https://docs.mitigator.ru/v26.04/en/tags/signatures/ Recent content in Signatures on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/classic/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/classic/ The mechanism analyzes L4 payload from the dump and extracts traffic signatures. Payload Analyzer accepts traffic dumps in PCAP or PCAPNG formats as input. It is necessary to specify the parameters for building a decision tree: Decisions — the maximum nesting of the branch. Determines the search depth in the process of building a decision tree. Decision type — is an algorithm for building a decision tree. First suitable decision — search for the first suitable solution; All possible decisions — search for all possible solutions within the specified variability and maximum nesting level; Decision of minimum length — traversal along the minimum length branches regardless of the solution completeness. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/multipurpose/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/multipurpose/ Multipurpose Analyzer analyzes L3/L4 headers and L4 payload. Traffic dumps in PCAP or PCAPNG formats are accepted as input. Multipurpose Analyzer capabilities: Generate signatures for L4 payload in various ways. Create visualization of the contents of the dump. It can be useful for understanding the traffic structure, as it allows you to visually identify patterns in it. Create a longogram — an image showing the distribution of packet sizes by their number over a certain time interval. https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/psg/psg-analysis/rts-tree/ ACL Rules Generator analyzes dumps of legitimate traffic and attack traffic and generates a set of ACL filtering rules. IP, TCP, UDP and ICMP protocol packets are analyzed. Traffic dumps are selected from the drop-down list, for which they must be previously uploaded to the service on the Uploads tab. Optionally, you can specify additional dumps on which the rules obtained during the analysis will be tested. If no additional dumps are specified, then the training dumps are divided proportionally into a training part and a test part.