[Oisf-users] Order of matching criteria in rules
Erich Lerch
erich.lerch at gmail.com
Wed Aug 5 14:16:38 UTC 2015
Hi
There is an interesting part on the snort site about the order of
matching criteria:
http://manual.snort.org/node36.html#SECTION00494000000000000000
Basically it says that "discrete" criteria (dsize, flags, flow, ...)
should be placed in front of "content" criteria for performance
reasons.
Does this apply to Suricata as well? Or is there some fundamental
difference in the matching algorithms ?
Erich
More information about the Oisf-users
mailing list