New Rule Types in Snort 3

Snort 3 introduces three new rule types to simplify and enhance rule writing: service rules, file rules, and file identification rules.

Service and file rules allow for the creation of cleaner-looking rules that are service-specific and service-agnostic, respectively, while file identification rules use the new file_meta rule option to perform file type identification.

Each of these new rule types are created using a unique rule header, and more info about each can be found in the subsequent chapters.

Snort 3 Rule Writing Guide

New Rule Types in Snort 3