Analysis Center Evasive Attack Filter Conditions

Problem Description

Troubleshooting Analysis Center – Evasive Attack Filter Conditions in Log Search

solution

src_classify1_id:5 AND dst_classify1_id:(1 OR 6 OR 9 OR 10 OR 11) AND rule_major_type:3 AND rule_minor_type:60 AND reliability:2
The STA is the sta selected on the Evasive Attack page. The hole_id is ips or waf. Refer to the rule id below hole_id.txt ( 0.15M  )

Original Link

https://support.sangfor.com.cn/cases/list?product_id=24&type=1&category_id=25398&isOpen=true