Project

General

Profile

Actions
Copy link

Documentation #5484

open

userguide: explain content modifiers usage with regards to position usage in the rule

Added by Juliana Fajardini Reichow about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

Some content modifier keywords may not present the expected behavior if they are not used in the position Suri expects them to be.

This needs some investigation to decide which keywords present that and would need a better explanation, but an example can likely be seen in bug 4286.

Related issues 2 (2 open0 closed)

Related to Suricata - Bug #4286: FN occurs when using negated isdataat with http_cookie keywordFeedbackCommunity TicketActions
Related to Suricata - Task #5483: SV tests to demonstrate false negative behavior for negated isdataat with http_cookie keyword (bug 4286)NewOISF DevActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow about 2 years ago

  • Related to Bug #4286: FN occurs when using negated isdataat with http_cookie keyword added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow about 2 years ago

  • Related to Task #5483: SV tests to demonstrate false negative behavior for negated isdataat with http_cookie keyword (bug 4286) added
Actions
Copy link

Also available in: Atom PDF