October 2015
Intermediate to advanced
432 pages
9h 55m
English
In this chapter, we’re going to focus exclusively on the fundamentals of Snort rules, detailing their structure, syntax, and options. We’ll also explore how Snort performs rule optimization for better performance and show you how rule matching takes place internally.
The core of the FireSIGHT System’s intrusion detection capability is the IPS detection engine, which includes the preprocessor and the IPS rule base. Once the IPS engine initializes, the rule structures initialize and begin building decision trees by grouping rules based on things like destination ...