possible to tailor the SDF combination alert message, or override with custom rule?

[Sean <sean.barmettler () gmail com>]

Preemptive apologies if this is answered elsewhere, as I didnt find it.

Simple enough questions:
* is it possible to tailor the equivalence of the "msg" portion of SDF
output matches?  IE:
SDF Combination Alert [**] [Classification: Senstive Data]should ideally be
"alert: credit card transaction in clear text" or something more specific

* is it possible to override the SDF engine with a local rule?  thus far
i've been unsuccessful with that using PCRE, exact match, content, etc.

thanks in advance.

Sean

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!