Home page logo
/

snort logo Snort mailing list archives

Re: Rule Migration Cheat Sheet?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 22 Dec 2010 15:45:10 -0500

Maybe a "contest" to see who gets the conversion guide to me in the most accurate and complete format first?

;)  

J

On Dec 22, 2010, at 12:12 PM, Crook, Parker wrote:

There are several new keywords (file_data, byte_extract, http_*)  We don't
have a specific conversion cheat sheet, as the old rule options still work
fine,  the new rule options just allow for clarification of functionality and
a more specific and efficient rule writing process.

That being said, I know a lot of you want to get your rules updated to Snort
2.9 format, I am just swamped, and I know I won't get to it until late
January.  If anyone from the community wants to write a cheat sheet document,
we'll review it, I'll put it on the blog, snort.org, and I'll give you a free
VRT rule subscription for a year.

Takers?

I've had 2.9 setup in the lab for a while and haven't made the push in production yet for this very reason.  I 
suppose I can take the plunge and start working on it and I will document my findings.  I'll get started on this but 
I'm not sure how long it will take.

-Parker


------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]