Skip to content
This repository has been archived by the owner on Nov 7, 2022. It is now read-only.

Missing rev for rules generated by print_rules #1

Open
sevdog opened this issue Dec 13, 2017 · 0 comments
Open

Missing rev for rules generated by print_rules #1

sevdog opened this issue Dec 13, 2017 · 0 comments

Comments

@sevdog
Copy link

sevdog commented Dec 13, 2017

Rules generated with the method print_rules does not have revision number set.

alert http any any -> any any (msg:"SURICATA TRAFFIC-ID: Debian APT-GET"; content:"debian.org"; http_host; content:"Debian APT"; http_user_agent; flow:to_server,established; flowbits:set,traffic/id/debian-apt; flowbits:set,traffic/label/software-update; noalert; sid:300000028;)
alert http any any -> any any (msg:"SURICATA TRAFFIC-ID: Ubuntu APT-GET"; content:"ubuntu.com"; http_host; content:"Debian APT"; http_user_agent; flow:to_server,established; flowbits:set,traffic/id/ubuntu-apt; flowbits:set,traffic/label/software-update; noalert; sid:300000029;)

It should be set to 1 or be a configurable value.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sevdog