General Rule Options
General rule options provide information about a rule, but they do not at all change what a given rule looks for in a packet. General options are not required for a rule, but it is strongly recommended that they are used to provide additional context for a rule should that rule ever generate an event.
Each general option is described in subsequent sections, but the following table lists each one for quick reference.
| keyword | description |
|---|---|
| msg | msg sets the message to be printed out when a rule matches |
| reference | reference is used to provide additional context to rules in the form of links to relevant attack identification systems |
| gid | gid identifies the specific Snort component that generates a given event |
| sid | sid identifies the unique signature number assigned to a given Snort rule |
| rev | rev identifies the particular revision number of a given Snort rule |
| classtype | classtype assigns a classification to the rule to indicate the type of attack associated with an event |
| priority | priority sets a severity level for appropriate event prioritizing |
| metadata | metadata adds additional and arbitrary information to a rule in the form of name-value pairs |
| service | service sets the list of services to be associated with a given rule |
| rem | rem is used to convey an arbitrary comment in the rule body |
| file_meta | file_meta is used to set the file metadata for a given file identification rule |