Indicators of Compromise

From Wiki of WFilter NG Firewall
Jump to: navigation, search

1 Indicators of Compromise

IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This module is built on the Snort project.

2 Settings

  • IOCs Settings: setup the policy when a compromised client is detected.
    • Record only, only record the attacks events.
    • Record and block ip, record the attack events and block the source ip for a period.
  • Add Alert Event: whether to add attacks events to the "Event" module.
  • IP Whitelist: whitelisted traffic won't be checked. Syntax: 192.168.1.20,192.168.1.20/24.

Icos settings.png


3 Detection History

Query history records of detected malware events, including ip addresses, ports, type and messages.

Icos query.png

Personal tools
Namespaces

Variants
Actions
Navigation
Tools