Home
Topics
Security Channel
Network security products, technologies, services
IDS Snort rules: Acquiring Snort rules

IDS Snort rules: Acquiring Snort rules

Downloading the two major sets of rules is not difficult. In this example, I am a registered user at Snort.org. I log in with my username and password. On the Snort rules page I scroll down to the section labeled Sourcefire VRT

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Certified Rules - The Official Snort Ruleset (registered user release) and select the link for snortrules-snapshot-CURRENT.tar.gz. If I am not logged in I cannot download those rules. After downloading snortrules-snapshot-CURRENT.tar.gz and extracting it, I have three directories: rules, doc and so_rules. Snort rules are in the first, rule documentation in the second and shared object rules in the third. (For now focus on the rules directory; future articles will address shared object rules.)

Acquiring BET rules is simple. Download http://www.bleedingthreats.net/rules/bleeding.rules.tar.gz and extract the contents. If extracted into the same directory as the Sourcefire rules, BET's ruleset will end up in the rules directory created earlier.

Snort Report -- IDS Snort rules

Introduction
False positives
Sourcefire rules
Bleeding Edge Threats rules
Acquiring Snort rules
Activating Snort rules
Loading rules

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

More News and Tutorials

Articles

Configuring Snort for Red Hat Enteprise Linux 5

How to decipher the Oinkcode for Snort's VRT rules

IDS Snort rules: Sourcefire rules

Intrusion detection with Snort on Red Hat Enterprise Linux 5

How to use shared object rules in Snort

This was first published in April 2007

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Microscope
Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup

MicroscopeUK
- SolarWinds targets SME channel with N-able buy
  
  Acquisition will help management software vendor target more sub-100 head business through the channel
- Proofpoint warns against longlining phising attacks
  
  Security resellers have an opportunity to talk to customers about phising with the emergence of longlinging
- Computacenter returns £75m to shareholders
  
  Computacenter is to return £75m to shareholders in a one-off payment but has reassured investors it still has enough funds to invest back into the business
Cloud Provider
- What are the different phases of an IPv6 implementation?
  
  In an IPv6 implementation, it's important to spend time with each of the five phase of the process, IPv6 expert Chip Popoviciu says.
- MSPAlliance cloud insurance offers liability coverage for providers
  
  The MSPAlliance introduces new cloud insurance program, offering extended liability coverage for providers and peace of mind for customers.
- SDN's missing links: Five barriers blocking SDN adoption by providers
  
  As more providers move to deploy SDN, adoption is being hindered by crucial gaps in device standards and tools for network control.
Security
- IT certification guide: Vendor-specific information security certifications
  
  Experts Ed Tittel and Mary Lemons provide a 2013 overview of vendor-specific information security certifications available.
- Introduction: Vendor-neutral security certifications for your career path
  
  Ed Tittel and Mary Lemons offer the definitive primer for vendor-neutral security certifications in 2013.
- SearchSecurity.com's IT security certifications guide
  
  Afraid of making a wrong turn in your career? Our newly updated 2013 guide to information security certifications maps out all your options.
Networking
- F5 Application Acceleration Manager combines WAN, Web optimization
  
  F5 Application Acceleration Manager is a single platform for transport, data center and application optimization.
- Robust network security solutions still lacking
  
  As network attacks grow in intensity, network administrators are still seeking tools to block intrusions.
- Networking blogs: The MapR platform strategy; Tax Day case for IPv6
  
  This week, networking bloggers point out the steady progress of the MapR platform and make a case for the serious adoption of IPv6.
searchStorage
- RAID alternatives: Will erasure codes rule?
  
  Learn why the reliability of RAID technologies could be related to the increased use of erasure coding by both new and established storage vendors.
- Permabit Technology extends primary data deduplication software
  
  Permabit tries to make its primary deduplication software more palatable to OEMs by adding compression and replication plug-ins.
- HP cloud storage service features open source OpenStack object store
  
  HP cloud storage service uses open source OpenStack object store to attract developers, ISVs and enterprises in competition against Amazon S3.
Cloud computing
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
- VMware charges into public cloud IaaS fray as Dell exits
  
  Dell will discontinue its OpenStack and VMware vCloud-based public cloud offerings as VMware delivers its vCloud IaaS.
- Cloud migration obstacles remain for heavily regulated industries
  
  Financial, government and healthcare industries must overcome data security breaches and regulatory issues for a successful cloud migration.
Server Virtualization
- Virtualization widens schism between server and networking teams
  
  Virtual networking has revived tensions between server and networking teams within data centers, but it's a dynamic both sides must embrace.
- Strike a common-sense balance when deciding what to automate
  
  Consider the many factors that determine the potential return on investment when deciding when and what to automate.
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
searchDataBackup
- The pros and cons of integrated backup appliances
  
  Find out whether integrated backup appliances with backup software, server and storage offer any benefits beyond ease of installation.
- Quantum vmPRO adds LTFS tape support, DXi V-Series gains capacity
  
  Quantum upgrades its vmPRO virtual machine backup appliance, supporting 24 TB of pre-deduped data and LTFS tape in a virtual appliance.
- Veeam Software adds WAN acceleration, tape support for VM backup
  
  Veeam upgrades its virtual machine backup software, building WAN acceleration and native tape support into Backup & Recovery v7.

All Rights Reserved,Copyright 2006 - 2013, TechTarget