Actions
Feature #727
closedExplore the support for negated alprotos in sigs.
Effort:
Difficulty:
Label:
Description
Explore the support for the use of negated alprotos in sigs -
alert !alproto ...
Actions
Added by Anoop Saldanha almost 13 years ago. Updated about 12 years ago.
Description
Explore the support for the use of negated alprotos in sigs -
alert !alproto ...
I think I would prefer to have this as a regular rule keyword. Esp since then you would be able to do something like:
alert tcp .... (alproto:!ftp; alproto:!http;)
Yeah, sounds good.
Maybe app-layer-protocol, since we have app-layer-event?