[Oisf-users] Can a single rule handle multiple hostnames?

Josh Larkins jlarkins at malcovery.com
Fri May 29 17:33:19 UTC 2015


I have a set of hostnames I'd like to prevent communication with. Can I author a rule that will include all of them in the same rule? I've been scouring all the Suricata documentation and looked through the open source ET rules and I'm not seeing any examples of how to accomplish this.

Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150529/3a2c830a/attachment.html>


More information about the Oisf-users mailing list