[Oisf-users] Suricata 1.4 simple alert rule, first visit to website not triggering an alert

Eoin Miller eoin.miller at trojanedbinaries.com
Thu Jan 10 20:37:07 UTC 2013

Previous message (by thread): [Oisf-users] Suricata 1.4 simple alert rule, first visit to website not triggering an alert
Next message (by thread): [Oisf-users] Suricata 1.4 simple alert rule, first visit to website not triggering an alert
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/10/2013 20:34, Eoin Miller wrote:
> On 1/10/2013 19:57, Vincent Fang wrote:
>>
>> alert http any any -> 207.86.164.0/24 <http://207.86.164.0/24> any (msg:
>> "visiting businessweek")
> 
> Maybe try alert tcp instead of alert http.
> 
> -- Eoin

alert ip might even be better.

-- Eoin

Previous message (by thread): [Oisf-users] Suricata 1.4 simple alert rule, first visit to website not triggering an alert
Next message (by thread): [Oisf-users] Suricata 1.4 simple alert rule, first visit to website not triggering an alert
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Oisf-users mailing list