Hi Dear community.
I'm now reading on the "Variables" option on ESM
Can someone explain the fallowing ?!
Thank you very much.
You can detect and alert on TCP protocol anomalies and check to TCP session hijacking using the Stream5 preprocessor variable.
To detect and alert on TCP protocol anomalies, add detect_anomalies after policy first.
To check for TCP session hijacking, add detect_anomalies check_session_hijacking after policy first.