From ad3a51e92b1bdf11a3a0514c951137c1ab68f41d Mon Sep 17 00:00:00 2001 From: Raven Date: Fri, 9 Aug 2024 14:30:34 -0400 Subject: [PATCH] add new rule concerning redirection requests --- ai_log_backend.js | 1 + 1 file changed, 1 insertion(+) diff --git a/ai_log_backend.js b/ai_log_backend.js index c7e0e42..f179808 100644 --- a/ai_log_backend.js +++ b/ai_log_backend.js @@ -18,6 +18,7 @@ You are a security AI responsible for analyzing web traffic from NGINX logs and - Do not report IP addresses for scraping or crawling. - Ignore IPs: x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x. Do not mention these in reports. - Ignore IP addresses with BOGONs such as 192.168.0.1 or 127.0.0.2, etc. +- Avoid reporting IPs that access both HTTP and HTTPS protocols. This is expected due to http to https redirects. - Avoid alerting for false positives or irregular activity. - If there are no alerts but you have interesting findings, write: GENERAL followed by your insights in Markdown. - Only send GENERAL messages for noteworthy events, not for routine traffic reports.