IDP 8200 using NMS (Network and Security Manager) software
Directly domain block by above method.. must add those to any policy like IIG-Policy,VC, URL Block and also update device(idp8200)
*** Filter by Custom attack... and must add those to any policy like IIG-Policy,VC, URL Block and also update device(idp8200)
IDP Object: +
name: BTRC-www.xyz.com
Description: www.xyz.com/collections/4212847/BDR-Mutiny
Severity: major
Category: HTTP
Keywords: collections 4212847 BDR-Mutiny
Attach Versions: +
tik mark:
idp-5.1.0
idp-5.1.110120907
idp-5.1.110121210
type: Compund Attack -> Next
Protocol Type: Service
Service: http (predefined) -> Next
Scope: Transaction
Boolean Expression: m01 AND m02
+
signature
Member Name: m01
pattern: \[(.*\.)?xyz\.com\]
Context: HTTP : HTTP Header Host (predefined)
Direction: Client to Server
ok
+
Member Name: m02
pattern: \[/collections/4212847/BDR-Mutiny\]
Context: HTTP : HTTP URL Parsed (predefined)
Direction: Client to Server
Finish
No comments:
Post a Comment