Snort Rule > ARRAY NTB XML

Translate Snort Rule to Array NTB XML

HOME NET

ipvar $HOME_NET 10.0.2.0/24
<filter id="1" sessionBase="no" alt="HOME_NET">
    <or>
        <find name="ip.src" relation="==" content="10.0.2.0/24"/>
    </or>
</filter>

EXTERNAL NET

ipvar $EXTERNAL_NET any
<filter id="2" sessionBase="no" alt="EXTERNAL_NET">
    <or>
    </or>
</filter>

HTTP PORTS

portvar MY_HTTP_DST_PORTS [80,8080]
<filter id="3" sessionBase="no" alt="MY_HTTP_DST_PORTS">
    <or>
        <find name="tcp.dstport" relation="==" content="80"/>
        <find name="tcp.dstport" relation="==" content="8080"/>
    </or>
</filter>

Rule1

PreviousBandwidth ControlNextOffload

Last updated