Can I write a suricata rule based on the timestamp the packet arrives on the host?
We have a need to check the arrival time of two relative packets, like packet1 and packet2, if packet2 arrives too late after packet1, we want an alert for it.
Is it possible to write a rule for this? I go through the suricata’s doc and fe… Continue reading Can I write a suricata rule based on the timestamp the packet arrives on the host?