urlscan.io logo urlscan.io
SecurityTrails logo

docs.snort.org Open in urlscan Pro
2606:4700::6812:8b09  Public Scan

Back to summary
Submitted URL: http://docs.snort.org/
Effective URL: https://docs.snort.org/
Submission: On January 28 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

<form id="searchbar-outer" class="searchbar-outer">
  <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>

Text Content

 1.  Snort 3 Rule Writing Guide
 2.  Introduction
 3.  
 4.  Using Snort 3
 5.  Getting Started with Snort 3
 6.  1. Installing Snort
     2. Using Snort
     3. 1. Command Line Basics
        2. Reading Traffic
        3. Configuration
        4. Rules
        5. Wizard and Binder
        6. Tweaks and Scripts
        7. Trace Modules
 7.  
 8.  Writing Snort Rules
 9.  The Basics
 10. Rule Headers
 11. 1. Rule Actions
     2. Protocols
     3. IP Addresses
     4. Port Numbers
     5. Direction Operators
 12. New Rule Types
 13. 1. Service Rules
     2. File Rules
     3. File Identification Rules
 14. Rule Options
 15. 1. Rule Option Syntax Key
     2. General Rule Options
     3. 1.  msg
        2.  reference
        3.  gid
        4.  sid
        5.  rev
        6.  classtype
        7.  priority
        8.  metadata
        9.  service
        10. rem
        11. file_meta
     4. Payload Detection Rule Options
     5. 1.  content
        2.  fast_pattern
        3.  nocase
        4.  offset, depth, distance, and within
        5.  HTTP Specific Options
        6.  1.  http_uri and http_raw_uri
            2.  http_header and http_raw_header
            3.  http_cookie and http_raw_cookie
            4.  http_client_body and http_raw_body
            5.  http_param
            6.  http_method
            7.  http_version
            8.  http_stat_code
            9.  http_stat_msg
            10. http_raw_request and http_raw_status
            11. http_trailer and http_raw_trailer
            12. http_true_ip
            13. http_version_match
            14. http_num_headers
            15. http_num_trailers
            16. http_num_cookies
            17. http_header_test
            18. http_trailer_test
            19. Combining Request and Response Detection
        7.  bufferlen
        8.  isdataat
        9.  dsize
        10. pcre
        11. regex
        12. pkt_data
        13. raw_data
        14. file_data
        15. js_data
        16. vba_data
        17. base64_decode and base64_data
        18. byte_extract
        19. byte_test
        20. byte_math
        21. byte_jump
        22. ber_data and ber_skip
        23. ssl_state and ssl_version
        24. DCE Specific Options
        25. SIP Specific Options
        26. sd_pattern
        27. cvs
        28. md5, sha256, and sha512
        29. GTP Specific Options
        30. DNP3 Specific Options
        31. CIP Specific Options
        32. IEC 104 Specific Options
        33. MMS Specific Options
        34. Modbus Specific Options
        35. S7CommPlus Specific Options
     6. Non-Payload Detection Rule Options
     7. 1.  fragoffset
        2.  ttl
        3.  tos
        4.  id
        5.  ipopts
        6.  fragbits
        7.  ip_proto
        8.  flags
        9.  flow
        10. flowbits
        11. file_type
        12. seq
        13. ack
        14. window
        15. itype
        16. icode
        17. icmp_id
        18. icmp_seq
        19. rpc
        20. stream_reassemble
        21. stream_size
     8. Post-Detection Rule Options
     9. 1. detection_filter
        2. replace
        3. tag
 16. 
 17. Miscellaneous Information
 18. Shared Object Rules


 * Snort Light
 * Snort Dark


SNORT 3 RULE WRITING GUIDE





SNORT 3 RULE WRITING GUIDE

by the Cisco Talos Detection Response Team