –
successful attempt to
obtain admin privileges.
successful-admin –
successful attempt to
obtain admin privileges.
rpc-portmap-decode –
RPC request decoding.
shellcode-detect –
executable code
detected.
string-detect –
suspicious string
detected.
suspicious-filename-
detect – suspicious
filename was detected.
suspicious-login –
attempt to log in using a
suspicious username
was deteceted.
system-call-detect –
system call was
detected.
To Next Page
Loading...
