Thursday, July 24, 2014

Snort 2.9.6.0 is now EOL for rule support

Snort 2.9.6.0 is now EOL for rule support.

This means we will no longer be releasing updates for this version of the rule engine. Users of this version are now encouraged to upgrade to the latest version of Snort, which is now Snort 2.9.6.2.

Please review our EOL policy here: https://www.snort.org/eol

It has come to our attention that pfsense uses version 2.9.6.0 for Snort.  Please contact pfsense and ask them to upgrade the package.

Snort Subscriber Rule Set Update for 07/24/2014

Just released:
Snort Subscriber Rule Set Update for 07/24/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 73 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31507

In VRT's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, file-java, file-multimedia, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 22, 2014

Snort Subscriber Rule Set EOL dates have been updated!

As always when a new version of Snort comes out, I update the EOL date versions found here:

https://www.snort.org/eol

So, take a look there and see if you are affected, and if so, be sure and stay current and update Snort!  https://www.snort.org/downloads

Snort Subscriber Rule Set Update for 07/22/2014

Just released:
Snort Subscriber Rule Set Update for 07/22/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 46 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31452
31453
31454
31456
31457
31458
31463
31464
31465
31466
31467
31468
31472

Nathan Fowler & Nick Mavis
31455

In VRT's rule release:
The VRT has added and modified multiple rules in the blacklist, browser-ie, exploit, exploit-kit, file-flash, file-office, malware-cnc, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, July 21, 2014

Snort Rule Downloaders, we don't support "edge" anymore.

On the previous Snort.org, we had a mechanism that allowed for the download of the latest ruleset, called "edge".  A very low percentage of people used it.

In fact, about 0.03% of people used it, so this mechanism has been retired.

Those of you that used the snortrules-snapshot-edge.tar.gz download method, need to shift the word "edge" to your respective four digit number for the version of Snort you are using.  2962 is the most current version.

So, for example, snortrules-snapshot-2962.tar.gz.  We recommend using PulledPork to manage and download rule set, as it will auto-detect the version of Snort you are using.

We apologize for any inconvenience this may cause.  We'll monitor the situation, and if necessary, will be emailing you individually about the use of "edge" being discontinued.

Please check your pulledpork.conf or oinkmaster.conf and see if you are downloading "edge".

Friday, July 18, 2014

Upgrading Snort to 2.9.6.2, the ruleset.

In the past, when a new version of Snort was released, Registered Rule Users had to wait for 30 days before they could upgrade to the newest version of Snort in order to receive the rule feed.

No longer.

As I mentioned in a previous post on the subject, we now are pushing updates to the Registered and Subscriber rulesets at the same time.  If you navigate to the Snort.org downloads page, you'll notice that you can immediately download the Registered ruleset for Snort version 2.9.6.2.

This means that people can now stay current with their version of Snort, no more waiting to upgrade and no more delays in getting the latest features!

Thursday, July 17, 2014

Snort Subscriber Rule Set Update for 07/17/2014

Snort Subscriber Rule Set Update for 07/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 18 new rules and made modifications to 20 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
31444
31445
31446
31447
31448
31449
31450

Avery Tarasov:
31442

In VRT's rule release:
The VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-firefox, browser-ie, file-office, file-pdf, malware-cnc, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!