[Snort-users] Logical AND in rule options, in particular in content option.

Nick Stanescu Nick at ...553...
Mon Oct 2 20:50:16 EDT 2000


Hi,

	Is it possible to have a rule similar to this:
alert tcp $HOME_NET 80 -> !$HOME_NET any (msg: "Alert: text found";
content:"string1" && "string2"; nocase;)
	logging and alerting only when packets contain both string1 AND
string2?!

Thanks,
-n



More information about the Snort-users mailing list