Signatures
Namespace¶
Namespace: Signatures
.
- class zlogging.enum.Signatures.Action(value)[source]
Bases:
IntFlag
Enum:
Signatures::Action
.These are the default actions you can apply to signature matches. All of them write the signature record to the logging stream unless declared otherwise.
See also
- SIG_IGNORE = 1
Ignore this signature completely (even for scan detection). Don’t write to the signatures logging stream.
- SIG_QUIET = 2
Process through the various aggregate techniques, but don’t report individually and don’t write to the signatures logging stream.
- SIG_LOG = 4
Generate a notice.
- SIG_FILE_BUT_NO_SCAN = 8
The same as Signatures::SIG_LOG, but ignore for aggregate/scan processing.
- SIG_ALARM = 16
Generate a notice and set it to be alarmed upon.
- SIG_ALARM_PER_ORIG = 32
Alarm once per originator.
- SIG_ALARM_ONCE = 64
Alarm once and then never again.
- SIG_COUNT_PER_RESP = 128
Count signatures per responder host and alarm with the Signatures::Count_Signature notice if a threshold defined by Signatures::count_thresholds is reached.
- SIG_SUMMARY = 256
Don’t alarm, but generate per-orig summary.