[Oisf-users] Setting up a rule to capture all Javascript files traversing the network

Dave Florek dave.a.florek at gmail.com
Thu Aug 11 16:12:06 UTC 2016


I'm trying to setup a rule to capture all Javascript (.js) files that are
traversing my network. Here is the rule I created to do it. The problem is
that it's giving me more files that are outside the .js extension and I'm
wondering if the filemagic command has a property for javascript files or
if there is a better way to construct the rule to capture only .js
extension types.

alert http any any -> any any (msg:"FILEXT js";
flow:established,to_server;filestore; sid:9; rev:1;)

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160811/34f328ec/attachment.html>

More information about the Oisf-users mailing list