Snort Report 5 Posted

The fifth Snort Report -- Snort Rules -- has been posted. In this article I talk about what Snort rules really mean. I discuss how to get rules from Sourcefire and Bleeding Edge. I don't plan to explain the rules in a feature-by-feature manner because the Snort Manual does that already.

Also, Snort is available. Here are the release notes.

If you missed the earlier editions they are linked at the top of the list on my company research page.


Anonymous said…
Richard, when using BET rules don't you need to combine the and files into one for Snort to use?
Yes -- I usually use in the rules directory to create a new
Anonymous said…

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4