[Oisf-wg-ruleslanguage] YAML
Matt C
mbc8434 at gmail.com
Fri Aug 7 13:25:46 UTC 2009
In the rules language I think this could be very useful:
http://en.wikipedia.org/wiki/YAML#Relational_trees
Basically you define one rule, and then subsequent rules could reference the
base rule, only providing changes. Say for example 500 snort rules all have
the same header, "alert tcp $EXTERNAL_NET any -> $HOME_NET any". Why
specify that on every single rule? Why not specify the header on one rule,
and then reference that rule from all of the other rules?
Matt C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-wg-ruleslanguage/attachments/20090807/281cdd9e/attachment-0002.html>
More information about the Oisf-wg-ruleslanguage
mailing list