Hallo everybody,
I'm a new and unexperienced user of the really interesting BRO detection
framework. I want to write a signature definition for event A and B, which
triggers only after event A and B happend. My approach so far:
signature s1 {event "Pattern A"}
signature s2 {event "Pattern B"
requires-signature s1
}
If i understood the documentation correctly, i can define an event sequence
with the "requires-signature" condition.
But this one only matches events (A, B) and not (B, A).
Is it possible to write an event expression (A AND B)?
Kind regards,
Bogdan.