Home page logo
/

snort logo Snort mailing list archives

Rule Migration Cheat Sheet?
From: "Hayes, Bert (ISO)" <bhayes () infosec utexas edu>
Date: Tue, 21 Dec 2010 13:51:40 -0600

My apologies if this has already been covered elsewhere; if it has, I sure
can't find it.

I'm upgrading a non-production system from Debian's Snort 2.7 package to
Snort 2.9.0.3 compiled from source.  This system only uses a handful of
custom rules that I've written myself for post-mortem pcap analysis of
malware, etc.  I'm not using VRT, ET, ET Pro, etc.  Just a few rules dumped
from my brain.

I'm aware that there were some big changes in rule syntax as of 2.8.6 (man,
am I aware) but I can't find a concise, coherent explanation of what the
specific changes are.  I can find tons of links re: how to get new and
improved rules that others have written, but nothing that addresses how to
re-write my own rules.

Anybody got a link?  Can it be posted to the Snort blog (I know it's not
exactly timely, but it could help others).

Thanks.

-Bert

--
Bert Hayes, GCIH
Senior Network Security Analyst
University of Texas at Austin
Information Security Office


Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]