When writing custom IPS rules, can I use Snort variables?

Yes, we provide administrators access to Snort variables. These variables are used in rules to specify criteria for the source and destination of a packet. Snort's most important variable is $HOME_NET$HOME_NET defines the network or networks you are trying to protect. Under no circumstance should you change or delete the default variables - you can add exceptions, but only if you are very familiar with them and snort.conf.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk