Bug #7772: flowbits: no-op set and isset combinations are accepted - Suricata - Open Information Security Foundation

Actions

Bug #7772

open

Bug #7638: detect: incorrect rule ordering with more complex flowbit chains

Added by Shivani Bhardwaj 2 days ago. Updated 1 day ago.

Status:

In Review

Priority:

High

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

low

Label:

Description

For example, rules like

alert tcp any any -> any any (msg:"set + isset flowbit"; http.method; content:"GET"; flowbits:set,abc; flowbits:isset,abc; sid:111)

Actions

Also available in: Atom PDF