duane
duane
Many examples in OISF ruleset[0] primarily stream-event, app-layer-event, decoder-event etc.) Probably most of these can just be tags? Documentation is rather sparse on some of these. [0] https://github.com/OISF/suricata/tree/master/rules
From issue #154 @satta notes: > There are other issues with parsing ETPRO at the moment, such as missing support for noalert without values in some places, [transformations](https://suricata.readthedocs.io/en/latest/rules/transforms.html) (such as...
It could be useful to provide a link directly to a conversion to show input, transformers and output to other people. for example: Input: Zm9vYmFyYmF6 Transformer: url decode -> base64decode...