[Oisf-users] problem with filestore
erik clark
philosnef at gmail.com
Thu Mar 9 14:25:44 UTC 2017
I cant get filestore to work with this rule:
alert tcp $external any -> $home any (msg"bleh"; file_data;
content:"eval(function(p,a,c,k,e,d)"; fast_pattern:only; filestore;
flowbits:isset,menu.js;....)
Why cant I run filestore on this? I need to capture the entire file that
the sig fired on, but suri says something about conflicting keywords....
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170309/b378c492/attachment-0001.html>
More information about the Oisf-users
mailing list