Skip to content

Commit

Permalink
Add kind keyword for detection event detail search
Browse files Browse the repository at this point in the history 
Close: #390
  • Loading branch information
@kimhanbeom @msk
kimhanbeom authored and msk committed Jan 4, 2025
1 parent 35b9d80 commit 466c334
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ Versioning](https://semver.org/spec/v2.0.0.html).

- Added `Account::theme` field to represent user's selected screen color theme
on the user interface.
- Added kind keywords for detailed searching of `RepeatedHttpSessions`,
`NonBrowser`,`ExternalDdos`, `CryptocurrencyMiningPool`, `BlockListDceRpc`
detection events.

### Changed

Expand Down
18 changes: 13 additions & 5 deletions src/event.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1833,7 +1833,7 @@ impl EventFilter {
moderate_kinds_by(kinds, &["dns", "covert", "channel"], "dns covert channel");
moderate_kinds_by(
kinds,
&["http", "covert", "channel"],
&["http", "covert", "channel", "repeated", "http", "sessions"],
"repeated http sessions",
);
moderate_kinds_by(kinds, &["rdp", "brute", "force"], "rdp brute force");
Expand All @@ -1848,17 +1848,25 @@ impl EventFilter {
&["multi", "host", "port", "scan"],
"multi host port scan",
);
moderate_kinds_by(kinds, &["external", "ddos"], "external ddos");
moderate_kinds_by(kinds, &["external", "ddos", "dos"], "external ddos");
moderate_kinds_by(kinds, &["port", "scan"], "port scan");
moderate_kinds_by(kinds, &["non", "browser"], "non browser");
moderate_kinds_by(
kinds,
&["cryptocurrency", "mining", "pool"],
&["non", "browser", "non-browser", "connection"],
"non browser",
);
moderate_kinds_by(
kinds,
&["cryptocurrency", "mining", "pool", "network", "connection"],
"cryptocurrency mining pool",
);
moderate_kinds_by(kinds, &["block", "list", "bootp"], "block list bootp");
moderate_kinds_by(kinds, &["block", "list", "conn"], "block list conn");
moderate_kinds_by(kinds, &["block", "list", "dcerpc"], "block list dcerpc");
moderate_kinds_by(
kinds,
&["block", "list", "dcerpc", "dce/rpc"],
"block list dcerpc",
);
moderate_kinds_by(kinds, &["block", "list", "dhcp"], "block list dhcp");
moderate_kinds_by(kinds, &["block", "list", "dns"], "block list dns");
moderate_kinds_by(kinds, &["block", "list", "ftp"], "block list ftp");
Expand Down

0 comments on commit 466c334

Please sign in to comment.