Highest Voted 'intrusion-detection' Questions

0

votes

1 answer

How to alert if someone goes on a website other than the IP address listed?

I have a snort rule alert tcp any -> !142.250.200.14 any (msg:"Bad Website"; sid:1000002; rev:1;) The problem is it logs all websites, including the one listed as 142.250.200.14 as 'bad website'. I want all websites to be alerted except…

snort intrusion-detection

asked May 11 '21 at 17:01

Annon

123
1
9

0

votes

1 answer

I want to send snort3 alert on socket but when I run command " sudo snort -i ens33 -A alert_unixsock -l /tmp" it gives error

I run snort 3 via command sudo snort -c snort.conf -i ens33 -A alert_unixsock -l /tmp where as snort gives error: "/tmp/snort_alert file doesn't exist or isn't writable". Can any one share code for receiver end and snort end.

sockets snort intrusion-detection

asked Oct 29 '20 at 10:03

Shabbar

1

0

votes

0 answers

Create Firewall rule using Java

I'm planning to develop an Intrusion Prevention System. To restrict access for the certain IP address, the only way I found is adding rules to the Window Firewall. Is it possible I create a new Firewall rule through Java application?

java rules windows-firewall intrusion-detection

asked Oct 10 '20 at 16:50

NewBie

1

0

votes

1 answer

Finding brute force attacks with splunk

I have a few login failures then a success for Administrator and this is what I have but it doesn't seem to be getting any results: source=WinEventLog:Security EventCode=4625 OR EventCode=4624 | bin _time span=5m as minute | eval…

splunk splunk-query intrusion-detection splunk-formula splunk-calculation

asked Oct 05 '20 at 01:45

Jason

811
1
12
26

0

votes

1 answer

How to determine the state of the motherboard intrusion switch?

Many motherboards have an integrated chassis intrusion switch function to detect if the case has been opened. There is a related BIOS setting to enable/disable it. I would like to view, in Windows, the current/previous states of the intrusion…

events wmi intrusion-detection motherboard

asked Aug 09 '20 at 04:26

James Brown

38
7

0

votes

0 answers

How do I change the interface snort monitors by default?

To start, I am entirely new to Linux and am doing this as part of my final year project at university, I have never used linux before a few weeks ago and I have been hitting roadblock after roadblock trying to get snort installed and working for 6-7…

linux ubuntu pcap snort intrusion-detection

asked Nov 29 '19 at 23:43

TheGlink

11

0

votes

1 answer

Suricata HOME_NET config question (SPAN port)

As a project I have a physical firewall (IP: 10.0.0.2) with a SPAN port configured to a physical linux (CentOS 6) (IP: 10.0.0.3) on which I am running Suricata IDS. Theoretically I should receive all the traffic to the box through an interface I…

security snort intrusion-detection suricata

asked Oct 23 '19 at 13:46

Jan Novak

1
1

0

votes

0 answers

Different attack types (labels) in training set than in test set

I am currently working on KDD CUP 99 and NSL-KDD datasets (Intrusion detection datasets). They are divided into training and test sets, however when I go through the sets they have different attack types (data labels). Is it normal? The accuracy of…

machine-learning neural-network dataset classification intrusion-detection

asked Jun 14 '19 at 11:08

TomasB

604
5
18

0

votes

1 answer

web logic server Breach Help! How do Find Signs of what data if any was accessed?

A Weblogic server got hacked and the problem is now removed. I am looking through the infected VM's now in a sandbox and want to see what if any data was accessed on the application servers. the app servers were getting hammered with ssh requests…

weblogic computer-forensics intrusion-detection pii

asked May 09 '19 at 14:45

Kal Lodin

1
1

0

votes

1 answer

Usb key insertion detector on Windows

I am working on a project which consists primly on detect a usb intrusion and execute some code. So first i need to know how to detect this usb insertion using python 3.6. Thank you

python python-3.x security usb intrusion-detection

asked Apr 14 '19 at 23:10

Sofiane Senoune

31
6

0

votes

1 answer

Intrusion detection using pattern matching algorithm

I am interesting in writing a simple java code for intrusion detection system(IDS). This can be a simple application for my understanding purpose. And I am gonna use pattern matching algorithm (KMP) for this. The IDS also will be an Signature…

java pattern-matching finite-automata intrusion-detection

asked Mar 10 '19 at 06:43

SaravananKS

577
4
18

0

votes

0 answers

watchdog node in OMNET++ for simulating a MANET model

I'm trying to make a MANET model in OMNET++ for that i need to make a watchdog node. I'm just wondering if anyone have the code for the watchdog node.

omnet++ intrusion-detection

asked Feb 27 '19 at 16:02

siddardha kaja

1
1

0

votes

1 answer

Has anyone integrated Kibana with any IDS?

I know that many people use Kibana to collect security logs, but do you upload them to any IDS to catch suspicious ones and alert about them? If so, which IDS do you use?

integration kibana intrusion-detection websecurity

asked Dec 07 '18 at 10:20

Veronica Yudina

1
1

0

votes

2 answers

IDS Signature - Understanding Content

I am new to IDS signature tuning. So while studying signatures ; in the signatures I come across the section 'CONTENT' based on which the signature triggers alert. Now when I see something in content (example below); how to decipher the same…

snort intrusion-detection network-security suricata

asked Nov 19 '18 at 07:28

Avik Chowdhury

51
2
8

0

votes

1 answer

Can i get suricata to listen to localhost

I'm trying to get suricata to listen to the localhost interface, but it says that there is ERRCODE: SC_ERR_SYSCALL(50) failure to get feature via ioctl for 'lo' Is there anyway to achieve this?

intrusion-detection suricata libnids

asked Nov 13 '18 at 07:30

placid chat

179
10

Questions tagged [intrusion-detection]