Tuesday, July 22, 2014

Snort Subscriber Rule Set EOL dates have been updated!

As always when a new version of Snort comes out, I update the EOL date versions found here:

https://www.snort.org/eol

So, take a look there and see if you are affected, and if so, be sure and stay current and update Snort!  https://www.snort.org/downloads

Snort Subscriber Rule Set Update for 07/22/2014

Just released:
Snort Subscriber Rule Set Update for 07/22/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 46 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31452
31453
31454
31456
31457
31458
31463
31464
31465
31466
31467
31468
31472

Nathan Fowler & Nick Mavis
31455

In VRT's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-ie, exploit, exploit-kit, file-flash, file-office, malware-cnc, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, July 21, 2014

Snort Rule Downloaders, we don't support "edge" anymore.

On the previous Snort.org, we had a mechanism that allowed for the download of the latest ruleset, called "edge".  A very low percentage of people used it.

In fact, about 0.03% of people used it, so this mechanism has been retired.

Those of you that used the snortrules-snapshot-edge.tar.gz download method, need to shift the word "edge" to your respective four digit number for the version of Snort you are using.  2962 is the most current version.

So, for example, snortrules-snapshot-2962.tar.gz.  We recommend using PulledPork to manage and download rule set, as it will auto-detect the version of Snort you are using.

We apologize for any inconvenience this may cause.  We'll monitor the situation, and if necessary, will be emailing you individually about the use of "edge" being discontinued.

Please check your pulledpork.conf or oinkmaster.conf and see if you are downloading "edge".

Friday, July 18, 2014

Upgrading Snort to 2.9.6.2, the ruleset.

In the past, when a new version of Snort was released, Registered Rule Users had to wait for 30 days before they could upgrade to the newest version of Snort in order to receive the rule feed.

No longer.

As I mentioned in a previous post on the subject, we now are pushing updates to the Registered and Subscriber rulesets at the same time.  If you navigate to the Snort.org downloads page, you'll notice that you can immediately download the Registered ruleset for Snort version 2.9.6.2.

This means that people can now stay current with their version of Snort, no more waiting to upgrade and no more delays in getting the latest features!

Thursday, July 17, 2014

Snort Subscriber Rule Set Update for 07/17/2014

Snort Subscriber Rule Set Update for 07/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 18 new rules and made modifications to 20 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
31444
31445
31446
31447
31448
31449
31450

Avery Tarasov:
31442

In VRT's rule release:
The VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-firefox, browser-ie, file-office, file-pdf, malware-cnc, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, July 16, 2014

Snort 2.9.6.2 is now available!

Snort 2.9.6.2 is now available on Snort.org at https://www.snort.org/downloads!

Snort 2.9.6.2 includes changes for the for the following:

[*] New additions
* Added the ability to specify additional custom 'x-forwarder-for' http field names.
A new http inspection configuration element is used to specify a set of
field names and their respective precedence order.

* Added cache flow timeout for IP.

[*] Improvements
* Fixed handling of ICMPv6 traffic.

* Fixed inline stream reassembly during file processing.

* Addressed race condition issue with Perfmon stats file rollover.

See the Release Notes and ChangeLog for more details!

Please submit bugs, questions, and feedback to bugs@snort.org

Happy Snorting!
The Snort Release Team

Tuesday, July 15, 2014

Snort Subscriber Rule Set Update for 07/15/2014

Just released:
Snort Subscriber Rule Set Update for 07/15/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 14 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-office, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!