Server

The 'server' configuration has the following format:

"server": ""

When an decoy is triggered, the solution tries to retrieve the name of the server to populate the corresponding field in the alert. The server name is retrieved dynamically through the technical parameter 'requested_server_name' which may or may not resolve properly depending on where the solution is deployed. Namely, the returned value is an empty string when running in docker-compose.

If the server parameter is configured, then its value will overwrite any possible value returned by the 'requested_server_name' parameter. This can be useful to set a server name in situations where no name can be retrieved automatically, or if the retrieved value cannot be used for internal attribution (for example, if the name is auto-generated and has no semantic meaning).

Home
Main Configuration guide
- Session
- Username
- Server
- Respond
- BlocklistReload
Decoy Configuration guide
- General structure
- Decoy
- Inject
- Detect
  - Alert
  - Respond
    - Divert
- Alert events
- Response events
- Dos and don'ts
- Summary
- Examples
  - Catalog
Developer Guide

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Server

Clone this wiki locally