Wednesday, April 04, 2007

Snort Report 5 Posted

The fifth Snort Report -- Snort Rules -- has been posted. In this article I talk about what Snort rules really mean. I discuss how to get rules from Sourcefire and Bleeding Edge. I don't plan to explain the rules in a feature-by-feature manner because the Snort Manual does that already.

Also, Snort 2.6.1.4 is available. Here are the release notes.

If you missed the earlier editions they are linked at the top of the list on my company research page.

3 comments:

Anonymous said...

Richard, when using BET rules don't you need to combine the sid-msg.map and bleeding-sid-msg.map files into one for Snort to use?

Richard Bejtlich said...

Yes -- I usually use create-sidmap.pl in the rules directory to create a new sid-msg.map.

evden eve nakliyat said...

thankkks