Overview
The IPS third-generation engine supports various protocol field modifiers, which are used to modify the detection statements such as **content** and **pcre**, or are used independently as numeric detection fields. When a detection item is modified by a protocol field, the detection scope is more accurate, and threat feature matching can be performed within a field granularity. The IPS third-generation engine supports hundreds of protocol/file decoders and hundreds of protocol fields. This chapter describes some common protocol fields and their meanings.