I need a solution
Hi,
I'm trying to create a custom signature copied from Snort's ET and I always get an error.
The signature is as follows:
rule tcp, dest=$ANY, tcp_flag&ack, saddr=$LOCALHOST, msg="BHEK Landing URI Format", regexpcontent=".*\/[a-f0-9]{32}\/[a-z]+?\-[a-z]+?\.php\x0d\x0a"
I have 2 variables defined:
ANY (0.0.0.0/0)
LOCALHOST (127.0.0.0/8)
Can anyone help?