Chapter 12. Basic Rule Writing
The ease with which Snort rules can be written has arguably been the most influential factor in Snort's tremendous adoption in the information security community over the last few years. The decision of Snort's creator, Marty Roesch, to create a simple and extensible rules creation syntax has allowed Snort users worldwide to create one of the most comprehensive signature sets available for any IDS. Each rule can be modified individually, making the modified rule increasingly relevant to the network infrastructure Snort is protecting. Additionally, rules can be created from scratch and used within Snort. Enabling users to create custom rules make Snort a truly pragmatic security application.
The ruleset has made ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
