[Oisf-users] endswith
erik clark
philosnef at gmail.com
Tue Apr 10 11:33:30 UTC 2018
Wow, so, learn something new every day (recent post on list).
Does endswith work with negation?
content:!"realdomain.com"; endswith;
Im looking at this as a way to revamp ETPro sigs for phishing by excluding
the valid domains from the signature with this method. Currently it uses
isdataat, but endswith seems better? Is it more resource intensive than
isdataat?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/ac52080a/attachment.html>
More information about the Oisf-users
mailing list