2014-06-25 11:56 AM
Does anybody know how to look in the payload of the packet with ESA rules?
I have looked at rules and they rule D.payload but they just use common metakeys, I want to look in the content of the packet.
2014-06-30 11:39 PM
ESA only works with meta.
To look for something in the packet payload, you should use a parser / app rule on the decoder to generate meta, and then use an ESA rule on meta you generate.
