[Snort-sigs] Connecting signatures?

Chris Kronberg smil at ...1754...
Sun Aug 29 00:03:00 EDT 2004


   Hi,


   I'm trying to find a way to write rules provding the following:
   Rule1 fires and sets another rule active, which fires on the
   following traffic (if the criteria are met). Rule2 should never
   fire without rule1 firing first.
   First I thought, I can do that with tagging but it seems that
   tagging only allows me to save more of the triggered connection
   for a later analysis (which is a fine thing in itself).
   Is there any way to accomplish something like that?

   Cheers,


                                                  Chris Kronberg.





More information about the Snort-sigs mailing list