Can regex be used in the Service Ports field when tuning signatures? If so, what is the negate expression. If I want to exclude port 53 from a sig would I put in "!53" or "?!53"?
There is no regex-like capability in the ServicePorts field. You must explicitly define the ports to be inspected. For example, if you wanted all 64K ports except 53, the setting would be:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: