"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/user/sensitive_data.txt" between
snort3-3.1.29.0.tar.gz and snort3-3.1.30.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

sensitive_data.txt  (snort3-3.1.29.0):sensitive_data.txt  (snort3-3.1.30.0)
skipping to change at line 77 skipping to change at line 77
sd_pattern:"This is a string literal", threshold 300; sd_pattern:"This is a string literal", threshold 300;
This example requires 300 matches of the pattern "This is a string literal" This example requires 300 matches of the pattern "This is a string literal"
to qualify as a positive match. That is, if the string only occurred 299 times to qualify as a positive match. That is, if the string only occurred 299 times
in a packet, you will not see an event. in a packet, you will not see an event.
===== Obfuscating Credit Cards and Social Security Numbers ===== Obfuscating Credit Cards and Social Security Numbers
Snort provides discreet logging for the built in patterns "credit_card", Snort provides discreet logging for the built in patterns "credit_card",
"us_social" and "us_social_nodashes". Enabling `output.obfuscate_pii` makes "us_social" and "us_social_nodashes". Enabling `ips.obfuscate_pii` makes
Snort obfuscate the suspect packet payload which was matched by the Snort obfuscate the suspect packet payload which was matched by the
patterns. This configuration is disabled by default. patterns. This configuration is disabled by default.
output = ips =
{ {
obfuscate_pii = true obfuscate_pii = true
} }
==== Example ==== Example
A complete Snort IPS rule A complete Snort IPS rule
alert tcp ( sid:1; msg:"Credit Card"; sd_pattern:"credit_card"; ) alert tcp ( sid:1; msg:"Credit Card"; sd_pattern:"credit_card"; )
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)