On 24/10/16 16:46, John Hardin wrote:
Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be captured in a way it could be compared using gt/lt in a meta. Perhaps: tagcapnum __TXREP_IP_MEAN _TXREP_IP_MEAN_ /^(-?[\d]+(?:\.\d+)?)$/ meta TAGMATCH_TXREP_IP_HIGHSCORE __TXREP_IP_MEAN > 5.0 describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large score TAGMATCH_TXREP_IP_HIGHSCORE 0.1 (...this sort of thing might be really useful as a general purpose rule type in base SA too...)
Thanks for the suggestion John - this looks like an elegant solution to the problem, I'll look into this at some point soon. Paul -- Paul Stead Systems Engineer Zen Internet
