[Snort-users] [sonrt-user]About rule options
jesler at ...1935...
Tue Sep 24 12:13:26 EDT 2013
On Sep 24, 2013, at 7:11 AM, Mayur Patil <ram.nath241089 at ...11827...> wrote:
> I want to ask which is the alternate option to use in shared object rule
> instead of
> * threshold
> * detection_filter
> * track_by
> * event_filter
> as these options become obsolete when parsing the text rules
> and I want to use counts,seconds which are parts of above options.
> is there any alternative or replacement??
> Seeking for guidance,
Thanks for your email. I believe you will find what you are looking for here: http://manual.snort.org/node19.html#SECTION00342000000000000000
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users