I can’t figure it out / understand. Need to write a rule that catches an HTTP POST request from one ip address more than three times in 10 seconds and logs it.
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"HTTP post packet flood "; flow:to_server; ..... count 3, seconds 10;)
What commands should you use instead of dots? Are there examples somewhere or an article describing the use of flags? I don’t understand at the docks on the official website.