[Oisf-users] Can a single rule handle multiple hostnames?

Erich Lerch erich.lerch at gmail.com
Fri May 29 19:21:07 UTC 2015

I guess you could achieve that with a PCRE-rule... theoretically. But
it's probably MUCH more efficient to write one rule per hostname. A
different thing is when you have IP addresses.


2015-05-29 19:33 GMT+02:00 Josh Larkins <jlarkins at malcovery.com>:
> I have a set of hostnames I’d like to prevent communication with. Can I
> author a rule that will include all of them in the same rule? I’ve been
> scouring all the Suricata documentation and looked through the open source
> ET rules and I’m not seeing any examples of how to accomplish this.
> Josh
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net

More information about the Oisf-users mailing list