About kishorsawant1988

kishorsawant1988 · 04-02-2015

I am need to understand how to configure and use correlation rules in sourcefire. Appreciate if anybody could share Sample correlation rules / Correlation Use Cases and steps to configure the same.

kishorsawant1988 · 04-01-2015

I need TLS negotiation logs for specific email communication. I checked "mail_log" file but the I could see only single line for TLS communication (ICID XXXX TLS success protocol TLSv1 cipher DHE-RSA-AES256-SHA) I want detailed negotiation logs to ch...

kishorsawant1988 · 03-09-2015

We have requirement where we want to block emails with attachment type :.ade .cmd .eml .ins .mdb .mst .reg .url .wsf .adp .com .exe .isp .mde .pcd .scr .vb .wsh .bas .cpl .hlp .js .msc .pif .sct .vbe .bat .crt .hta .jse .msi .pl .scx .vbs .chm .dll ....

kishorsawant1988 · 02-26-2015

Please help me to understand this alert from Ironport ESA The Warning message is:Invalid SimpleFilter: Block_Pornography rule: <filters.URL_Category_Rule instance at 0x94a8a758>('egg/filters.py _walk_parts|3040', "<type 'exceptions.AttributeError'>",...

kishorsawant1988 · 03-13-2015

Filename Ends With condition resolved the issue. Thanks for the Solution.

kishorsawant1988 · 03-11-2015

With (attachment-filename) filter it checks entire file name instead of extension which created lots of false positives.eg: I have added "hlp" in above filter but it is also blocking word file "M09 hlp.doc" as file name contains hlp key word.any solu...

Member Since	‎02-26-2015 01:14 AM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	7

User Statistics

User Activity

Correlation Rules in Sourcefire

TLS Negotiation Logs

Block Attachments by File Type

ESA Alert

Filename Ends With condition

With (attachment-filename)