Actions
Feature #7403
closedrequires: add ability to check for a rule keyword
Effort:
Difficulty:
Label:
Description
The NDPI plugin introduces some keywords, and it would be nice to provide a way to test for these keywords. While we do support features, the "ndpi" feature might not be enough, as future versions of the plugin could add new keywords. A more generic approach could be provided by allowing the requires keyword to check for the existence of rule keywords, for example:
requires: keyword foobar, keyword ndpi_risk;
While I do have a quick implementation of this ready, I think it should be discussed if we want this.
Updated by Philippe Antoine 29 days ago
- Status changed from New to In Review
- Target version changed from TBD to 8.0.0-beta1
Updated by Jason Ish 23 days ago
- Status changed from In Review to Closed
PR https://github.com/OISF/suricata/pull/12177 merged.
Do we want to backport this?
Actions