Suricata rule that would not log any DNS entry with a .gov TLD [closed]
Trying to create a whitelist rule that would not log any DNS entry with a .gov TLD. I tried the syntax below but does not work.
pass dns any any <> any any (msg: ".gov domain"; dns_query; content:".gov"; nocase; s… Continue reading Suricata rule that would not log any DNS entry with a .gov TLD [closed]