Tag Archives: SNORT – Effective Rule Writing Techniques – Constraining Snort Content Matches with Keyword Modifiers

SNORT – Effective Rule Writing Techniques – Constraining Snort Content Matches with Keyword Modifiers

Snort IDS and IPS Toolkit (Jay Beale’s Open Source Security) You can constrain the location and case-sensitivity of content searches with options that modify the content keyword. Some examples are as follows: Nocase – You can instruct the detection engine to ignore case when searching for content matches in ASCII strings. Offset -The offset keyword… Read More »

Share Button