Hello,
When configuring pcap-log conditional on tag. e.g.
alert http any any → any any (http.method; content:“POST”; tag:session; sid:1;)
How can customised rules best be maintained? As I assume that when updating rules, any such customisations will be overwritten.