IDS Snort rules: Bleeding Edge Threats rules

This section of the Snort Report on Snort IDS rules covers rules privded by Bleeding Edge Threats (BET).

Matt Jonkman and James Ashton founded Bleeding Edge Threats (BET) (previously Bleeding Edge Snort) in 2003 as a focus point for a variety of projects related to intrusion detection. BET's most popular set of rules are BSD licensed and require no registration. There are other rules available, too.

I recommend using both Sourcefire VRT rules and BET rules on sensors. Sourcefire VRT rules are backed by a professional rule development team with millions of dollars of testing equipment at its disposal and specialized tools for signature generation, so they tend to be solid and well-tested. BET releases rules almost immediately upon discovery of a network-based attack, so they can be rough around the edges and less tested. I have found many interesting network activities only using BET rules, however.

Snort Report -- IDS Snort rules

  False positives
  Sourcefire rules
 Bleeding Edge Threats rules
  Acquiring Snort rules
  Activating Snort rules
  Loading rules

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

Dig Deeper on Managed network services technology