[Snort-users] Pattern Match in Content
danf at ...1406...
Tue Feb 26 14:18:15 EST 2002
Does anyone know of a way to pattern match in the content option of a
rule. I have read the Regex option and think this is the way to do it. I
am trying to match a part number format of XX-XXX-XXXX.
Would this come at a high cost in terms of overhead? Does this example
(flags: A+; content: "**-***-****"; regex; msg: "Internal Part Number";)
More information about the Snort-users