Dear sir,
I am Sajan.S, Researcher from Amrita Univeristy India. I am working on custom alert correlation engine for networks. I am using snort rules; specifically content part.
I would like to know:
1. Is there a library available to convery snort payloads parts (contents) to pcre?
2. If no library is available; How to use pcre engine to generate a new one from normal string patterns.
for eg:
Need to collapse /cabababc/ down to /c(?:ab){3}c/.
so my input is: /cabababc/
output is : /c(?:ab){3}c/
Looking forward to hear from you!
Thanks & Regards,
Sajan.S
--
Sajan Kumar.S
Research Associate,TIFAC Centre Of Relevance and Excellence in Cyber
Security
Amrita Vishwa Vidyapeetham
Ettimadai(P.O)-641 105
COIMBATORE,Tamil Nadu, India
Phone(O)0422-2656422,09944554801
www.amrita.edu/ccs
