[Oisf-users] flags keyword
Andreas Herz
aherz at oisf.net
Wed Jun 3 19:48:06 UTC 2020
Hi Charles,
On 02/06/20 at 08:06, Charles Devoe wrote:
> We have some ET signatures that are using the flags keyword ( flags:
> S,12) In checking the Suricata documentation I do not see the flags
> keyword listed. I would like to confirm this is a valid keyword and
> that it works the same as it does in snort.
I checked and yes the flags keyword is missing in the docs, but it's
implemented. I didn't do a deep dive but from a first glance it looks
like we do support it the same way.
--
Andreas Herz
More information about the Oisf-users
mailing list