From ae0ca9f5e54b841eb8ff37b41033bcca74d6827c Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Mon, 10 Jun 2024 09:21:58 +0000 Subject: T751: Remove ids suricata --- interface-definitions/service_suricata.xml.in | 238 -------------------------- 1 file changed, 238 deletions(-) delete mode 100644 interface-definitions/service_suricata.xml.in (limited to 'interface-definitions') diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in deleted file mode 100644 index e0159e2ba..000000000 --- a/interface-definitions/service_suricata.xml.in +++ /dev/null @@ -1,238 +0,0 @@ - - - - - - - Network IDS, IPS and Security Monitoring - 740 - - - #include - - - Address group name - - [a-z0-9-]+ - - - - - - IP address or subnet - - ipv4 - IPv4 address to match - - - ipv6 - IPv6 address to match - - - ipv4net - IPv4 prefix to match - - - ipv6net - IPv6 prefix to match - - - !ipv4 - Exclude the specified IPv4 address from matches - - - !ipv6 - Exclude the specified IPv6 address from matches - - - !ipv4net - Exclude the specified IPv6 prefix from matches - - - !ipv6net - Exclude the specified IPv6 prefix from matches - - - - - - - - - - - - - - - - - Address group - - service ids suricata address-group - - - txt - Address group to match - - - !txt - Exclude the specified address group from matches - - - !?[a-z0-9-]+ - - - - - - - - - Port group name - - [a-z0-9-]+ - - - - - - Port number - - u32:1-65535 - Numeric port to match - - - !u32:1-65535 - Numeric port to exclude from matches - - - start-end - Numbered port range (e.g. 1001-1005) to match - - - !start-end - Numbered port range (e.g. !1001-1005) to exclude from matches - - - - - - - - - - - Port group - - service ids suricata port-group - - - txt - Port group to match - - - !txt - Exclude the specified port group from matches - - - !?[a-z0-9-]+ - - - - - - - - - Suricata log outputs - - - - - Extensible Event Format (EVE) - - - - - EVE logging destination - - regular syslog - - - regular - Log to filename - - - syslog - Log to syslog - - - (regular|syslog) - - - regular - - - - Log file - - filename - File name in default Suricata log directory - - - /path - Absolute file path - - - eve.json - - - - Log types - - alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow - - - alert - Record events for rule matches - - - anomaly - Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream - - - drop - Record events for dropped packets - - - file - Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP) - - - application (http, dns, tls, ...) - Record application-level transactions - - - flow - Record bi-directional flows - - - netflow - Record uni-directional flows - - - (alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow) - - - - - - - - - - - - - -- cgit v1.2.3