Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More APT1 info that needs to be made into snort rules

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 4 Mar 2013 09:21:24 -0500
On Mar 4, 2013, at 8:49 AM, Barry Weymes <weymes () fox-it com> wrote:


Hello,
 
I came across a Symantec report 
today:http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf
I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it 
being made into rules.
 
Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within 
sourcefire that would knowledge about the rule generation process?


I've opened a bug to see what we can make!

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: