2437 lines
85 KiB
JSON
2437 lines
85 KiB
JSON
{
|
|
"compile_table": "TSG_COMPILE",
|
|
"group2compile_table": "TSG_GROUP_COMPILE_RELATION",
|
|
"group2group_table": "TSG_GROUP_GROUP_RELATION",
|
|
"rules": [
|
|
{
|
|
"compile_id": 1,
|
|
"service": 0,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"group_name":"OBJ_DST_IP_ADDR",
|
|
"virtual_table":"TSG_SECURITY_SOURCE_ADDR",
|
|
"not_flag" : 0,
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "0.0.0.0",
|
|
"ip2": "255.255.255.255",
|
|
"port_format": "range",
|
|
"port1": "0",
|
|
"port2": "0",
|
|
"protocol": 0,
|
|
"direction": "double"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 2,
|
|
"service": 0,
|
|
"action": 16,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"group_name": "OBJ_DST_IP_ADDR",
|
|
"virtual_table": "TSG_SECURITY_SOURCE_ADDR",
|
|
"not_flag": 0,
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "0.0.0.0",
|
|
"ip2": "255.255.255.255",
|
|
"format": "range",
|
|
"port1": "0",
|
|
"port2": "0",
|
|
"protocol": 0,
|
|
"direction": "double"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 3,
|
|
"service": 0,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "0.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_TUNNEL",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_TUNNEL_ID",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 900,
|
|
"up_boundary": 1003
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 4,
|
|
"service": 0,
|
|
"action": 16,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "0.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_TUNNEL",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_TUNNEL_ID",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 900,
|
|
"up_boundary": 1003
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 5,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_HOST",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "http_host_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 6,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_HOST_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1002,
|
|
"up_boundary": 1003
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 7,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_URL",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_URL",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "http_url_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 8,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_REQ_HDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr_plus",
|
|
"table_name": "TSG_OBJ_HTTP_SIGNATURE",
|
|
"table_content": {
|
|
"district": "Content-Type",
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "application/json;charset=UTF-8",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 9,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_RES_HDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr_plus",
|
|
"table_name": "TSG_OBJ_HTTP_SIGNATURE",
|
|
"table_content": {
|
|
"district": "Cookie",
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "GeoIP=HK:::22.26:114.17:v4;enwikimwuser-sessionId=d8fe6d620b7c8db3e5db;WMF-Last-Access=16-Jan-2023;WMF-Last-Access-Global=16-Jan-2023;",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 10,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 2,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_REQ_BODY",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "TSG_FIELD_HTTP_REQ_BODY_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 11,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 2,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"HTTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_HTTP_RES_BODY",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "TSG_FIELD_HTTP_RES_BODY_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 12,
|
|
"service": 3,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_SNI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_sni_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 13,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_SNI_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1002,
|
|
"up_boundary": 1003
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 14,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_CN",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_cn_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 15,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_CN_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1005,
|
|
"up_boundary": 1006
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 16,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_SAN",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_san_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 17,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_SSL_SAN_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 18,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"DNS\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_DNS_QNAME",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "dns_qname_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 19,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"DNS\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_DNS_QNAME_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1009,
|
|
"up_boundary": 1010
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 20,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"QUIC\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_QUIC_SNI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "quic_sni_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 21,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"QUIC\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_QUIC_SNI_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1011,
|
|
"up_boundary": 1012
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 22,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_ACCOUNT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "username_policy_id_1@gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 23,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_FROM",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "username_policy_id_1@gtest.com_from",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 24,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_TO",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "username_policy_id_1@gtest.com_to",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 25,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_SUBJECT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_25_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 26,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_CONTENT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_26_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 27,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_ATT_NAME",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_27_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 28,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_MAIL_ATT_CONTENT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_28_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 29,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"FTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_FTP_URI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_URL",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ftp_url_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 30,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"MAIL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_FTP_CONTENT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_30_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 31,
|
|
"service": 3,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"FTP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_FTP_ACCOUNT",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "subjet_policy_id_31_gtest.com",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 32,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_SOURCE_ADDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "255.255.255.254",
