Manual Chapter :
Snort rule reference
Applies To:
Show Versions
BIG-IP AFM
- 16.0.1, 16.0.0, 15.1.0
Snort rule reference
This document includes the Snort commands that are currently supported when writing
Snort rules.
Snort rule overview
Protocol Anomaly Inspection supports a subset of Snort rules. See the Snort users manual for more information. Snort rules can be written as pcre
(perl-compatible regular expressions). Negation (
!
) is not
supported.Parameters supported with byte_test
Parameters supported with byte_jump
All parameters for
byte_jump
are supported except dce
,
multiplier
, align
,
post_offset
, and bitmask
. See byte_jump.Parameters supported in metadata
The following parameters are supported in
metadata
. See metadata.- service
- policy balanced-ips
The following parameters are supported in
reference
. See reference.- url
- cve
- bugtraq
The following additional commands are supported.
- msg
- classtype
- flow
- rev
The following parameters are added:
- protocol
- accuracy
- risk
- systems
- documentation
- last_updated
- performance_impact