[Snort-users] [sonrt-user]About rule options

Joel Esler jesler at ...1935...
Tue Sep 24 12:13:26 EDT 2013


On Sep 24, 2013, at 7:11 AM, Mayur Patil <ram.nath241089 at ...11827...> wrote:

> Hi,
> 
>     I want to ask which is the alternate option to use in  shared object rule 
> 
>     instead of 
> 
> *     threshold
>     
> *     detection_filter
>  
> *     track_by
>    
> *     event_filter
> 
> as these options become obsolete when parsing the text rules
> 
> and I want to use  counts,seconds    which are parts of above options.
> 
> is there any alternative or replacement??
> 
> Seeking for guidance,

Dear Mayur,

Thanks for your email.  I believe you will find what you are looking for here: http://manual.snort.org/node19.html#SECTION00342000000000000000

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130924/7a140b57/attachment.html>


More information about the Snort-users mailing list