Home page logo

snort logo Snort mailing list archives

Re: CVE vs VRT Rules
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 25 Jun 2013 12:11:49 -0400

On 6/24/2013 23:33, Bandekar, Ravi wrote:

So If I give you something like the below to add to the VRT rules, are you able
to create the custom rules, so we can add it to our environment?

CVE ID CVE-2013-1178
CVE ID CVE-2013-1179
CVE ID CVE-2013-1180

someone /might/ be able to but if you have actual traffic concerning those 
rules, you should also be able to grab packet captures (pcaps) of that traffic 
and create the necessary rules yourself...

that's one of the nice features of snort and its rules... if you don't have a 
rule for what you want to detect, you can create it yourself... you may also 
share your self-created rules with others if you desire...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

This SF.net email is sponsored by Windows:

Build for Windows Store.

Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]