<div dir="ltr">Hi Victor,<div><br></div><div>Thanks for the prompt reply, xbits solved my problem. :)</div><div><br></div><div>-</div><div>Thanks</div><div>Amit</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 24, 2016 at 10:23 PM, Victor Julien <span dir="ltr"><<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 24-08-16 18:52, amit zala wrote:<br>
> Hello Signature-writers/developers,<br>
><br>
> Snort provides activates/activated_by as a post-detection rule_option.<br>
> You can read more about it here<br>
> (<a href="http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html" rel="noreferrer" target="_blank">http://manual-snort-org.s3-<wbr>website-us-east-1.amazonaws.<wbr>com/node34.html</a>)<br>
><br>
> Does suricata have this functionality? I tried to search it into<br>
> suricata user guide, but I was not able to find it.<br>
><br>
> Basically , I want to trigger rule only if other rule has been<br>
> triggered. I can not use flowbits, because detection is being done on IP<br>
> protocol.<br>
><br>
> Any help/pointer will be much appreciated.<br>
<br>
</span>No, those options are not implemented.<br>
<br>
You could perhaps try xbits to set per ip pair or per host bits.<br>
<br>
--<br>
------------------------------<wbr>---------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" rel="noreferrer" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" rel="noreferrer" target="_blank">http://www.inliniac.net/<wbr>victorjulien.asc</a><br>
------------------------------<wbr>---------------<br>
<br>
______________________________<wbr>_________________<br>
Suricata IDS Devel mailing list: <a href="mailto:oisf-devel@openinfosecfoundation.org">oisf-devel@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Participate: <a href="http://suricata-ids.org/participate/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>participate/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-devel</a><br>
Redmine: <a href="https://redmine.openinfosecfoundation.org/" rel="noreferrer" target="_blank">https://redmine.<wbr>openinfosecfoundation.org/</a><br>
Developer Training in Paris Sept 12-16: <a href="http://suricata-ids.org/training/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>training/</a></blockquote></div><br></div>