[Oisf-users] pcre keyword in rule for non-http traffic
Victor Julien
lists at inliniac.net
Tue Nov 13 14:53:37 UTC 2012
On 11/13/2012 03:37 PM, Matthew Keeler wrote:
> The Suricata user documentation has the pcre keyword in the HTTP-keywords article:
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords
>
> Does the keyword have to be used with only http traffic or can it be used with tcp/udp/ip types as well?
It can be used with other types as well, the manual is unclear on this.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list