[Rules] How to check Flowvar in suricata rule?

Juquod · December 2, 2022, 11:08am

Hello,

I created a Lua script to get some information from packets and it defined flowvar like that:
“flowvars”:[{“Version”:“Q008”}]"

Is it possible to compare flowvar directly in the suricata rule?
Like that for example:
flowvar: “Version”, =, “Q008”;

Thank you in advance,
Regards

Topic		Replies	Views
Setting flowvar - Lua Scripting Rules	6	939	December 6, 2021
How can I determine if the .lua scripting is being called by Suricata?	4	584	March 11, 2023
Lua scripting and getting the IP address Rules	1	912	February 15, 2021
[Rules] Complex flowvar definition in LUA Rules rules , suricata	2	361	May 19, 2023
How to use Lua to obtain the data of the required data packet in Suricata Help rules , suricata	0	558	May 12, 2022