Tuesday, March 31, 2015

Snort Subscriber Rule Set Update for 03/31/2015

Just released:
Snort Subscriber Rule Set Update for 03/31/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 54 new rules and made modifications to 23 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-ie, exploit-kit, file-flash, file-other, file-pdf, malware-cnc, malware-other, policy-other, protocol-ftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Snort++ Build 144 Available Now

Snort++ build 144 is now available on snort.org.  We have a number of updates this time for you!

New features:

  • ported dns inspector
  • ported ssh inspector
  • added doc/usage.txt

Bug fixes and enhancements:
  • reworked autotools generation of api_options.h
  • updated default manuals
  • apply service from hosts when inspector already bound to flow
  • ensure direction and service are applied to packet regardless of flow state
  • enable active for react / reject only if used in configuration
  • eliminate dedicated nhttp chunk buffer
  • minor nhttp cleanup in StreamSplitter
  • fixed host lookup issue
  • folded classification.lua and reference.lua into snort_defaults.lua
  • apply defaults from parameter tables instead of relying on ctors etc.
  • fix static analysis issues reported by xcode
  • change policy names with a-b form to a_b for consistency
  • make all warnings optional
  • fix ip and tcp policy defines
  • fix ip and icmp flow client/server ip init
  • added build foo for lzma; refactored configure.ac
  • enhancements for checking compatibility of external plugins

You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

Thursday, March 26, 2015

Snort Subscriber Rule Set Update for 03/26/2015

Just released:
Snort Subscriber Rule Set Update for 03/26/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 25 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-webkit, exploit-kit, file-flash, file-pdf, malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Snort++ Update

Just pushed build 143 to github (snortadmin/snort3):

  • added ssh inspector
  • apply service from hosts when inspector already bound to flow
  • ensure direction and service are applied to packet regardless of flow state
  • enable active for react / reject only if used in configuration
  • fixed use of bound ip and tcp policy if not set in hosts
  • eliminate dedicated nhttp chunk buffer
  • minor nhttp cleanup in StreamSplitter


Wednesday, March 25, 2015

Snort VIM Configuration posted!

Our own Victor Roemer of the Snort team has taken the time to write up his own VIM configuration for the Snort rules language.

I've posted a link to his github page over on the documentation page under "Additional Resources"

Thanks Victor!

Tuesday, March 24, 2015

Snort Subscriber Rule Set Update for 03/24/2015

Just released:
Snort Subscriber Rule Set Update for 03/24/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules and made modifications to 16 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-ie, file-flash, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, March 23, 2015

Snort as an IPS Virtual Appliance using Debian and VMWare documentation posted!

Vladimir Koychev wrote a great document and submitted it into us for inclusion on the documentation page focused specifically on deploying Snort as an IPS on a Virtual Appliance.


Check out the document on our documentation page for further information.

Thanks Vladimir, some swag is in the mail!