Adding this feature will allow MoleIDS to detect multi-phase attacks.
It could be implemented adding a new entry in the meta section, for example:
rule dummy {
meta:
// ...
flowbits = "set:variable, isset:variable, unset:variable"
// ...
}The meta entry flowbits will be a comma separated string with key:value options. The key will be the operation against the flowbits and the value will be the variable where the action takes effect.
It will be also possible to reuse operations, like set:var1, set:var2.
Adding this feature will allow MoleIDS to detect multi-phase attacks.
It could be implemented adding a new entry in the
metasection, for example:The meta entry
flowbitswill be a comma separated string with key:value options. The key will be the operation against theflowbitsand the value will be the variable where the action takes effect.It will be also possible to reuse operations, like
set:var1, set:var2.