sniper-tms-snort-rules
Fetch Snort rules from sensors
Syntax
sniper-tms-snort-rules [profile=PROFILE] [device=DEVICE] [signature=SIGNATURE] [rule=RULE] [limit=NUM]
Options
- profile=PROFILE
- Optional. Profile name of SNIPER TMS-Plus
- device=DEVICE
- Optional. Sensor IP addresses (comma separated)
- signature=SIGNATURE
- Optional. Signature filter
- rule=RULE
- Optional. Rule filter
- limit=NUM
- Optional. Maximum number of results (default: 100,000)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | Connect profile name |
| device_ip | IP address | IP | Device (sensor) IP address |
| device_name | String | Sensor Name | Device (sensor) name |
| device_code | Integer | Device Code | Sensor device code |
| code | String | Rule Code | Rule code |
| signature | String | Signature | Signature |
| rule | String | Rule | Snort rule content |
| protocol | String | Protocol | Protocol |
| port | Integer | Source Port | Source port |
| updated | Date | Updated | Last updated time |