Downloading the two major sets of rules is not difficult. In this example, I am a registered user at Snort.org. I log in with my username and password. On the Snort rules page I scroll down to the section labeled Sourcefire VRT
Acquiring BET rules is simple. Download http://www.bleedingthreats.net/rules/bleeding.rules.tar.gz and extract the contents. If extracted into the same directory as the Sourcefire rules, BET's ruleset will end up in the rules directory created earlier.
Snort Report -- IDS Snort rules
Bleeding Edge Threats rules
Acquiring Snort rules
Activating Snort rules
About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.
This was first published in April 2007