|
|
"ip2": "255.255.255.254",
|
|
"port_format": "range",
|
|
"port1": "0",
|
|
"port2": "30001",
|
|
"protocol": 6
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 33,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_SOURCE_ADDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "255.255.255.254",
|
|
"ip2": "255.255.255.254",
|
|
"port_format": "range",
|
|
"port1": "30001",
|
|
"port2": "65535",
|
|
"protocol": 17
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 34,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_DESTINATION_ADDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "255.255.255.253",
|
|
"ip2": "255.255.255.253",
|
|
"port_format": "range",
|
|
"port1": "0",
|
|
"port2": "30000",
|
|
"protocol": 6
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 35,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "2.111",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_DESTINATION_ADDR",
|
|
"regions": [
|
|
{
|
|
"table_type": "ip_plus",
|
|
"table_name": "TSG_OBJ_IP_ADDR",
|
|
"table_content": {
|
|
"addr_type": "ipv4",
|
|
"addr_format": "range",
|
|
"ip1": "255.255.255.253",
|
|
"ip2": "255.255.255.253",
|
|
"port_format": "range",
|
|
"port1": "30001",
|
|
"port2": "65535",
|
|
"protocol": 17
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 36,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_SOURCE_ASN",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_AS_NUMBER",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "source_asn_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 37,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_DESTINATION_ASN",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_AS_NUMBER",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "destination_asn_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 38,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_SOURCE_LOCATION",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_GEO_LOCATION",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "country_full_test..city_full_test..",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 39,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_DESTINATION_LOCATION",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_GEO_LOCATION",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "country_full_test..city_full_test..",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 40,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"VOIP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "sip_region_buff_SIP_ORIGINATOR_DESCRIPTION",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 41,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"VOIP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_SIP_RESPONDER_DESCRIPTION",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_ACCOUNT",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "sip_region_buff_SIP_RESPONDER_DESCRIPTION",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 42,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FILED_GTP_IMSI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_IMSI",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "gtp_imsi_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 43,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FILED_GTP_PHONE_NUMBER",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_PHONE_NUMBER",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "13766688899",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 44,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FILED_GTP_APN",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_APN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "gtp_apn_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 45,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_DECYPTION_EXCLUSION_SSL_SNI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "DECYPTION_EXCLUSION_SSL_SNI_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 46,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "0.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_TUNNEL",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_TUNNEL_ID",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 4,
|
|
"up_boundary": 6
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 47,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "0.0",
|
|
"groups": [
|
|
{
|
|
"group_name": "flags",
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_SECURITY_FLAG",
|
|
"regions": [
|
|
{
|
|
"table_type": "flag",
|
|
"table_name": "TSG_OBJ_FLAG",
|
|
"table_content": {
|
|
"flag": 8,
|
|
"flag_mask": 8
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 48,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"virtual_table": "TSG_FIELD_DTLS_SNI",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_FQDN",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "dtls_sni_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 49,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"DTLS\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "TSG_FIELD_DTLS_SNI_CAT",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_FQDN_CAT",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 50,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.payload.c2s_first_data",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_tcp_c2s_first_payload",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 51,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.payload.s2c_first_data",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_tcp_s2c_first_payload",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 52,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.payload.c2s_first_data_len",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_INTERVAL",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 53,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.payload.s2c_first_data_len",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_INTERVAL",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 54,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.payload",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_tcp_payload",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 55,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.syn.fingerprint",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_tcp_syn_fingerprint",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 56,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"TCP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "tcp.sack.fingerprint",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_tcp_sack_fingerprint",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 57,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"UDP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "udp.payload.c2s_first_data",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_udp_payload_c2s_first_data",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 58,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"UDP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "udp.payload.s2c_first_data",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_udp_payload_s2c_first_data",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 59,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"UDP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "udp.payload.c2s_first_data_len",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_INTERVAL",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 60,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{\"protocol\":\"UDP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "udp.payload.s2c_first_data_len",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_INTERVAL",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 