Suricata 7.0.10
alert tcp any any → any 80 (
msg:“HTTP suspicious option length”;
flow:to_server,established;
byte_jump:1,0,bitmask 0x0F,relative;
content:“evil”; within 10;
)
this rule parse error.
Is byte_jump using bitmask not supported in suricata 7.0?