Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rule with noalert

From: Lionel PRAT <lionel.prat9 () gmail com>
Date: Wed, 1 Feb 2012 09:24:41 +0100
Hi,

Does anyone would be if it is possible to write a rule with a snort
flowbit. I am looking for a web request and then inside of a string
result. My rule is already written and works well. I set the first
rule that set the flowbit another flowbit no alert. The first rule is
often called (noalert). But I would like to arrive to retrieve the
first event of an alert if the 2nd rule is valid. Is that possible?

Thank you

Lionel PRAT

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: