Use file with keywords on rules

16 views
Skip to first unread message

Julio Cesar

unread,
Nov 28, 2016, 7:48:05 AM11/28/16
to ossec-list
Hello. I have a file with more than 1000 IP's blacklisted.
Have any way to include a syntax like this on custom ossec rule?

 <rule id="100633" level="15">
 <srcip>/etc/blacklist/list.txt</srcip>
 <description>Black-listed IP address</description>
 </rule>


Thank you!

dan (ddp)

unread,
Nov 28, 2016, 7:48:43 AM11/28/16
to ossec...@googlegroups.com
This is an easy use case for a cdb list:
https://ossec.github.io/docs/manual/rules-decoders/rule-lists.html?highlight=cdb

>
>
> Thank you!
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages