Ensure that all rules with ARGS also consider XML:* #1227
Comments
|
I think that |
|
Taking this issue. I think I understand it, and if that's the case, I'll have it done in two weeks...testing for a cert this weekend or would have it all sooner :) |
|
Looking forward to that! Thanks. |
|
Does someone have an example of what this rule would look like? The only way I can see to specifically target XML coming in is to check the Headers. E.g.:
or maybe
I actually don't see a mention of |
|
@dune73 Just look at this comment: Actually, I think this is the answer. Anything that has the word E.g. like the following rule:
|
|
Could you guys please support @danehrlich1? I'm overly busy at the moment. |
|
@spartantri Can you look at my comment really quickly? Think I am correct but just want someone to double check. |
|
Hi @danehrlich1 it may be better to discuss this in slack, but basically, this one is to add |
|
@danehrlich1 Did you made any progress with this? Do you need more help/advise? |
|
This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days |
github-actions
bot
added
the
Stale issue
|
@lifeforms volunteered to fix this issue during the monthly CRS chat. Meeting minutes: #1671 (comment) |
|
@lifeforms: Any update here? |
Type of Issue
Feature Request
Description
In general we'll like to have XML considered for all rules, where it is evaluated. This can be done by adding the TARGET of XML:* to the rules. But we need to be careful to ensure only the rules that need it, get it. Starting with rules that have ARGS, is a good start
Confirmation
[x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.
The text was updated successfully, but these errors were encountered: