Post-Detection Rule Options
Post-detection rule options are specific triggers that happen after a rule has "fired". All post-detection options are discussed in the next few sections, but a quick reference of them all can be found below.
Quick Reference
| keyword | description |
|---|---|
| detection_filter | detection_filter sets the rate in which the rule must hit before an event gets generated |
| replace | replace is used to match and then overwrite payload data |
| tag | tag is used to log additional packets after a rule event |