The following rules illustrate how to use different functions to set or retrieve values in various metadata fields.
-
Alarm for HTTPS Protocol Mismatch -
Capture Traffic from Specific IPs -
Classify Custom Networks -
Classify Newegg Traffic -
Detect Applications in Flow -
Detect External Network Traffic -
Detect Protocol Mismatch -
Detect Reverse PowerShell -
Detect SMTP Domain Mismatch -
Detect TLS Version -
Display Hex Dump for DNS Traffic -
Get Content in Flow -
Get FTP Data Content in Flow -
Get Metadata Fields from DpiMessage (String, Int, Long) -
Get or Set Custom Fields -
Get Packet Length -
Get Packet String -
Get Payload Length -
Get SMTP Content in Flow -
Get Strings as Table -
Get VLAN Offset -
Trigger User Alarms