Snort mailing list archives

Re: the snort3 how to support the suricata rules ? like this keywords?

From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 2 Feb 2021 14:26:04 +0000

We do not support suricata rules.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Feb 1, 2021, at 8:11 PM, 15135147016--- via Snort-devel <snort-devel () lists snort org> wrote:


the snort3 how to support the suricata rules ? like this keywords?


Keyword       Legacy Content Modifier Direction
http.uri      http_uri        Request
http.uri.raw  http_raw_uri    Request
http.method   http_method     Request
http.request_line     http_request_line (*)   Request
http.request_body     http_client_body        Request
http.header   http_header     Both
http.header.raw       http_raw_header Both
http.cookie   http_cookie     Both
http.user_agent       http_user_agent Request
http.host     http_host       Request
http.host.raw http_raw_host   Request
http.accept   http_accept (*) Request
http.accept_lang      http_accept_lang (*)    Request
http.accept_enc       http_accept_enc (*)     Request
http.referer  http_referer (*)        Request
http.connection       http_connection (*)     Request
http.content_type     http_content_type (*)   Both
http.content_len      http_content_len (*)    Both
http.start    http_start (*)  Both
http.protocol http_protocol (*)       Both
http.header_names     http_header_names (*)   Both

15135147016 () 163 com <mailto:15135147016 () 163 com>
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org <mailto:Snort-devel () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-devel <https://lists.snort.org/mailman/listinfo/snort-devel>

Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!

Attachment: smime.p7s
Description:

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Bug in alert_syslog module? W. Michael Petullo (Jan 31)
- Re: Bug in alert_syslog module? Michael Altizer (mialtize) via Snort-devel (Feb 01)
  - the snort3 how to support the suricata rules ? like this keywords? 15135147016--- via Snort-devel (Feb 02)
    - Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)
    - Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)