====== PFSense - Suricata - Rules ======

Signatures play a very important role in Suricata. 

Suricata Rules consists of the following format:

  * **Action**:  Determines what happens when the signature matches.
  * **Header**:  Defining the protocol, IP addresses, ports and direction of the rule.
  * **Options**:  Defines the specifics of the rule.

----

[[PFSense:Suricata:Rules:Breakdown of a rule|Breakdown of a rule]]

[[PFSense:Suricata:Rules:Classification|Classification]]

[[PFSense:Suricata:Rules:Custom Rules|Custom Rules]]

[[PFSense:Suricata:Rules:Snort Rules|Snort Rules]]

----

==== References ====

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules

https://suricata.readthedocs.io/en/latest/rule-management/adding-your-own-rules.html

https://suricata.readthedocs.io/en/suricata-4.1.2/rules/intro.html

https://forum.netgate.com/topic/127428/suricata-custom-rules

https://www.admin-magazine.com/Articles/Detecting-intruders-with-Suricata/(offset)/3