[Snort-sigs] help with time in rules

evejou girl at ...3471...
Tue Nov 6 06:24:51 EST 2012


Yup. You're looking for the threshold keyword here:
http://manual.snort.org/node35.html




On Nov 6, 2012, at 4:01 AM, Jose A. <bromistamix at ...12...> wrote:

> Hello!
>  
> I have a question when i want to develop a rule in snort.
>  
> It is possible to specify the time and the number of events in the rule?
>  
> For example, create an alarm when the same event occurs within two minutes 10 times.
>  
> Thanks!
>  
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121106/eed77700/attachment.html>


More information about the Snort-sigs mailing list