You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many examples in OISF ruleset[0] primarily stream-event, app-layer-event, decoder-event etc.)
Probably most of these can just be tags? Documentation is rather sparse on some of these.
s := `alert tcp any any -> any 80 (msg:"SURICATA Port 80 but not HTTP"; flow:to_server; app-layer-protocol:!http; sid:2271002; rev:1;)`
_, err := gonids.ParseRule(s)
if err != nil {
fmt.Println(err)
}
outputs
no valid value for app-layer-protocol tag
although it is valid value for app-layer-protocol (as seen in Suricata docs).
Many examples in OISF ruleset[0] primarily stream-event, app-layer-event, decoder-event etc.)
Probably most of these can just be tags? Documentation is rather sparse on some of these.
[0] https://github.com/OISF/suricata/tree/master/rules
The text was updated successfully, but these errors were encountered: