Question about OR, AND Operator Logical Rules

gosudvtnews · June 6, 2023, 3:51pm

Hi everyone, does Suricata support OR/AND Operator Logical, i want write a rule have http.uri.raw contains keyword “A” or “B”. I see prce regula can do that but Is there are any other way? like content: A|B, content: A OR content: B

jmtaylor90 · June 7, 2023, 3:14pm

Hi,

Unfortunately at the moment there is no way to do this with content matches without using pcre in a single rule.

JT

gosudvtnews · June 7, 2023, 3:24pm

Thanks you very much

Topic		Replies	Views
Problems writing a rule with byte_math Rules	15	447	June 2, 2023
Suricata can't search pattern in HTTP with content-type application/x-www-form-urlencoded Rules rules , suricata	1	167	December 1, 2023
Block An automated SQLI Help community	1	551	January 11, 2021
Rules with sticky buffers and content modifiers Rules	4	3486	June 4, 2020
Get URL from HTTP packet Help rules , suricata	2	788	January 11, 2023

Question about OR, AND Operator Logical Rules

Related Topics