Usually result to log entries with HTTP 404 status code.īut it might be not wise to threat each 404 hit as scan attempt (regular visitors may just misprint the page address This optional condition can be useful if you do not want toįor example rule based on the HTTP Status code - this rule can be used to detect most of the scan attempts, because all they You may also apply the Threshold condition to the rule. So, the example above will be interpreted as - treat log line as scan attempt if (key1 equals value1 and key2 not equals value2) OR (ke圓 equals value3 and key2 equals value4) OR (key4 ends with value5) the Logical AND applies to rule conditions. Rule may contain any number of conditions separated by comma, the line matches the rule if all conditions are match, If log line details match any of the rules, the log line considered as scan attempt and source IP address is reported to RdpGuard Core, Supported equality operators are: = ( equals) and != ( not equals) Select IIS log directories for monitoringĭetection rules are set of key-value pairs with wildcards support.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |