Snort mailing list archives
Re: Rule creation: content keyword
From: Edin Dizdarevic <Edin.Dizdarevic () interActive-Systems de>
Date: Sun, 06 Feb 2005 23:22:28 +0100
mosquitooth () gmx net schrieb:
Yeah, really? All I can find concerning multiple contents in one rule is the following statement: Note that multiple content rules can be specified in one rule. This allows rules to be tailored for less false positives. I can't find any further information, can you?
Take a look at the section 3.8.4 Optimizing rules as well as the "new" 2.3.0 manual which you can find in the tgz. Search for "content"... Regards, Edin
Thanks so far Peter
-- Edin Dizdarevic ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule creation: content keyword mosquitooth (Feb 06)
- Re: Rule creation: content keyword Frank Knobbe (Feb 06)
- Re: Rule creation: content keyword mosquitooth (Feb 06)
- Re: Rule creation: content keyword Edin Dizdarevic (Feb 06)
- Re: Rule creation: content keyword mosquitooth (Feb 07)
- Re: Rule creation: content keyword Matt Kettler (Feb 07)
- Finding rules for internal network sEc nErD (Feb 07)
- Re: Finding rules for internal network James Riden (Feb 07)
- Re: Finding rules for internal network Matt Kettler (Feb 07)
- Finding rules for internal network sEc nErD (Feb 07)
- <Possible follow-ups>
- RE: Rule creation: content keyword Basselgia, Barry A Mr (NAF Atsugi) (Feb 06)