[Snort-sigs] And-ing content

Erik Fichtner emf at ...4...
Wed Jun 12 08:04:09 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jun 12, 2002 at 10:32:04AM -0400, Chris Green wrote:
> > Can boolean ANDs be done with the content option?  If so, what is
> > the
> 
> content: "a"; content: "b"; checks for them in the same datablock.
> 
> for boolean OR, write multiple rules :)

Now if we only had a NOT in the same rule, or some way to decide to 
alert or pass based on the result of multiple rules.   ;)

- -- 
Erik Fichtner
Security Administrator, ServerVault Corp.
703-652-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE9B2K1Q7EzrewLMS0RAhYFAJ9j+wvNIp4KSA+BaA3CpYksmpWghwCg1VXb
89XdFu70vjnC6Q4v9KzzY7k=
=ZM4E
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list