SNORT

MAIN COMPONENTS

RULE TYPES

MODE COMPARISON

CONFIGURATION FILES

SNORT.CONF SECTIONS

NETWORK

this section is used to manage the scope of the detection and rule paths

DECODER

this section is used to manage snort's IPS mode. Data Acquisition Modules (DAQ) are specific libraries used for packet I/O. it brings flexibility to process packets

OUTPUT PLUGINS

this section is used to manage the outputs of the IDS/IPS actions, such as logging and alerting format details. The default action prompts everything in the console application

RULESET

this section is used for ruleset customization