Thursday, December 22, 2016

Snort Subscriber Rule Set Update for 12/22/2016

Just released:
Snort Subscriber Rule Set Update for 12/22/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 11 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the blacklist, exploit-kit, file-flash, malware-cnc, os-windows, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

1 comment:

  1. I've some problem while updating Snort rules using pulledpork.My OS is CentOS7 and using snort 2.9.9.0 with pulledpork 0.7.3.When i tried to update with this command
    ([root@localhost snort]# pulledpork.pl -vv -c pulledpork.conf -T -l), the output show below,
    https://github.com/shirkdog/pulledpork
    _____ ____
    `----,\ )
    `--==\\ / PulledPork v0.7.3 - Making signature updates great again!
    `--==\\/
    .-~~~~-.Y|\\_ Copyright (C) 2009-2016 JJ Cummings
    @_/ / 66\_ cummingsj@gmail.com
    | \ \ _(")
    \ /-| ||'--' Rules give me wings!
    \_\ \_\\
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Config File Variable Debug pulledpork.conf
    snort_path = /usr/local/bin/snort
    enablesid = /etc/snort/enablesid.conf
    black_list = /etc/snort/rules/blacklist.rules
    modifysid = /etc/snort/modifysid.conf
    IPRVersion = /usr/local/etc/snort/rules/iplists
    rule_path = /etc/snort/rules/snort.rules
    ignore = deleted.rules,experimental.rules,local.rules
    snort_control = /usr/local/bin/snort_control
    rule_url = ARRAY(0x14b8198)
    snort_version = 2.9.9.0
    sid_msg_version = 1
    sid_changelog = /var/log/sid_changes.log
    sid_msg = /etc/snort/sid-msg.map
    ips_policy = security
    config_path = /etc/snort/snort.conf
    sostub_path = /etc/snort/rules/so_rules
    temp_path = /tmp
    distro = Centos-7-6
    version = 0.7.3
    sorule_path = /usr/local/lib/snort_dynamicrules/
    disablesid = /etc/snort/disablesid.conf
    dropsid = /etc/snort/dropsid.conf
    out_path = /etc/snort/rules/
    local_rules = /etc/snort/rules/local.rules
    MISC (CLI and Autovar) Variable Debug:
    arch Def is: x86-64
    Operating System is: linux
    CA Certificate File is: OS Default
    Config Path is: pulledpork.conf
    Distro Def is: Centos-7-6
    security policy specified
    local.rules path is: /etc/snort/rules/local.rules
    Rules file is: /etc/snort/rules/snort.rules
    Path to disablesid file: /etc/snort/disablesid.conf
    Path to dropsid file: /etc/snort/dropsid.conf
    Path to enablesid file: /etc/snort/enablesid.conf
    Path to modifysid file: /etc/snort/modifysid.conf
    sid changes will be logged to: /var/log/sid_changes.log
    sid-msg.map Output Path is: /etc/snort/sid-msg.map
    Snort Version is: 2.9.9.0
    Snort Config File: /etc/snort/snort.conf
    Snort Path is: /usr/local/bin/snort
    Logging Flag is Set
    Text Rules only Flag is Set
    Extra Verbose Flag is Set
    Verbose Flag is Set
    File(s) to ignore = deleted.rules,experimental.rules,local.rules
    Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot-2990.tar.gz|81689cd17e13e5850a5a7a0304b11d0644619f2d https://snort.org/downloads/community/|community-rules.tar.gz|Community http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open https://snort.org/downloads/community/|opensource.tar.gz|Opensource
    Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
    Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5
    ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5/81689cd17e13e5850a5a7a0304b11d0644619f2d ==> 403 Forbidden
    A 403 error occurred, please wait for the 15 minute timeout
    to expire before trying again or specify the -n runtime switch
    You may also wish to verify your oinkcode, tarball name, and other configuration options
    Error 403 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 534.
    main::md5file('81689cd17e13e5850a5a7a0304b11d0644619f2d', 'snortrules-snapshot-2990.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 2006
    Gave me some Suggestion Please. Have a great time to u all .

    ReplyDelete