Snort Report 5 Posted

The fifth Snort Report -- Snort Rules -- has been posted. In this article I talk about what Snort rules really mean. I discuss how to get rules from Sourcefire and Bleeding Edge. I don't plan to explain the rules in a feature-by-feature manner because the Snort Manual does that already.

Also, Snort 2.6.1.4 is available. Here are the release notes.

If you missed the earlier editions they are linked at the top of the list on my company research page.

Comments

Anonymous said…
Richard, when using BET rules don't you need to combine the sid-msg.map and bleeding-sid-msg.map files into one for Snort to use?
Yes -- I usually use create-sidmap.pl in the rules directory to create a new sid-msg.map.
Anonymous said…
thankkks

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4