[Oisf-users] EXTERNAL: Rule Protocol Keyword Documentation
Rasmor, Zachary R
zachary.r.rasmor at lmco.com
Thu Nov 19 21:54:59 UTC 2015
Hi Andreas,
Regarding documentation, check out the ‘protocol’ section in this link. Is this what you were looking for?
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
Zach
________________________
Zach Rasmor
Email: <mailto:zachary.r.rasmor at lmco.com> zachary.r.rasmor at lmco.com
Office: 301.240.6116
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Andreas Moe
Sent: Thursday, November 19, 2015 1:34 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: EXTERNAL: [Oisf-users] Rule Protocol Keyword Documentation
Hi all!
I was looking around for some documentation for the different keywords, with regards to the signature protocol (ex. alert ip.. / drop tcp...).
I searched on google, and om redmine for the suricata project, but dit not find anything (could probably have "searched harder"..), but a search in redmine for "pkthdr" gives nothing.
1) Anyone know of where this is documented?
2) If this is not documented
2.1) Anyone know were i can find a overview of the different allowed keywords (in the code)
2.2) Were (what place in the documentation) would be a good place to add this?
/Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151119/c52064f3/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 11767 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151119/c52064f3/attachment-0002.bin>
More information about the Oisf-users
mailing list