Wiki

User Tools

Site Tools

Trace:
ids:snort:snort_rule_format

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ids:snort:snort_rule_format [2021/07/26 08:40] – [Snort Rule] peterids:snort:snort_rule_format [2021/07/26 08:46] (current) peter
Line 1: Line 1:
 ====== IDS - Snort - Snort Rule Format ====== ====== IDS - Snort - Snort Rule Format ======
  
-===== Snort Rule =====+===== Snort Rule Header ===== 
 + 
 +|Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| 
 + 
 +<WRAP info> 
 +**NOTE:**   
 + 
 +  * Action: 
 +    * **alert**:  Display an alert. 
 +    * **log**:  Write to Log. 
 +    * **pass**:  Pass. 
 +  * Direction: 
 +    * **->**:  Inwards. 
 +    * **<-**:  Outwards. 
 +    * **<>**:  Either direction. 
 + 
 +</WRAP> 
 + 
 + 
 + 
 + 
 +---- 
 + 
 +===== Sample Rule =====
  
 <code> <code>
-alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet is Detected";sid:100010)+alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001) 
 + 
 +alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010) 
 + 
 +log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; ) 
 + 
 +log tcp any any -> 192.168.1.0/24 !6000:6010
 </code> </code>
  
Line 11: Line 40:
  
   * Rule Header:   * Rule Header:
-|Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| 
   * Rule Option:   * Rule Option:
-    * The msg. 
  
 </WRAP> </WRAP>
 +
 +
  
ids/snort/snort_rule_format.1627288805.txt.gz · Last modified: 2021/07/26 08:40 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki