我们如何从snort sql中删除这个事件? 我尝试这样做: 创建Snort的机器上的SQL文件:纳米dbclean.sql 下面的代码添加到SQL文件: use snort;
DELETE FROM event WHERE timestamp < DATE_SUB(NOW(),INTERVAL 28 DAY);
DELETE FROM data USING data LEFT OUTER J
我现在有下面的DNS查询警惕法则在Suricata设置(用于测试目的): alert dns any any -> any any (msg:”Test dns_query option”; dns_query; content:”google”; nocase; sid:1;)
,当它抓住它包含单词DNS事件包含“google”,如在此数据包被触发: {"timestamp":"2017-0