Which file defines Snort IDs and associated alert labels that are not provided within the unified output forma
Which file defines Snort IDs and associated alert labels that are not provided within the
unified output format?
Which information does the rule body contain?
Which information does the rule body contain?
Which character must a rule body end with?
Which character must a rule body end with?
Which keyword can you use to check a packet IP header TTL value?
Which keyword can you use to check a packet IP header TTL value?
Which action is valid for decoder/preprocessor stub rules?
Which action is valid for decoder/preprocessor stub rules?
Which keyword can you use to try to close a session when an alert is triggered?
Which keyword can you use to try to close a session when an alert is triggered?
Which rule keyword categorizes alerts into attack classes?
Which rule keyword categorizes alerts into attack classes?
what is the offset?
Given the rule option byte_test:1, ,64,2;, what is the offset?
how many bytes are being jumped?
Given the rule option byte_jump:4,4,relative, align;, how many bytes are being jumped?
where does the system look for the "C" or "c"?
Given the regular expression /[^Cc]at/, where does the system look for the “C” or “c”?