I tried to add a simple signature to Suricata, let’s call SIG A.
If there is TCP session that side 1 send “POST admin.php” and side 2 reply “Hi friend” I want that will be signature.
How to do that please?
By the way what is the source of all signatures that used in Suricata? Proofpoint Emerging Threats Rules ?