This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhilFinn
Beginner
Beginner
since ‎2014-01-03
‎2021-02-19

User Statistics

  • 32 Posts
  • 1 Solutions
  • 1 Likes given
  • 0 Likes received

User Activity

Informer Rule Not Working Properly

2014-02-25
Can anyone help me with this rule, it is not working properly: Select: ip.dstWhere: ip.src=10.10.10.10Then: lookup_and_add('ip.src','ip.dst',5); lookup_and_add('size','ip.dst',5); lookup_and_add('ip.dstport','ip.dst',5); lookup_and_add('payload','ip....

Updating Custom Feeds

2014-02-24
OK I have successfully created several custom feeds for things like bad IP or Bad Domain. Now I have to keep these feeds up-to-date on a regular basis. Can I just recomplied the .feed file and upload it and the CSV file to the decoders, then restart ...

Regex to many hits

2014-02-12
I am trying to create an Informer rule that will feed a Informer alert. I am basically looking for a direct to IP http connection followed by a query string that contains a "/" followed by 44 alpha or numeric string. This is what I wrote as the rule:...

CVE-2014-0497 Help

2014-02-07
Does anyone have rule ideas for detecting this CVE. I have searched for extension=swf but that as i am sure you guessed was to broad. Since this is in the wild any help you could provide on this one would be great. Phil

Searching for a specific packet size

2014-02-05
Is there a way to search for a specific packet size in Netwitness?
View more
Likes given to
View all
© 2022 RSA Security LLC or its affiliates. All rights reserved.