[Zeek] More in payload in a signature
Vincenzo
vincyforce at gmail.com
Wed Apr 29 03:46:34 PDT 2020
Hi everyone, in Zeek's signature framework, is it possible to set multiple
payloads in "AND" and not in "OR" within a signature?
Example
my-first-sig signature {
ip-proto == tcp
dst-port == 80
payload /.*root/
payload / Hello /
event "Found root!"
}
>From the tests carried out it seems that the two payloads are in 'OR' and
not in 'AND' conditions, do you have any suggestions?
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200429/d9bbd856/attachment.html
More information about the Zeek
mailing list