我配置了snort规则来检测ping和tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
如何配置 snort 规则来检测 http、https 和电子邮件?
Snort 检测 http 的规则:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
Snort 规则检测 https:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)