Skip to main content
Engineering, Backend

Network IDS Ruleset Management with Aristotle v2

February 29 / Global
Featured image for Network IDS Ruleset Management with Aristotle v2
Image
Figure 1: IDS Ruleset Update Process.
Image
Figure 2: Aristotle v2 components.
Image
Figure 3: detection_direction values and conditions.
Image
Figure 4: PFMod action syntax for setting arbitrary integer-based metadata.
Image
Figure 5: Example PFMod actions setting arbitrary integer-based metadata key-value pairs.
Image
Figure 6: Example file using include to load multiple PFMod files.
Image
Figure 7: Example PFMod file with rules specified.
David Wharton

David Wharton

David Wharton is a Staff Security Engineer on the Threat Detection team, part of Uber's larger Cyber Defense organization. In addition to creating Aristotle v2, Aristotle v1, and the BETTER schema, he has crafted and reviewed tens of thousands of IPS rules which over the years have blocked tens of billions of malicious packets.

Posted by David Wharton