Wiki

User Tools

Site Tools

Trace:
ids:snort:snort_rule_format

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ids:snort:snort_rule_format [2021/07/26 08:43] peterids:snort:snort_rule_format [2021/07/26 08:46] (current) peter
Line 11: Line 11:
     * **alert**:  Display an alert.     * **alert**:  Display an alert.
     * **log**:  Write to Log.     * **log**:  Write to Log.
 +    * **pass**:  Pass.
   * Direction:   * Direction:
     * **->**:  Inwards.     * **->**:  Inwards.
Line 26: Line 27:
  
 <code> <code>
-alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet is Detected";sid:100010)+alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001) 
 + 
 +alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010) 
 + 
 +log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; ) 
 + 
 +log tcp any any -> 192.168.1.0/24 !6000:6010
 </code> </code>
  
ids/snort/snort_rule_format.1627289002.txt.gz · Last modified: 2021/07/26 08:43 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki