[Emerging-Sigs] Those using Oinkmaster - useful modifysid rules

waldo kitty wkitty42 at windstream.net
Tue Oct 19 20:17:55 EDT 2010


On 10/19/2010 13:11, JJC wrote:
> actually, disablesid,enablesid,modifysid,dropsid (in PP anyway) allows
> for the following usage:
>
> regex example to disable/enable/drop (based on the file and directive
> you specify) all MS07 through MS10 rules
> pcre:MS(0[7-9]|10)-\d+

interesting! TBH, i've never tried regex stuff with disablesid... maybe the KISS 
principle lives too deeply in me?? ;)

now if pulledpork has an option to /not/ merge all rules into one rules set 
file, that may make a difference for my/our configuration(s)...


More information about the Emerging-sigs mailing list