! Local site policy. Customize as appropriate.
This file will not be overwritten when upgrading or reinstalling! This script logs which scripts were loaded during each run. 此脚本记录每个运行期间加载的脚本。 @load misc/loaded-scripts
Apply the default tuning scripts for common tuning settings. @load tuning/defaults
Estimate and log capture loss. @load misc/capture-loss
Enable logging of memory, packet and lag statistics. @load misc/stats
Load the scan detection script. @load misc/scan
路由跟踪是运行在网络上的,当网络中有很多连接的时候会影响路由器的性能,谨慎开启。 performance trouble when there are a lot of traceroutes on your network. Enable cautiously. @load misc/detect-traceroute
当发现易受攻击的软件版本时发布通知。 Generate notices when vulnerable versions of software are discovered. The default is to only monitor software found in the address space defined as “local”. Refer to the software framework’s documentation for more information. @load frameworks/software/vulnerable
*检测软件的变化 Detect software changing (e.g. attacker installing hacked SSHD).* @load frameworks/software/version-changes
This adds signatures to detect cleartext forward and reverse windows shells. @load-sigs frameworks/signatures/detect-windows-shells
Load all of the scripts that detect software in various protocols. @load protocols/ftp/software @load protocols/smtp/software @load protocols/ssh/software @load protocols/http/software *The detect-webapps script could possibly cause performance trouble when running on live traffic. Enable it cautiously. 在网络环境中使用检测程序脚本可能导致性能故障,谨慎开启。* @load protocols/http/detect-webapps
This script detects DNS results pointing toward your Site::local_nets where the name is not part of your local DNS zone and is being hosted externally. Requires that the Site::local_zones variable is defined. @load protocols/dns/detect-external-names
Script to detect various activity in FTP sessions. @load protocols/ftp/detect
Scripts that do asset tracking. @load protocols/conn/known-hosts @load protocols/conn/known-services @load protocols/ssl/known-certs
*This script enables SSL/TLS certificate validation. SSL / TLS证书验证* @load protocols/ssl/validate-certs
*This script prevents the logging of SSL CA certificates in x509.log x509.log SSL记录CA证书* @load protocols/ssl/log-hostcerts-only
Uncomment the following line to check each SSL certificate hash against the ICSI certificate notary service; @load protocols/ssl/notary
If you have libGeoIP support built in, do some geographic detections and logging for SSH traffic. @load protocols/ssh/geo-data
Detect hosts doing SSH bruteforce attacks. @load protocols/ssh/detect-bruteforcing
Detect logins using “interesting” hostnames. @load protocols/ssh/interesting-hostnames
Detect SQL injection attacks. @load protocols/http/detect-sqli
Enable MD5 and SHA1 hashing for all files. @load frameworks/files/hash-all-files
Detect SHA1 sums in Team Cymru’s Malware Hash Registry. @load frameworks/files/detect-MHR
Uncomment the following line to enable detection of the heartbleed attack. Enabling *心脏滴血漏洞检测 this might impact performance a bit. 对性能有一些影响* @load policy/protocols/ssl/heartbleed
*Uncomment the following line to enable logging of connection VLANs. Enabling this adds two VLAN fields to the conn.log file. 连接到局域网的时候,记录这一事件到日志中,日志中会增加两个字段* @load policy/protocols/conn/vlan-logging
*Uncomment the following line to enable logging of link-layer addresses. Enabling this adds the link-layer address for each connection endpoint to the conn.log file. 日志记录链路层连接的地址* @load policy/protocols/conn/mac-logging
*Uncomment the following line to enable the SMB analyzer. 以下脚本用来开启SMB分析 The analyzer is currently considered a preview and therefore not loaded by default.*