[Oisf-users] 答复: suricata do not support "xbits"
苏 哲
suzhe_ffgg at outlook.com
Fri Sep 7 13:01:23 UTC 2018
thank you for reply.
1. instead of "xbits:noalert", noalert works, no error.
2. now the error is <Error> - [ERRCODE: SC_ERR_PCRE_MATCH(2)] - "isset,Metasploit.ContentKeeper.recon" is not a valid setting for xbits
Thanks
Su
________________________________
发件人: Peter Manev <petermanev at gmail.com>
发送时间: 2018年9月7日 0:34
收件人: suzhe_ffgg at outlook.com
抄送: Open Information Security Foundation
主题: Re: [Oisf-users] suricata do not support "xbits"
On Fri, Sep 7, 2018 at 9:09 AM 苏 哲 <suzhe_ffgg at outlook.com> wrote:
>
>
>
>
> Hi,
>
> I try suricata 4.0.5 and 4.1.0 and try "xbits" with this example, I receive error:
>
>
> "noalert" is not a valid setting for xbits.
>
instead of "xbits:noalert;"
can you try just "noalert;" ?
> "isset,is_attack_step1" is not a valid setting for xbits.
That name - "is_attack_step1" is not present/set anywhere in the
example , is that expected ? (so it can naturally complain about it)
>
>
> I google xbits and those errors, but didn't find anyone talking about it.
>
>
> is there anyone know what is the reason? and what should I do?
>
>
> Thanks.
>
> Su
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180907/0a3bae53/attachment.html>
More information about the Oisf-users
mailing list