Wiki

User Tools

Site Tools

Trace:
pfsense:suricata:rules:breakdown_of_a_rule

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:suricata:rules:breakdown_of_a_rule [2021/01/22 09:17] peterpfsense:suricata:rules:breakdown_of_a_rule [2021/01/22 10:07] (current) – [Rule Options] peter
Line 103: Line 103:
 Options fall into different categories: Options fall into different categories:
  
-  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings|meta-settings]]**:  Options not pertaining to any specifics about the packet; including msg, sid, rev.  **content: "peter";**+  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings|meta-settings]]**:  Options not pertaining to any specifics about the packet; including msg, sid, rev. 
-  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords|payload]]**:  The packet data itself. +  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords|payload]]**:  The packet data itself.  **content: "peter";**
-  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords|HTTP]]**:  Heavily used when TCP protocol is set, useful for using Suricata as a content filtering system +  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords|HTTP]]**:  Heavily used when TCP protocol is set, useful for using Suricata as a content filtering system.  **GET, POST, index.html, cookies, user-agents, response-status 302, 500 etc.**. 
-  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords|flow]]**:  More fine-grained control over the connection’s status and such +  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords|flow]]**:  More fine-grained control over the connection’s status and such.  **established, memory usage, timeouts, user logged in**. 
-  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationRules|IP reputation]]**:   Is an IP is legit or known to be associated with malware, spam, etc...+  * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationRules|IP reputation]]**:   Is an IP legit or known to be associated with malware, spam, etc... 
 + 
 +----
  
 <code> <code>
pfsense/suricata/rules/breakdown_of_a_rule.1611307053.txt.gz · Last modified: 2021/01/22 09:17 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki