[Emerging-Sigs] Implementing Exclusions

PAURON, GUILLAUME (GUILLAUME) guillaume.pauron at alcatel-lucent.com
Tue Dec 25 21:49:28 HAST 2012


Hello,

I would like to know what is the best way to implement exclusions on generic sigs (for example the "SQLi Select from"). On this sig, the catch is only a pcre on "select from" on the http request, and I have some recurrent FP.

For exemple requests like :
"/aaz/3pe/display.do?nodeName=pml_mailv2_1&_File=%2Fwapmail%2Fselect_sendFrom.pml%"

How could I exclude that kind of things in the best way ? :)

Thank you in advance,

Regards,
Pauron Guillaume

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121226/1e59d281/attachment.html>


More information about the Emerging-sigs mailing list