Project

General

Profile

Actions
Copy link

Feature #727

closed
AS AS

Explore the support for negated alprotos in sigs.

Feature #727: Explore the support for negated alprotos in sigs.

Added by Anoop Saldanha about 13 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Anoop Saldanha
Target version:
2.0beta2
Effort:
Difficulty:
Label:

Description

Explore the support for the use of negated alprotos in sigs -

alert !alproto ...

VJ Updated by Victor Julien about 13 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Target version set to 2.0rc2

I think I would prefer to have this as a regular rule keyword. Esp since then you would be able to do something like:

alert tcp .... (alproto:!ftp; alproto:!http;)

AS Updated by Anoop Saldanha about 13 years ago Actions
Copy link
 #2

Yeah, sounds good.

Maybe app-layer-protocol, since we have app-layer-event?

VJ Updated by Victor Julien about 13 years ago Actions
Copy link
 #3

Sure.

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
 #5

  • Target version changed from 2.0rc2 to 2.0beta2
Actions
Copy link

Also available in: PDF Atom