mailing list archives
Snort.org was updated today, with new features!
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 17:34:44 -0400
Today our web team here at Sourcefire did some updates to both the front and back end of the Snort.org website. So I
just wanted to bring a couple of these features out to the community's attention:
False Positive Reporting Form
We now have the ability for you to submit a false positive report directly to the Vulnerability Research Team (VRT) at
Sourcefire via a web form. The web form will ask you for the following items:
A description of the false positive
A SID and GID for the event
Operating System & Version
If Snort was built from source or from a binary package
If you've used any non-standard PCAP libraries
Any command line options passed to Snort
Full Snort Configuration file
Full PCAP (Where PCAPs can't be collected unified log files are acceptable)
Of course Sourcefire still will monitor the snort-sigs list as well as the #snort channel on the Freenode network on
IRC, however, this form should get us a more comprehensive look at any problems that may occur with False Positives
against VRT Ruleset.
Privacy for False Positives
Your information that you submit in the False Positive Form can only be viewed by the VRT. It is transferred to our
file storage via secure connection.
The form is here: https://www.snort.org/uploads, and you'll need to log into the Snort.org website to use the feature.
Command Line Rules Access Instructions
Since we moved the Snort.org website's file transfers to Amazon's S3 cloud architecture, there has been a lot of
confusion surrounding the instructions (and file naming) for Snort's rule files and source files.
We have created instructions on the website now on how to download files via wget and curl so that you may build this
into your scripts and use the commands natively.
For the source files:
For the rules files:
The "Edge rulepack"
Another type of Snort rule pack has been introduced as well. We are calling this the "edge" rule pack. Which tracks
the latest work being done by the VRT so you don't have to change the name of the rulepack file you are downloading
with each new release.
snortrules-snapshot-edge.tar.gz will now download the most current versioned rulepack. For example, if Snort 2861 and
2900 rules are available, "edge" will pull down 2900.
These updates are also summarized here:
Thanks all for your continued support of Sourcefire and Snort, and we'll continue to make improvements to the website.
If there are any questions, don't hesitate to contact me (or the list) and we can get them resolved (or if you run into
any problems with the above).
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
Snort-devel mailing list
Snort-devel () lists sourceforge net
- Snort.org was updated today, with new features! Joel Esler (Nov 03)