Thursday, April 24, 2014

Sourcefire VRT Certified Snort Rules Update for 04/24/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/24/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 12 new rules and made modifications to 6 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the server-other rule set to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

OpenAppId Webinar has been scheduled!

Announced at RSA, Snort 2.9.7.0 Alpha with the OpenAppID preprocessor, rule keywords and new features: http://blog.snort.org/2014/02/snort-2970-alpha-release-now-available.html have generated an immense amount of interest in the Snort community.

If you aren't familiar with OpenAppId, you can check out all of our posts about the subject here: http://blog.snort.org/search/label/openappid

We wanted to hold a webinar in order for the Open source community to come, see what it's all about, and ask questions about OpenAppId from the developers themselves.

To register for the Webinar, on Thursday, May 1, 2014 at 1pm EDT, please click here.


Snort 2.9.4.6 is now EOL for rule support.

Snort 2.9.4.6 is now EOL for rule support.

This means we will no longer be releasing updates for this version of the rule engine. Users of this version are now encouraged to upgrade to the latest version of Snort, which is now Snort 2.9.6.1.

Please review our EOL policy here: http://www.snort.org/vrt/rules/eol_policy

Sourcefire VRT Certified Snort Rules Update for 04/24/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/24/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 8 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30772

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, April 23, 2014

Snort 2.9.6.1 is now available!

Snort 2.9.6.1 is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.

Snort 2.9.6.1 includes changes for the following:

2014-04-22 - Snort 2.9.6.1
[*] Improvements
* Added a control command to dump all packets matching a BPF to a pcap
   file for capturing specific traffic for further analysis.

* Address issue for encoded packets and icmp header length determination.

* Provide more detailed error output for parsing of invalid rules when
   byte_test, byte_check, content, and isdataat use a byte_extract value.

* Updated sensitive data to better address partial matches between packets.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

Tuesday, April 22, 2014

Sourcefire VRT Certified Snort Rules Update for 04/22/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/22/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 26 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-identify, file-multimedia, malware-backdoor, malware-cnc and pua-toolbars rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, April 18, 2014

Interest in Starting an Eastern Pennsylvania Snort User Group!

I just posted another interested Snort User Group on the user-groups page on Snort.org.  Mr. David Chastain emailed me and was interested in starting a group and set up an email address just for it.

Please take a look at our User-Groups page, and if you are interested in joining Mr. Chastain's group or any other Snort User Group, please email the owner of the group listed on that page let them know!  Thanks!