so-rule update that contains !1 #10111
-
|
Wanted to pass this along to help others run into this issue. My issue was when I ran |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
After talking with support I was putting double-quotes around my parameters so the fix was to use single quotes. For example what I was originally trying to use What I had to change it to was |
Beta Was this translation helpful? Give feedback.
After talking with support I was putting double-quotes around my parameters so the fix was to use single quotes. For example what I was originally trying to use
so-rule modify add 2025705 "classtype:bad-unknown" "content:\"D|00|o|00|n|00|o|00|t|00|l|00|o|00|g|00 2E 00|p|00|s|00|1|00|\"; nocase; distance:0; isdataat:!1,relative; classtype:bad-unknown"What I had to change it to was
so-rule modify add 2025705 'classtype:bad-unknown' 'content:\"D|00|o|00|n|00|o|00|t|00|l|00|o|00|g|00 2E 00|p|00|s|00|1|00|\"; nocase; distance:0; isdataat:!1,relative; classtype:bad-unknown'