gained three pages on my book and I've only just been doing formatting and font size changes.
-
gained three pages on my book and I've only just been doing formatting and font size changes.
-
done editing for today. Ending with a net gain of two pages just for alignment and font size changes. When I left off I was going over rule body keywords.
I decided to teach Suricata rule body keywords by dividing them into their function:
Metadata keyword that tell others what your rule detects (msg, sid, rev, reference, classtype, metadata, classtype)
Payload keywords (isdataat, content, byte_check, byte_jump, etc.)
Content-modifying keywords:
sticky buffers (http.uri, http.method, etc.)
positional keywords (offset, distance, within, depth, startswith, endswith, bsize)
transformations
-
I left off at talking about transformations when I shelved it about a year ago. Its a little bit under 40% of the content.