[Snort-sigs] Rule with noalert

Lionel PRAT lionel.prat9 at ...2420...
Wed Feb 1 03:24:41 EST 2012


Hi,

Does anyone would be if it is possible to write a rule with a snort
flowbit. I am looking for a web request and then inside of a string
result. My rule is already written and works well. I set the first
rule that set the flowbit another flowbit no alert. The first rule is
often called (noalert). But I would like to arrive to retrieve the
first event of an alert if the 2nd rule is valid. Is that possible?

Thank you

Lionel PRAT




More information about the Snort-sigs mailing list