diff options
| author | hebingning <[email protected]> | 2024-03-29 17:53:45 +0800 |
|---|---|---|
| committer | hebingning <[email protected]> | 2024-03-29 17:53:45 +0800 |
| commit | 39d5b5314df14f06238195a6e84bae93d3ce6ea1 (patch) | |
| tree | 208f8658662a28e76c898f496973ba6f7f81d7a6 | |
| parent | cbad385a35425ea61173ffe8a1dae89d8545d160 (diff) | |
补充自定义特征用例
23 files changed, 653 insertions, 2 deletions
diff --git a/data/case_data/signature/security_deny_default_siguature_ ssl_handshake_certificate_algorithm_identifier.json b/data/case_data/signature/security_deny_default_siguature_ ssl_handshake_certificate_algorithm_identifier.json new file mode 100644 index 0000000..b1a2d13 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ ssl_handshake_certificate_algorithm_identifier.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_algorithm_identifier"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.jd.com" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_common_app_id.json b/data/case_data/signature/security_deny_default_siguature_common_app_id.json new file mode 100644 index 0000000..6213c58 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_common_app_id.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["common_app_id"], + "hope_return": "reset", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv http://open.node.com:180" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_common_port_app.json b/data/case_data/signature/security_deny_default_siguature_common_port_app.json new file mode 100644 index 0000000..7845c40 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_common_port_app.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["common_port_app"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://open.node.com:1443" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_common_server_fqdn.json b/data/case_data/signature/security_deny_default_siguature_common_server_fqdn.json new file mode 100644 index 0000000..f4e7eb6 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_common_server_fqdn.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["common_server_fqdn"], + "hope_return": "reset", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv http://open.node.com:180" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_dns_qry_name.json b/data/case_data/signature/security_deny_default_siguature_dns_qry_name.json new file mode 100644 index 0000000..32d8c98 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_dns_qry_name.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["dns_qry_name"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "nslookup www.youtube.com -timeout=1" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_http_request_full_uri.json b/data/case_data/signature/security_deny_default_siguature_http_request_full_uri.json new file mode 100644 index 0000000..8219048 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_http_request_full_uri.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["http_request_full_uri"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv http://www.yumi.com" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_http_request_header.json b/data/case_data/signature/security_deny_default_siguature_http_request_header.json new file mode 100644 index 0000000..a17bb69 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_http_request_header.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["http_request_header"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv http://www.yumi.com" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_http_response_header.json b/data/case_data/signature/security_deny_default_siguature_http_response_header.json new file mode 100644 index 0000000..0375cf8 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_http_response_header.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["http_response_header"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv http://www.yumi.com" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ip_dst.json b/data/case_data/signature/security_deny_default_siguature_ip_dst.json new file mode 100644 index 0000000..3996050 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ip_dst.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ip_dst"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://open.node.com:1443" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ip_proto.json b/data/case_data/signature/security_deny_default_siguature_ip_proto.json new file mode 100644 index 0000000..f349013 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ip_proto.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ip_proto"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://open.node.com:1443" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ip_src.json b/data/case_data/signature/security_deny_default_siguature_ip_src.json new file mode 100644 index 0000000..3e679b8 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ip_src.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ip_src"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "nslookup www.youtube.com -timeout=1" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_analysis_ja3.json b/data/case_data/signature/security_deny_default_siguature_ssl_analysis_ja3.json new file mode 100644 index 0000000..ad0d859 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_analysis_ja3.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_analysis_ja3"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.vip.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_analysis_sni_absent.json b/data/case_data/signature/security_deny_default_siguature_ssl_analysis_sni_absent.json new file mode 100644 index 0000000..5a1ae79 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_analysis_sni_absent.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_analysis_sni_absent"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://192.168.40.206:1443" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_algorithm_id.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_algorithm_id.json new file mode 100644 index 0000000..bcad6fc --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_algorithm_id.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_algorithm_id"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.vip.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_common_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_common_name.json index 29bef17..0224310 100644 --- a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_common_name.json +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_common_name.json @@ -25,7 +25,7 @@ ], "app_name_1": ["ssl_handshake_certificate_issuer_common_name"], "hope_return": "timed out", - "counters_1": {"hits": 1}, + "counters_1": {"hits": "many"}, "log_query_param_1": [], "command": "curl --connect-timeout 5 -m 5 -kv https://froala.com/wysiwyg-editor/" }
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_country_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_country_name.json new file mode 100644 index 0000000..a8b9d55 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_country_name.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_issuer_country_name"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.vip.com" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_organization_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_organization_name.json index e49d507..a34225e 100644 --- a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_organization_name.json +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_issuer_organization_name.json @@ -25,7 +25,7 @@ ], "app_name_1": ["ssl_handshake_certificate_issuer_organization_name"], "hope_return": "timed out", - "counters_1": {"hits": 1}, + "counters_1": {"hits": "many"}, "log_query_param_1": [], "command": "curl --connect-timeout 5 -m 5 -kv https://www.bilibili.com/" }
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_not_valid.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_not_valid.json new file mode 100644 index 0000000..57396db --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_not_valid.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_not_valid"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.vip.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_common_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_common_name.json new file mode 100644 index 0000000..55e381a --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_common_name.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_subject_common_name"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.pny.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_country_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_country_name.json new file mode 100644 index 0000000..d7a7335 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_country_name.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_subject_country_name"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://activity.windows.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_organization_name.json b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_organization_name.json new file mode 100644 index 0000000..95f18f3 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_ssl_handshake_certificate_subject_organization_name.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["ssl_handshake_certificate_subject_organization_name"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -kv https://www.qq.com/" +}
\ No newline at end of file diff --git a/data/case_data/signature/security_deny_default_siguature_tcp_payload_signature.json b/data/case_data/signature/security_deny_default_siguature_tcp_payload_signature.json new file mode 100644 index 0000000..050f413 --- /dev/null +++ b/data/case_data/signature/security_deny_default_siguature_tcp_payload_signature.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["tcp_payload_signature"], + "hope_return": "timed out", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 5 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\"requestbody\":\"reqbody\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}\" -kv --user-agent \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go | iconv -f utf-8 -t gbk" +}
\ No newline at end of file diff --git a/data/case_data/temp/a/security_deny_default_siguature_tcp_payload_signature.json b/data/case_data/temp/a/security_deny_default_siguature_tcp_payload_signature.json new file mode 100644 index 0000000..7477edb --- /dev/null +++ b/data/case_data/temp/a/security_deny_default_siguature_tcp_payload_signature.json @@ -0,0 +1,31 @@ +{ + "isMultiPriority": false, + "ruleNum": 1, + "policyType": "security", + "rule_action_1": "deny", + "method_1": "default", + "do_log_1": 2, + "send_tcp_reset_1": 1, + "obj_condition_1": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "objectType": "ip", + "objectSubType": "ip", + "objectList": [ + { + "addItemList": [ + { + "ip_address": "default", + "port_range": "0-65535" + } + ] + } + ] + } + ], + "app_name_1": ["tcp_payload_signature"], + "hope_return": "reset", + "counters_1": {"hits": "many"}, + "log_query_param_1": [], + "command": "curl --connect-timeout 5 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\"requestbody\":\"reqbody\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}\" -kv --user-agent \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go | iconv -f utf-8 -t gbk" +}
\ No newline at end of file |