Home page logo
/

snort logo Snort mailing list archives

Snort.org was updated today, with new features!
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 17:34:44 -0400

Today our web team here at Sourcefire did some updates to both the front and back end of the Snort.org website.  So I 
just wanted to bring a couple of these features out to the community's attention:

False Positive Reporting Form

We now have the ability for you to submit a false positive report directly to the Vulnerability Research Team (VRT) at 
Sourcefire via a web form.  The web form will ask you for the following items:

A description of the false positive
A SID and GID for the event
Snort version
Operating System & Version
If Snort was built from source or from a binary package
If you've used any non-standard PCAP libraries
Any command line options passed to Snort
Full Snort Configuration file
Full PCAP (Where PCAPs can't be collected unified log files are acceptable)
Of course Sourcefire still will monitor the snort-sigs list as well as the #snort channel on the Freenode network on 
IRC, however, this form should get us a more comprehensive look at any problems that may occur with False Positives 
against VRT Ruleset.

Privacy for False Positives

Your information that you submit in the False Positive Form can only be viewed by the VRT.  It is transferred to our 
file storage via secure connection.

The form is here: https://www.snort.org/uploads, and you'll need to log into the Snort.org website to use the feature.

Command Line Rules Access Instructions

Since we moved the Snort.org website's file transfers to Amazon's S3 cloud architecture, there has been a lot of 
confusion surrounding the instructions (and file naming) for Snort's rule files and source files.

We have created instructions on the website now on how to download files via wget and curl so that you may build this 
into your scripts and use the commands natively.

For the source files:
http://www.snort.org/snort-downloads/cli

For the rules files:
http://www.snort.org/snort-rules/cli

The "Edge rulepack"

Another type of Snort rule pack has been introduced as well.  We are calling this the "edge" rule pack.  Which tracks 
the latest work being done by the VRT so you don't have to change the name of the rulepack file you are downloading 
with each new release.

snortrules-snapshot-edge.tar.gz will now download the most current versioned rulepack.  For example, if Snort 2861 and 
2900 rules are available, "edge" will pull down 2900.

http://www.snort.org/snort-rules/cli#edge

These updates are also summarized here:

http://www.snort.org/site/update-20101103

Thanks all for your continued support of Sourcefire and Snort, and we'll continue to make improvements to the website.

If there are any questions, don't hesitate to contact me (or the list) and we can get them resolved (or if you run into 
any problems with the above).

Thanks,

Joel Esler
Sourcefire
------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

  By Date           By Thread  

Current thread:
  • Snort.org was updated today, with new features! Joel Esler (Nov 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]