Monday, August 18, 2014

Snort Subscriber Ruleset: Re-categorization of the Shared Object Rules

In 2012, the VRT (now Talos) performed a massive restructuring of the plaintext ruleset from the old category structure to a new category structure.  Since then we've received overwhelmingly positive feedback about them, so we will continue the effort by moving the Shared Object Rules into a similar category structure.

With tomorrow's rule release we will be introducing the following Shared Object Rule Categories:

browser-ie.rules
browser-other.rules
browser-plugins.rules
exploit-kit.rules
file-executable.rules
file-flash.rules
file-image.rules
file-java.rules
file-multimedia.rules
file-office.rules
file-other.rules
file-pdf.rules
indicator-shellcode.rules
malware-cnc.rules
malware-other.rules
netbios.rules
os-linux.rules
os-other.rules
os-windows.rules
policy-social.rules
protocol-dns.rules
protocol-icmp.rules
protocol-nntp.rules
protocol-other.rules
protocol-snmp.rules
protocol-voip.rules
pua-p2p.rules
server-apache.rules
server-iis.rules
server-mail.rules
server-mysql.rules
server-oracle.rules
server-other.rules
server-webapp.rules

The example snort.conf's have been updated, and can be downloaded here: https://www.snort.org/configurations, and will being shipping in the Snort Subscriber Rule Set Registered and Subscriber packages immediately.

If you are using PulledPork to manage your ruleset, (as you should be), in the default mode, you shouldn't have to do anything, as all the rule files are merged into one file by default.

Any questions, please do not hesitate to contact us via the Snort mailing lists.

No comments:

Post a Comment