Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rules changes 2019 04.v6 #580

merged 2 commits into from Apr 12, 2019


None yet
2 participants
Copy link

commented Apr 12, 2019

No description provided.

mstemm added some commits Apr 12, 2019

Remove netstat as a generic network program
We'll try to limit the list to programs that can broadly see activity or
actually create traffic.
Rules for inbound conn sources, not outbound
Replace "Unexpected outbound connection source" with "Unexpected inbound
connection source" to watch inbound connections by source instead of
outbound connections by source. The rule itself is pretty much unchanged
other than switching to using cip/cnet instead of sip/snet.

Expand the supporting macros so they include outbound/inbound in the
name, to make it clearer.

@mstemm mstemm requested a review from Kaizhe Apr 12, 2019


Kaizhe approved these changes Apr 12, 2019

Copy link

left a comment


@mstemm mstemm merged commit 0e31ae5 into dev Apr 12, 2019

2 checks passed

Travis CI - Branch Build Passed
Travis CI - Pull Request Build Passed

@mstemm mstemm deleted the rules-changes-2019-04.v6 branch Apr 12, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.