[Discussion] Submitted Ideas

• Previous message (by thread): [Discussion] Submitted Ideas
• Next message (by thread): [Discussion] Submitted Ideas
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2009-02-05 at 07:25 +0100, Victor Julien wrote:
> Same here, for all of them though, except the alert message substitution
> and on the fly rule updates...
> 
> It all sounds very interesting... if I only knew what it meant ;-)

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"GET request
for $VAR1 detected."; content:"GET "; depth:4;
assignvar:offset_4,depth_100,until_space,to_VAR1;)

Request "GET /sumthin" results in alert message: "GET request
for /sumthin detected."

Or something like that... :)

Cheers,
Frank

• Previous message (by thread): [Discussion] Submitted Ideas
• Next message (by thread): [Discussion] Submitted Ideas
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]