Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| pfsense:suricata:rules:breakdown_of_a_rule [2021/01/22 09:24] – [Rule Options] peter | pfsense:suricata:rules:breakdown_of_a_rule [2021/01/22 10:07] (current) – [Rule Options] peter |
|---|
| * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords|payload]]**: The packet data itself. **content: "peter";**. | * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords|payload]]**: The packet data itself. **content: "peter";**. |
| * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords|HTTP]]**: Heavily used when TCP protocol is set, useful for using Suricata as a content filtering system. **GET, POST, index.html, cookies, user-agents, response-status 302, 500 etc.**. | * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords|HTTP]]**: Heavily used when TCP protocol is set, useful for using Suricata as a content filtering system. **GET, POST, index.html, cookies, user-agents, response-status 302, 500 etc.**. |
| * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords|flow]]**: More fine-grained control over the connection’s status and such | * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords|flow]]**: More fine-grained control over the connection’s status and such. **established, memory usage, timeouts, user logged in**. |
| * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationRules|IP reputation]]**: Is an IP is legit or known to be associated with malware, spam, etc... | * **[[https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationRules|IP reputation]]**: Is an IP legit or known to be associated with malware, spam, etc... |
| | |
| | ---- |
| |
| <code> | <code> |
