Skip to content
/ CommunityDpaRules Public

Network Monitor DPA rules and example rules that require client modifications but with all the logic in place

License

MIT license
9 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

logrhythm/CommunityDpaRules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
lrl
lrl
 
 
pcap
pcap
 
 
rules
rules
 
 
scripts
scripts
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Community DPA Rules for Network Monitor

This repository contains community DPA rules for network monitor. These rules are examples which often require custom modifications, such as modifying allowed IP-ranges etc.

Contributions:

The following details are required when adding an example DPA rule

  1. /lrl:
    • the lrl binary file for the rule
  2. /pcap:
    • at least one pcap which would trigger the rule. Additonal pcaps are encouraged as well as pcaps that does not trigger the rule
    • one yaml file per pcap that describes
    DESCRIPTION: Description of what the rule does and its purpose
SCOPE: Flow/Packet
Alarm: Yes/No
CUSTOM_METADATA: (blank)/MY_CUSTOMFIELD_NM=<what it is>
  3. /rules:
    • The .lua rule that was used to create the binary
    • one yaml file that describes
    DESCRIPTION: <describe in a short sentence the rule's mission>
AUTHOR: <who wrote it>
SCOPE: Flow/Packet

License:

All rules here are bound by the MIT License, copyright LogRhythm

About

Network Monitor DPA rules and example rules that require client modifications but with all the logic in place

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

9 stars

Watchers

7 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages