Chapter 12. Basic Rule Writing

The ease with which Snort rules can be written has arguably been the most influential factor in Snort's tremendous adoption in the information security community over the last few years. The decision of Snort's creator, Marty Roesch, to create a simple and extensible rules creation syntax has allowed Snort users worldwide to create one of the most comprehensive signature sets available for any IDS. Each rule can be modified individually, making the modified rule increasingly relevant to the network infrastructure Snort is protecting. Additionally, rules can be created from scratch and used within Snort. Enabling users to create custom rules make Snort a truly pragmatic security application.

The ruleset has made ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.