Hi everyone, in Zeek’s signature framework, is it possible to set multiple payloads in “AND” and not in “OR” within a signature?
Example
my-first-sig signature {
ip-proto == tcp
dst-port == 80
payload /.*root/
payload / Hello /
event “Found root!”
}
From the tests carried out it seems that the two payloads are in ‘OR’ and not in ‘AND’ conditions, do you have any suggestions?
Thank you