Re: help with time in rules

[evejou <girl () techn0ev3 net>]

Yup. You're looking for the threshold keyword here:
http://manual.snort.org/node35.html




On Nov 6, 2012, at 4:01 AM, Jose A. <bromistamix () hotmail com> wrote:

> Hello!
>  
> I have a question when i want to develop a rule in snort.
>  
> It is possible to specify the time and the number of events in the rule?
>  
> For example, create an alarm when the same event occurs within two minutes 10 times.
>  
> Thanks!
>  
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d_______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!