rev

The rev keyword uniquely identifies the revision number of a given Snort rule. This option should be used along with the sid keyword and should be incremented by one each time a change is made to a rule.

This option takes in a single argument, a numeric value that identifies the rule's current revision number. Revision values start at 1, and rules will default to this value if the option is omitted from them.

Format:

rev:revision;

Examples:

sid:1000001; rev:1;

sid:1000001; rev:2;