![]() A number of attacks cannot bedetected by signature matching via the detection engine, so "examine"preprocessors step up to the plate and detect suspicious activity. They can be used toeither examine packets for suspicious activity or modify packets so that thedetection engine can properly interpret them. Snort's preprocessors fall into two categories.
0 Comments
Leave a Reply. |