[Oisf-users] Flowbit question
Erich Lerch
erich.lerch at gmail.com
Mon Jan 11 21:14:24 UTC 2016
Sometimes it would be helpful if for a given rule which triggered an
alert after evaluating a flowbit, it was possible to know which other
rule was setting this very flowbit.
In ET rulesets, there might be dozens of possible candidates setting a
flowbit, so finding the right candidate is not feasible.
Is there a possiblity to "automagically" find it? Does Suri track this
information internally (so it might be logged somehow)?
Cheers,
erich
More information about the Oisf-users
mailing list