Thursday, May 29, 2014

Sourcefire VRT Certified Snort Rules Update for 05/29/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/29/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 13 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
31084

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-other, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 27, 2014

Sourcefire VRT Certified Snort Rules Update for 05/27/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/27/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 28 new rules and made modifications to 48 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
31070

The VRT would also like to thank @rmkml for his corrections to several Snort rules.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-identify, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, os-windows, protocol-snmp, pua-toolbars, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 22, 2014

Sourcefire VRT Certified Snort Rules Update for 05/22/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/22/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 9 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
31053


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, malware-cnc and web-misc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 20, 2014

Sourcefire VRT Certified Snort Rules Update for 05/20/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/20/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 16 new rules and made modifications to 31 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31034
31035
31036

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-image, file-office, malware-cnc, protocol-scada, pua-adware and sql rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, May 16, 2014

Snort IPS using the DAQ AFPacket installation guide has been posted!

Thanks to one of our community members, Yaser Mansour!  He authored a simple guy to get Snort up and running as an IPS using the AFPacket DAQ.  I've listed it under "Installation Guides" on the docs page:

https://www.snort.org/documents

Thanks Yaser!  You are what makes the Snort Community wonderful!

Thursday, May 15, 2014

Sourcefire VRT Certified Snort Rules Update for 05/15/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/15/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 66 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30997
30998
30999
31000
31001
31020

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, protocol-icmp, pua-adware and server-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 13, 2014

Sourcefire VRT Certified Snort Rules Update for 05/13/2014, MSTuesday

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/13/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 21 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30949

In VRT's rule release:
Microsoft Security Bulletin MS14-022:
A coding deficiency exists in Microsoft SharePoint that may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 30951.

Microsoft Security Bulletin MS14-029:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 30956 through 30957
and 30961 through 30964.

The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-ie, browser-other, dos, exploit-kit,
file-multimedia, malware-backdoor, malware-cnc, malware-other,
server-apache, server-mail and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, May 9, 2014

New Snort User Group interested in starting in Germany

I was contacted today from a Snort community member interested in starting a Snort User Group in Munich, Germany!

Check out or Snort User groups page for a user group near you and get in touch with the organizer to help out or attend!

http://www.snort.org/community/user-groups/

Thursday, May 8, 2014

Sourcefire VRT Certified Snort Rules Update for 05/08/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/08/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 40 new rules and made modifications to 14 additional rules.

There was one change made to the snort.conf in this release:

Port 13014 was added to HTTP_PORTS, http_inspect, and stream5 ports both

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30914
30915
30918
30919

James Lay
30920

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, bad-traffic, blacklist, browser-firefox, browser-plugins, browser-webkit, exploit, exploit-kit, file-executable, file-image, file-office, file-other, malware-cnc, pua-adware, server-other and web-client rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 6, 2014

Sourcefire VRT Certified Snort Rules Update for 05/06/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/06/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 5 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-office and malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 1, 2014

OpenAppId Webinar has been posted!

All,

Earlier today we held a Webinar highlighting our new OpenAppId feature in the Snort 2.9.7.0 alpha release.  There were many good questions asked and answered.

The slides and the recording of the presentation is here:
http://www.snort.org/community/snort-webcast-series/

Check it out!  Thanks.

Sourcefire VRT Certified Snort Rules Update for 05/01/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/01/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 5 new rules and made modifications to 0 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added multiple rules in the browser-ie rule set to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!