ids:snort:snort_rule_format
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| ids:snort:snort_rule_format [2021/07/26 08:36] – created peter | ids:snort:snort_rule_format [2021/07/26 08:46] (current) – peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== IDS - Snort - Snort Rule Format ====== | ====== IDS - Snort - Snort Rule Format ====== | ||
| + | |||
| + | ===== Snort Rule Header ===== | ||
| |Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| | |Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| | ||
| + | |||
| + | <WRAP info> | ||
| + | **NOTE: | ||
| + | |||
| + | * Action: | ||
| + | * **alert**: | ||
| + | * **log**: | ||
| + | * **pass**: | ||
| + | * Direction: | ||
| + | * **-> | ||
| + | * **< | ||
| + | * **<> | ||
| + | |||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Sample Rule ===== | ||
| + | |||
| + | < | ||
| + | alert tcp any any -> any any(msg: " | ||
| + | |||
| + | alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected"; | ||
| + | |||
| + | log tcp !192.168.0/ | ||
| + | |||
| + | log tcp any any -> 192.168.1.0/ | ||
| + | </ | ||
| + | |||
| + | <WRAP info> | ||
| + | **NOTE: | ||
| + | |||
| + | * Rule Header: | ||
| + | * Rule Option: | ||
| + | |||
| + | </ | ||
| + | |||
| + | |||
| + | |||
ids/snort/snort_rule_format.1627288564.txt.gz · Last modified: 2021/07/26 08:36 by peter