configuring signatures
alert serverity:告警的严重级别,选项high,informational,low,medium
sig fidelity rating:可信度,越高越可信
promiscuous delta:杂合的增量,可信度的变量,两种模式在线模式和杂合模式.
signature name:signature的名字
engine:引擎
event action:action默认produce alert是打开的告警.
event counter:计数器,默认情况来一个包一个event,
event count key:根据攻击者地址,被攻击者地址,或两者兼计算次数.
summary mode:有fire al有一个event就一个告警l,fire once不管多少个event只告一次警,global summarize不管源目的多少秒告一次警,summarize每多少秒根据源目的做一个汇总告警.
A=source address
a=source port
B=destination address
b=destination port
x=does not matter
event count key:
summary key:
storage key:
meta key:
标签:Signatures,Configuring,destination,第三天,port,key,攻击者,告警,event From: https://www.cnblogs.com/smoke520/p/18357868