[Oisf-users] Flowbit question
Victor Julien
lists at inliniac.net
Mon Jan 11 21:16:23 UTC 2016
On 11-01-16 16:14, Erich Lerch wrote:
> Sometimes it would be helpful if for a given rule which triggered an
> alert after evaluating a flowbit, it was possible to know which other
> rule was setting this very flowbit.
>
> In ET rulesets, there might be dozens of possible candidates setting a
> flowbit, so finding the right candidate is not feasible.
> Is there a possiblity to "automagically" find it? Does Suri track this
> information internally (so it might be logged somehow)?
No we don't. I agree it'd be useful though.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list