Rule options form the heart of Snort's intrusion detection engine, combining
ease of use with power and flexibility. All Snort rule options are separated
from each other using the semicolon (;) character. Rule option keywords are
separated from their arguments with a colon (:) character.
There are four major categories of rule options.
- These options provide information about the rule but do not
have any affect during detection
- These options all look for data inside the packet payload and
can be inter-related
- These options look for non-payload data
- These options are rule specific triggers that happen
after a rule has “fired.”