Update lnx_susp_named.yml
This commit is contained in:
yugoslavskiy
@@ -10,10 +10,10 @@ logsource:
|
||||
product: linux
|
||||
service: syslog
|
||||
detection:
|
||||
keywords|contains:
|
||||
- ' dropping source port zero packet from '
|
||||
- ' denied AXFR from '
|
||||
- ' exiting (due to fatal error)'
|
||||
keywords:
|
||||
- '* dropping source port zero packet from *'
|
||||
- '* denied AXFR from *'
|
||||
- '* exiting (due to fatal error)*'
|
||||
condition: keywords
|
||||
falsepositives:
|
||||
- Unknown
|
||||
|
||||
Reference in New Issue
Block a user