IOCs

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:Indicators of Compromise}} == Indicators of Compromise == IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This m...")
 

Latest revision as of 14:55, 17 October 2023

[edit] 1 Indicators of Compromise

IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This module is built on the Snort project.

[edit] 2 Settings

  • IOCs Settings: setup the policy when a compromised client is detected.
    • Record only, only record the attacks events.
    • Record and block ip, record the attack events and block the source ip for a period.
  • Add Alert Event: whether to add attacks events to the "Event" module.
  • IP Whitelist: whitelisted traffic won't be checked. Syntax: 192.168.1.20,192.168.1.20/24.

Icos settings.png


[edit] 3 Detection History

Query history records of detected malware events, including ip addresses, ports, type and messages.

Icos query.png

Retrieved from "http://wiki.wfilterngf.com/index.php?title=IOCs&oldid=1144"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools