The logto keyword tells Snort to log all packets that trigger this rule to a special output log file.
The session keyword is built to extract user data from TCP Sessions.
The resp keyword is used attempt to close sessions when an alert is triggered.
This keyword implements an ability for users to react to traffic that matches a Snort rule by closing connection and sending a notice.
The tag keyword allow rules to log more than just the single packet that triggered the rule.
This keyword allows the rule writer to specify a rule to add when a specific network event occurs.
This keyword allows the rule writer to dynamically enable a rule when a specific activate rule is triggered.
This keyword must be used in combination with the activated_by keyword. It allows the rule writer to specify how many packets to leave the rule enabled for after it is activated.
Replace the prior matching content with the given string of the same length. Available in inline mode only.
Track by source or destination IP address and if the rule otherwise matches more than the configured rate it will fire.