Project

General

Profile

Actions

Bug #3350

closed

--engine-analysis not understanding transforms

Added by Victor Julien almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

== Sid: 88 ==
alert dns any any -> any any (dns.query; to_md5; to_sha256; content:"ABCD"; sid:88;)
    App layer protocol is dns.
    Rule contains 1 content options, 0 http content options, 0 pcre options, and 0 pcre options with http modifiers.
    Fast Pattern "ABCD" on "" buffer.
    Warning: TCP rule without a flow or flags option.
             -Consider adding flow or flags to improve performance of this rule.

== Sid: 99 ==
alert http any any -> any any (flow:to_server; http_header_names; compress_whitespace; strip_whitespace; content:"|0d 0a|Host|0d 0a|Connection|0d 0a|"; sid:99;)
    App layer protocol is http.
    Rule contains 1 content options, 0 http content options, 0 pcre options, and 0 pcre options with http modifiers.
    Fast Pattern "\x0D\x0AHost\x0D\x0AConnection\x0D\x0A" on "" buffer.
    Warning: Rule app layer protocol is http, but content options do not have http_* modifiers.
             -Consider adding http content modifiers.
    Warning: TCP rule without a flow or flags option.
             -Consider adding flow or flags to improve performance of this rule.

This is with https://github.com/OISF/suricata/pull/4373
Actions

Also available in: Atom PDF