Manual Chapter :
Snort rule reference
Applies To:
Show Versions
BIG-IP AFM
- 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Snort rule reference
This document includes the Snort commands that are currently supported when writing
Snort rules.
Snort rule overview
Protocol Anomaly Inspection supports a subset of Snort rules. See the Snort users manual for more information. Snort rules can be written as pcre
(perl-compatible regular expressions). Negation (
!
) is not
supported.Parameters supported with byte_test
Parameters supported with byte_jump
All parameters for
byte_jump
are supported except dce
,
multiplier
, align
,
post_offset
, and bitmask
. See byte_jump.Parameters supported in metadata
The following parameter is supported in
metadata
. See metadata.- service
The following parameters are supported in
reference
. See reference.- url
- cve
- bugtraq
The following additional parameters are supported.
- Description
- Attack Type
- Direction
- Revision
The following parameters are added:
- protocol
- accuracy
- risk
- systems
- documentation
- last_updated
- performance_impact
