Feature #727: Explore the support for negated alprotos in sigs. - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #727

closed

Explore the support for negated alprotos in sigs.

Added by Anoop Saldanha over 11 years ago. Updated over 10 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

2.0beta2

Effort:

Difficulty:

Label:

Description

Explore the support for the use of negated alprotos in sigs -

alert !alproto ...

Actions

Copy link

Updated by Victor Julien about 11 years ago

Status changed from New to Assigned
Target version set to 2.0rc2

I think I would prefer to have this as a regular rule keyword. Esp since then you would be able to do something like:

alert tcp .... (alproto:!ftp; alproto:!http;)

Actions

Copy link

Updated by Anoop Saldanha about 11 years ago

Yeah, sounds good.

Maybe app-layer-protocol, since we have app-layer-event?

Actions

Copy link

Updated by Victor Julien about 11 years ago

Sure.

Actions

Copy link

Updated by Anoop Saldanha over 10 years ago

Status changed from Assigned to Closed

Feature submitted -

https://github.com/inliniac/suricata/pull/567
https://buildbot.suricata-ids.org/builders/poona/builds/9

Actions

Copy link

Updated by Victor Julien over 10 years ago

Target version changed from 2.0rc2 to 2.0beta2

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #727

Explore the support for negated alprotos in sigs.

Updated by Victor Julien about 11 years ago

Updated by Anoop Saldanha about 11 years ago

Updated by Victor Julien about 11 years ago

Updated by Anoop Saldanha over 10 years ago

Updated by Victor Julien over 10 years ago