[Oisf-devel] Does suricata have "activates/activated_by" as a rule option?
Victor Julien
lists at inliniac.net
Wed Aug 24 16:53:32 UTC 2016
On 24-08-16 18:52, amit zala wrote:
> Hello Signature-writers/developers,
>
> Snort provides activates/activated_by as a post-detection rule_option.
> You can read more about it here
> (http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html)
>
> Does suricata have this functionality? I tried to search it into
> suricata user guide, but I was not able to find it.
>
> Basically , I want to trigger rule only if other rule has been
> triggered. I can not use flowbits, because detection is being done on IP
> protocol.
>
> Any help/pointer will be much appreciated.
No, those options are not implemented.
You could perhaps try xbits to set per ip pair or per host bits.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list