| Keyword | Description |
| msg | The msg keyword tells the logging and alerting engine the message to print with the packet dump or alert. |
| reference | The reference keyword allows rules to include references to external attack identification systems. |
| gid | The gid keyword (generator id) is used to identify what part of Snort generates the event when a particular rule fires. |
| sid | The sid keyword is used to uniquely identify Snort rules. |
| rev | The rev keyword is used to uniquely identify revisions of Snort rules. |
| classtype | The classtype keyword is used to categorize a rule as detecting an attack that is part of a more general type of attack class. |
| priority | The priority keyword assigns a severity level to rules. |
| metadata | The metadata keyword allows a rule writer to embed additional information about the rule, typically in a key-value format. |