61,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"UDP\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "udp.payload",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "test_udp_payload",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 62,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.analysis.ja3",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_analysis_ja3_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 63,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.cert.fingerprint",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_cert_fingerprint_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 64,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.cert.serial_number",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_cert_serial_number_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 65,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.issuer_common_name",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_issuer_common_name_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 66,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.issuer_organization_name",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_issuer_organization_name_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 67,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.issuer_country_name",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_issuer_country_name_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 68,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.subject_country_name",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_subject_country_name_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 69,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.subject_organization_name",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_subject_organization_name_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 70,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.not_valid_before",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_not_valid_before_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 71,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.not_valid_after",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_not_valid_after_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 72,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"effective_rage": 0,
|
|
"user_region": "{\"protocol\":\"SSL\"}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "ssl.handshake.certificate.algorithm_id",
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "TSG_OBJ_KEYWORDS",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "ssl_handshake_certificate_algorithm_id_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 73,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"virtual_table": "general.session.analysis.app_id",
|
|
"regions": [
|
|
{
|
|
"table_name": "TSG_OBJ_APP_ID",
|
|
"table_type": "interval",
|
|
"table_content": {
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 74,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"regions": [
|
|
{
|
|
"table_type": "expr_plus",
|
|
"table_name": "APP_SIG_SESSION_ATTRIBUTE_STRING",
|
|
"table_content": {
|
|
"district": "SIG_SEESION",
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "sig_session_attribute_string_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 75,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"regions": [
|
|
{
|
|
"table_type": "expr",
|
|
"table_name": "APP_SIG_SESSION_ATTRIBUTE_FLAG",
|
|
"table_content": {
|
|
"format": "uncase plain",
|
|
"match_method": "complete",
|
|
"keywords": "sig_session_attribute_flag_test",
|
|
"expr_type": "none"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"compile_id": 76,
|
|
"service": 2,
|
|
"action": 1,
|
|
"do_blacklist": 0,
|
|
"do_log": 1,
|
|
"tags": "{}",
|
|
"user_region": "{}",
|
|
"is_valid": "yes",
|
|
"evaluation_order": "10.0",
|
|
"groups": [
|
|
{
|
|
"not_flag": 0,
|
|
"clause_index": 0,
|
|
"regions": [
|
|
{
|
|
"table_name": "APP_SIG_SESSION_ATTRIBUTE_INTEGER",
|
|
"table_type": "intval_plus",
|
|
"table_content": {
|
|
"district": "SIG_SEESION",
|
|
"low_boundary": 1007,
|
|
"up_boundary": 1008
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"plugin_table": [
|
|
{
|
|
"table_name": "APP_ID_DICT",
|
|
"table_content": [
|
|
"67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1",
|
|
"68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1",
|
|
"4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
|
"199\tssl\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
|
"240\tyoutube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
|
"15009\tuser_define_youtube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
|
"1500\tbuilt_in_youtube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
|
"70\thttps\t1\tssl\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID",
|
|
"table_content": [
|
|
"1\t111039813\t460045157065560\t861440152009856\t111039813.cmiott.gxqli.mcto60g.com\t8626070583075127\t1",
|
|
"2\t111052899\t460045157053102\t861440152041083\t111052899.cmiott.wkctf.mcto60g.com\t8626070583008402\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_IP_ASN_BUILT_IN",
|
|
"table_content": [
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_IP_ASN_USER_DEFINED",
|
|
"table_content": [
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_IP_LOCATION_BUILT_IN",
|
|
"table_content": [
|
|
"6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1",
|
|
"3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_IP_LOCATION_USER_DEFINED",
|
|
"table_content": [
|
|
"371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_FQDN_CATEGORY_BUILT_IN",
|
|
"table_content": [
|
|
"106285681\t4\t106285681.201198.com\t1\t1",
|
|
"106285682\t5\t106285682.201198.com\t1\t1",
|
|
"106285688\t8\t106285688.201198.com\t1\t1",
|
|
"106285689\t9\t106285689.201198.com\t1\t1",
|
|
"106285690\t9\t106285689.201198.com\t1\t1",
|
|
"106285691\t10\t1106285683.201198.com\t1\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_FQDN_CATEGORY_USER_DEFINED",
|
|
"table_content": [
|
|
"1106285681\t4\t1106285681.201198.com\t1\t1",
|
|
"1106285682\t5\t1106285682.201198.com\t1\t1",
|
|
"1106285683\t6\t1106285683.201198.com\t1\t1",
|
|
"1106285684\t7\t1106285684.201198.com\t1\t1",
|
|
"1106285685\t7\t1106285684.201198.com\t1\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_TUNNEL_CATALOG",
|
|
"table_content": [
|
|
"977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1",
|
|
"978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_TUNNEL_ENDPOINT",
|
|
"table_content": [
|
|
"989\t4\t192.50.0.0\t192.50.255.255\ttest\t1",
|
|
"990\t4\t192.50.0.0\t192.50.255.255\ttest\t1",
|
|
"991\t4\t192.40.128.0\t192.40.255.255\ttest\t1",
|
|
"992\t4\t192.40.0.0\t192.40.127.255\ttest\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_TUNNEL_LABEL",
|
|
"table_content": [
|
|
"15560\t15560\tVLAN_ID\t1",
|
|
"15561\t15561\tVLAN_ID\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_DYN_SUBSCRIBER_IP",
|
|
"table_content": [
|
|
"1299\t4\t192.168.56.28\ttest5628\t1",
|
|
"1300\t4\t192.168.56.27\ttest5627\t1",
|
|
"1301\t6\t1030::C9B4:FF12:48AA:1A2B\ttest5630\t1",
|
|
"1302\t6\t1030::C9B4:FF12:3799:1A2B\ttest5629\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_PROFILE_DNS_RECORDS",
|
|
"table_content": [
|
|
"8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1",
|
|
"7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1",
|
|
"7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
|
|
"table_content": [
|
|
"957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1",
|
|
"958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "TSG_PROFILE_TRAFFIC_MIRROR",
|
|
"table_content": [
|
|
"845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1",
|
|
"123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1"
|
|
]
|
|
},
|
|
{
|
|
"table_name": "T_VSYS_INFO",
|
|
"table_content": [
|
|
"6\t1\t1"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
|
|
|
|
|