diff options
| author |   Eddie Arrage <eddie.arrage@huawei.com> | 2018-04-16 19:00:34 +0000 |
|---|---|---|
| committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-04-16 19:07:37 +0000 |
| commit | 4bd515a7cc42815514b4464c87a5d743bf92ec9f (patch) | |
| tree | af575b361926185de1fb90e74f38527ec33134c2 /samples/services/snort_ids/docker/grpc/snort.proto | |
| parent | 66cc1be27b7fbb27c01a726663e42608eb411672 (diff) | |
Extended snort rule add to allow content field
- Exposed the 'content' field in the GRPC server AddRules method
- Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature
in the community rules to be copied to local rules
- Above ensures more deterministic alerts by snort each time
the signature is hit
- Added here to support the SDC configuration guide, which details
how to add this scan rule via GRPC client script
Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/snort_ids/docker/grpc/snort.proto')
| -rw-r--r-- | samples/services/snort_ids/docker/grpc/snort.proto | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/samples/services/snort_ids/docker/grpc/snort.proto b/samples/services/snort_ids/docker/grpc/snort.proto index 8d69baa..f524bb4 100644 --- a/samples/services/snort_ids/docker/grpc/snort.proto +++ b/samples/services/snort_ids/docker/grpc/snort.proto @@ -27,8 +27,9 @@ message AddRule { string src_port = 4; string src_ip = 5; string msg = 6; - string sid = 7; - string rev = 8; + string content = 7; + string sid = 8; + string rev = 9; } message SnortReply { |