Home page logo

snort logo Snort mailing list archives

Re: Rule Migration Cheat Sheet?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 22 Dec 2010 15:45:10 -0500

Maybe a "contest" to see who gets the conversion guide to me in the most accurate and complete format first?



On Dec 22, 2010, at 12:12 PM, Crook, Parker wrote:

There are several new keywords (file_data, byte_extract, http_*)  We don't
have a specific conversion cheat sheet, as the old rule options still work
fine,  the new rule options just allow for clarification of functionality and
a more specific and efficient rule writing process.

That being said, I know a lot of you want to get your rules updated to Snort
2.9 format, I am just swamped, and I know I won't get to it until late
January.  If anyone from the community wants to write a cheat sheet document,
we'll review it, I'll put it on the blog, snort.org, and I'll give you a free
VRT rule subscription for a year.


I've had 2.9 setup in the lab for a while and haven't made the push in production yet for this very reason.  I 
suppose I can take the plunge and start working on it and I will document my findings.  I'll get started on this but 
I'm not sure how long it will take.


Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]