[Snort-sigs] Question about snort rules

Joel Esler jesler at ...435...
Mon Oct 7 19:22:51 EDT 2013


If you are asking if it's possible to only trigger after a certain amount of events happen, yes, it's possible to do that with rate filtering.  

Sent from my iPhone

> On Oct 7, 2013, at 6:27 PM, Fernando Villegas <fava.007 at ...2420...> wrote:
> 
> Hi, 
> I need to know if is possible to create rules with conditionality temporary or quantity. For example, "if I receive more than one package 'A' in less than 5 seconds" or "if I receive more than 10 packages 'A' to so ..."
> I'll wait your answer, thank you for your time.
> regards!
> 
> -- 
> Atentamente,
> Fernando Antonio Villegas Acevedo
> Estudiante Ingeniería Civil en Informática y Telecomunicaciones
> Universidad Diego Portales
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20131007/015bf9b6/attachment.html>


More information about the Snort-sigs mailing list