Thursday, December 8, 2016

Snort Subscriber Rule Set Update for 12/08/2016

Just released:
Snort Subscriber Rule Set Update for 12/08/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-executable, file-office, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, December 6, 2016

Snort Subscriber Rule Set Update for 12/06/2016

Just released:
Snort Subscriber Rule Set Update for 12/06/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 8 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

rmkml
40907

Yaser Mansour
40911


Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-multimedia, malware-cnc, malware-other and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, December 2, 2016

Snort++ Update


Pushed build 220 to github (snortadmin/snort3):

  • fixed uu and qp decode issue
  • fixed file signature calculation for ftp
  • fixed file resume blocking
  • fix 135:2 to be upon completion of 3-way handshake
  • fix memory leak with libcrypto use
  • fix multithreaded use of libcrypto
  • fix default snort2lua output for gtp and modbus
  • fix Lua ordering issue with net and port vars
  • fix miscellaneous multithreading issues with appid
  • fix comment in snort.lua re install directory use;
    thanks to Yang Wang for sending the pull request
  • add alternate fast patterns for dce_udp endianness
  • removed underscores from all peg counts
  • document sensitive data use
  • user manual refactoring and updates


    Thursday, December 1, 2016

    Snort Subscriber Rule Set Update for 12/01/2016

    Just released:
    Snort Subscriber Rule Set Update for 12/01/2016


    We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules and made modifications to 1 additional rules.

    There were no changes made to the snort.conf in this release.


    Talos's rule release:
    Talos has added and modified multiple rules in the browser-firefox, file-identify, file-other, malware-cnc, os-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

    In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

    Wednesday, November 30, 2016

    Snort Subscriber Rule Set Update for 11/30/2016

    Just released:
    Snort Subscriber Rule Set Update for 11/30/2016


    We welcome the introduction of the newest rule release from Talos. In this release we introduced 7 new rules.

    There were no changes made to the snort.conf in this release.



    Talos's rule release:
    Mozilla Firefox 0day Vulnerability: 
    A coding deficiency exists in Mozilla Firefox that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 40888.
    Talos has also added and modified multiple rules in the browser-firefox, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


    In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

    Tuesday, November 29, 2016

    Snort Subscriber Rule Set Update for 11/29/2016

    Just released:
    Snort Subscriber Rule Set Update for 11/29/2016


    We welcome the introduction of the newest rule release from Talos. In this release we introduced 13 new rules and made modifications to 6 additional rules.

    There were no changes made to the snort.conf in this release.

    Talos's rule release:
    Talos has added and modified multiple rules in the deleted, file-executable, file-pdf, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

    In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

    Snort.org feature: Mailing list subscription upon signup

    For those of you that have been part of the Snort community for awhile, you know that the best place to go for help with your Snort installation, rule writing, even to keep tabs on the development of Snort, has been the mailing lists.

    When Snort's downloads were hosted on Sourceforge, (which we stopped doing at Snort 2.9.7.6), adding yourself to one of our four mailing lists was part of the experience.  So we wanted to make it simple for new users to add themselves to the mailing list, and get help with their installation and usage of Snort.

    As a new feature, when a new user is created on Snort.org, we give you the option of subscribing to one (or all) of our mailing lists.  You will still have to confirm your subscription, just like any other user, but hopefully this should help people find our list, archives, and the growing community of Snort users.

    With over 1,000 new signups a week on Snort.org, we hope that people will join our lists and participate with some of our more seasoned veterans!  We also hope that our seasoned veterans will help out the new guys, remember, we were all beginners once.