Details
-
Bug
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
Right now if you have a custom snort rule (e.g. alert tcp any any -> any any (msg:'snort alert message having a ,(comma) to check csv parsing'; sid:999158; ) ) the snort parser will fail to parse because it's splitting on the comma naively.
It should use the existing CSV parsing infrastructure that we have and that is used in the CSVParser.
Attachments
Issue Links
- links to