suricata-update icon indicating copy to clipboard operation
suricata-update copied to clipboard

Published 20 hours ago verified publisher icon OISF

Support for multiple conditions to match a rule

Open securitym0nkey opened this issue 6 years ago • 0 comments

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [x] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
  • [x] have signed the Open Information Security Foundation contribution agreement at https://suricata-ids.org/about/contribution-agreement/
  • [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

redmine issue 2509:

Describe changes:

This adds support to specify multiple conditions to match a rule in {enable,disable}.conf.

Syntax: multi:<match_condition1>;<match_conditios2>;...<match_conditionN>;

Example: Enable all rules including the term "nmap" bust just from the "emerging-scan.rules" file.

multi:filename:rule/emerging-scan.rules; re:nmap;

securitym0nkey avatar Jun 02 '18 19:06 securitym0nkey