configuring signatures

alert serverity:告警的严重级别,选项high,informational,low,medium

sig fidelity rating:可信度,越高越可信

promiscuous delta:杂合的增量,可信度的变量,两种模式在线模式和杂合模式.

signature name:signature的名字

engine:引擎

event action:action默认produce alert是打开的告警.

event counter:计数器,默认情况来一个包一个event,

event count key:根据攻击者地址,被攻击者地址,或两者兼计算次数.

summary mode:有fire al有一个event就一个告警l,fire once不管多少个event只告一次警,global summarize不管源目的多少秒告一次警,summarize每多少秒根据源目的做一个汇总告警.

A=source address

a=source port

B=destination address

b=destination port

x=does not matter

event count key:

summary key:

storage key:

meta key: