[Emerging-Sigs] Implementing Exclusions

PAURON, GUILLAUME (GUILLAUME) guillaume.pauron at alcatel-lucent.com
Tue Dec 25 21:49:28 HAST 2012


I would like to know what is the best way to implement exclusions on generic sigs (for example the "SQLi Select from"). On this sig, the catch is only a pcre on "select from" on the http request, and I have some recurrent FP.

For exemple requests like :

How could I exclude that kind of things in the best way ? :)

Thank you in advance,

Pauron Guillaume

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121226/1e59d281/attachment.html>

More information about the Emerging-sigs mailing list