[Bro] [bro] SQL InjectionVictim
Tim Desrochers
tgdesrochers at gmail.com
Sat Sep 17 06:30:05 PDT 2016
I seem to get a lot of notices for SQL Injection Victim with the Address
field as an external IP, a lot of times Amazon, or another large host. Why
is this finding "Victims" that are not in my internal network as defined in
network.cfg?
Is there a way get this to only send notices when an internal host has an
SQL attack?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160917/8da11a0e/attachment-0001.html
More information about the Bro
mailing list