Thursday, August 28, 2014

Snort Subscriber Rule Set Update for 08/28/2014

Just released:
Snort Subscriber Rule Set Update for 08/28/2014


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules and made modifications to 13 additional rules.

There was one change made to the snort.conf in this release.  Port 2578 was added to HTTP_PORTS, http_inspect, and stream5 ports both.  Download the latest Snort.conf files here:
https://www.snort.org/configurations


Talos's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-shellcode, malware-cnc, malware-other, netbios, os-linux, os-other, os-windows, policy-social, protocol-dns, protocol-icmp, protocol-nntp, protocol-snmp, protocol-voip, pua-p2p, server-apache, server-iis, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 26, 2014

Snort Subscriber Rule Set Update for 08/26/2014

Just released:
Snort Subscriber Rule Set Update for 08/26/2014

We welcome the introduction of the newest rule release from Talos. In this release we introduced 29 new rules and made modifications to 55 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
31681
31682
31683


Talos's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-identify, indicator-compromise, malware-cnc, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 21, 2014

Snort Subscriber Rule Set Update for 08/21/2014

Just released:
Snort Subscriber Rule Set Update for 08/21/2014

We welcome the introduction of the newest rule release from Talos. In this release we introduced 21 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
31680
31681
31682
31683

Talos's rule release:
The VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-ie, chat, dos, exploit, file-flash, file-other, file-pdf, icmp, imap, malware-cnc, misc, multimedia, netbios, nntp, p2p, smtp, snmp, specific-threats, web-activex, web-client and web-misc rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, August 20, 2014

Snort Subscriber Rule Set Purchases

Since the rollout of the new site, we've received a ton of comments, and I'd like to thank everyone for their feedback (positive and negative!) on behalf of the Open Source and Web Teams here in Talos and Snort.org.

We've been noticing a very small mistake that some people are making, and I wanted to make sure that I brought it up.

Since the Snort Subscriber Rule Set on Snort.org auto-renews every year to allow people to punch in a credit card and have the order fulfilled, people have started to receive an email from our credit card company saying that your charge was unsuccessful.

This usually means that your subscription is about to lapse and the site is attempting to renew the subscription automatically, however, you don't have a card on file with our merchant to charge.  So you get the unsuccessful charge email.

Most of you are logging in, placing your credit card in the system and renewing the subscription, which we truly appreciate, as it goes back into funding the Open Source office.

However, some people are logging in, placing the credit card in the system, and not selecting the radio button and quantity of how many subscriptions you want to purchase and how many.

Hopefully this post, while minor, helps someone out.  Please keep the feedback for Snort.org coming to snort-site@cisco.com, we're listening!

Snort Installation Guide for Debian 7.6 has been posted!

Thanks to Jason Weir of our Snort Community who contributed this document, a set up guide for Snort 2.9.6.2 on Debian 7.6.

The guide has been published (along with our many other great guides!) in our Snort Setup Documentation section on www.snort.org!

Be sure and check it out!

Thanks Jason!

Tuesday, August 19, 2014

Snort Subscriber Rule Set Update for 08/19/2014, Shared Object Ruleset Re-categorization

Just released:
Snort Subscriber Rule Set Update for 08/19/2014


We welcome the introduction of the newest rule release from Talos. In this release we introduced 18 new rules and made modifications to 255 additional rules.

There were category additions made to the snort.conf in this release.  Please download the new snort.conf configurations from Snort.org.

Talos's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-shellcode, malware-cnc, malware-other, netbios, os-linux, os-other, os-windows, policy-social, protocol-dns, protocol-icmp, protocol-nntp, protocol-snmp, protocol-voip, pua-p2p, server-apache, server-iis, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, August 18, 2014

Snort Subscriber Ruleset: Re-categorization of the Shared Object Rules

In 2012, the VRT (now Talos) performed a massive restructuring of the plaintext ruleset from the old category structure to a new category structure.  Since then we've received overwhelmingly positive feedback about them, so we will continue the effort by moving the Shared Object Rules into a similar category structure.

With tomorrow's rule release we will be introducing the following Shared Object Rule Categories:

browser-ie.rules
browser-other.rules
browser-plugins.rules
exploit-kit.rules
file-executable.rules
file-flash.rules
file-image.rules
file-java.rules
file-multimedia.rules
file-office.rules
file-other.rules
file-pdf.rules
indicator-shellcode.rules
malware-cnc.rules
malware-other.rules
netbios.rules
os-linux.rules
os-other.rules
os-windows.rules
policy-social.rules
protocol-dns.rules
protocol-icmp.rules
protocol-nntp.rules
protocol-other.rules
protocol-snmp.rules
protocol-voip.rules
pua-p2p.rules
server-apache.rules
server-iis.rules
server-mail.rules
server-mysql.rules
server-oracle.rules
server-other.rules
server-webapp.rules

The example snort.conf's have been updated, and can be downloaded here: https://www.snort.org/configurations, and will being shipping in the Snort Subscriber Rule Set Registered and Subscriber packages immediately.

If you are using PulledPork to manage your ruleset, (as you should be), in the default mode, you shouldn't have to do anything, as all the rule files are merged into one file by default.

Any questions, please do not hesitate to contact us via the Snort mailing lists.