Re: Import ET into Sourcefire DC

[Matthew Jonkman <jonkman () emergingthreatspro com>]

I appreciate the concern to not offend anyone. It's something that comes up often for us and we haven't seen a good 
resolution.

How about you just point us to the docs on that so we can help folks that have issues and we let it leave the lists 
here? Is that possible?

(I swear, I'm not trying to start a fight here. :) We just are curious too and want to help folks be able to import ET 
rules. And heck, it'll help sell SF consoles if people can use them easier. )

Matt



On Jan 17, 2011, at 8:30 AM, Joel Esler wrote:

> Matt,
>
> This isn't a Snort issue, it's a Sourcefire issue, and we have strict internal restrictions about discussing product 
> on the Snort lists for fear of people accusing us of advertising product, so I'd rather it NOT be on list.  If I do 
> it, that allows other people to do it, and other companies, and before we know it the Snort lists will turn into an 
> advertising list, and we all don't want that.
>
> The correct way for this question to be fielded is through Sourcefire support.  
>
> The import of rules is extremely easy to do and is documented both in our manual as well as the help documentation 
> within the Defense Center.    If you have a Sourcefire support account, it's documented for you.
>
> Joel
>
> On Jan 17, 2011, at 8:24 AM, Matthew Jonkman wrote:
>
> > I'd love to see this on the list of we can. We have a number of customers that do, and a lot of open ruleset users 
> > that want to, but there's never been much discussion of how to do so. 
> >
> > No one likes a security product that eliminates flexibility, more info here would be good for all I think. I'll even 
> > make sure we get it documented somewhere public!
> >
> > Matt
> >
> >
> > On Jan 17, 2011, at 8:17 AM, Joel Esler wrote:
> >
> > > On Jan 17, 2011, at 8:00 AM, Gregory Zill wrote:
> > >
> > > > Possibly a little off-topic, but I was wondering if anyone uses ET rules on a Sourcefire Defense Center? The rules 
> > > > need to be reformatted somewhat before accepted into the DC for use on SF sensors. I appreciate any information 
> > > > out there.
> > >
> > >
> > > We know of a couple customers that do.  If you'd like to write me off-list, I can help you with this.
> > >
> > >
> > >
> > >
> > > --
> > > Joel Esler
> > > jesler () sourcefire com
> > > http://blog.snort.org && http://blog.clamav.net
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Protect Your Site and Customers from Malware Attacks
> > > Learn about various malware tactics and how to avoid them. Understand 
> > > malware threats, the impact they can have on your business, and how you 
> > > can protect your company and customers by using code signing.
> > > http://p.sf.net/sfu/oracle-sfdevnl
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > ----------------------------------------------------
> > Matthew Jonkman
> > Emergingthreats.net
> > Emerging Threats Pro
> > Open Information Security Foundation (OISF)
> > Phone 765-807-8630
> > Fax 312-264-0205
> > http://www.emergingthreatspro.com
> > http://www.openinfosecfoundation.org
> > ----------------------------------------------------
> >
> > PGP: http://www.jonkmans.com/mattjonkman.asc
>
> --
> Joel Esler
> jesler () sourcefire com
> http://blog.snort.org && http://blog.clamav.net


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users