[Oisf-devel] Does suricata have "activates/activated_by" as a rule option?
amit zala
impmails67 at gmail.com
Wed Aug 24 16:52:20 UTC 2016
Hello Signature-writers/developers,
Snort provides activates/activated_by as a post-detection rule_option. You
can read more about it here (
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html)
Does suricata have this functionality? I tried to search it into suricata
user guide, but I was not able to find it.
Basically , I want to trigger rule only if other rule has been triggered. I
can not use flowbits, because detection is being done on IP protocol.
Any help/pointer will be much appreciated.
Thanks
Amit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160824/fd2f740b/attachment.html>
More information about the Oisf-devel
mailing list