Indicators of Compromise

From Wiki of WFilter NG Firewall
Revision as of 14:55, 17 October 2023 by WFilter (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

1 Indicators of Compromise

IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This module is built on the Snort project.

2 Settings

  • IOCs Settings: setup the policy when a compromised client is detected.
    • Record only, only record the attacks events.
    • Record and block ip, record the attack events and block the source ip for a period.
  • Add Alert Event: whether to add attacks events to the "Event" module.
  • IP Whitelist: whitelisted traffic won't be checked. Syntax: 192.168.1.20,192.168.1.20/24.

Icos settings.png


3 Detection History

Query history records of detected malware events, including ip addresses, ports, type and messages.

Icos query.png

Retrieved from "http://wiki.wfilterngf.com/index.php?title=IOCs&oldid=1144"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools