Is making a PCRE rule the same in suricata as it was in snort. #10678
Replies: 1 comment
-
|
You might be better off using content rules rather than pcre, if you're just hunting for static values: https://docs.suricata.io/en/suricata-6.0.0/rules/payload-keywords.html#content Also, make sure that you're adding the rules in the right place: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm looking to create a rule looking for our 6 digit bin numbers in packets. Basically, if these numbers appear than alert us. Here is what I have so far and this is what I used in another life via snort. I'm not seeing any hits with suricata, I'm wondering if the syntax is wrong. Please help.
alert tcp any any <> any any (msg: Cleartext CC data 6 Digit"; pcre:"123456|789101|121314|151617"; sid:10001 rev:1;)
Beta Was this translation helpful? Give feedback.
All reactions