1 <!-- Copyright 2010 Dan Parriott (ddpbsd@gmail.com)
2 - This program is a free software; you can redistribute it
3 - and/or modify it under the terms of the GNU General Public
4 - License (version 2) as published by the FSF - Free Software
7 - License details: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10 <group name="syslog,ids,bro">
12 <rule id="52000" level="0">
13 <decoded_as>bro-ids</decoded_as>
14 <description>Grouping for all bro-ids events.</description>
17 <rule id="52001" level="0">
18 <if_sid>52000</if_sid>
19 <match>Starting incremental serialization</match>
20 <description>Bro-ids has been started.</description>
23 <rule id="52002" level="0">
24 <if_sid>52000</if_sid>
25 <match>Finished incremental serialization</match>
26 <description>Bro-ids has been stopped.</description>
29 <rule id="52003" level="8">
30 <if_sid>52000</if_sid>
31 <match>msg=AckAboveHole</match>
32 <description>XXX Ack Above Hole</description>
35 <rule id="52004" level="8">
36 <if_sid>52000</if_sid>
37 <match>msg=ContentGap</match>
38 <description>XXX Content Gap</description>
41 <rule id="52005" level="1">
42 <if_sid>52000</if_sid>
43 <match>no=ResourceSummary</match>
44 <description>Bro-ids resource summary.</description>
47 <rule id="52006" level="7">
48 <if_sid>52000</if_sid>
49 <match>no=PortScanSummary</match>
50 <description>Bro-ids port scan summary.</description>
53 <rule id="52007" level="4">
54 <if_sid>52000</if_sid>
55 <match>no=ZoneTransfer</match>
56 <description>Bro-ids Zone Transfer alert.</description>
59 <rule id="52008" level="4">
60 <if_sid>52000</if_sid>
61 <match>no=SensitivePortMapperAccess</match>
62 <description>Bro-ids detected acces to the portmapper port.</description>
65 <rule id="52009" level="4">
66 <if_sid>52000</if_sid>
67 <match>no=PortScan </match>
68 <description>Bro-ids detected a portscan.</description>
72 </group> <!-- SYSLOG,LOCAL -->