Tuesday, April 13, 2021

Snort rule update for April 13, 2021 — Microsoft Patch Tuesday

 The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
11110

Thursday, April 8, 2021

New "Snort 3 and me" webinar series launches on April 20

Have you upgraded to Snort 3 yet? Want to learn how to transition?

With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems.

To help you make the switch, we're launching a new series of webinars with the help of the Snort product team and our friends across Cisco. 

To kick things off, Alex Tatistcheff, a technical marketing manager for Cisco, will be holding a presentation on Snort 3 on April 20 at 11 a.m. ET. Alex will address specific questions anyone has about Snort 3 and walk you through how to have a successful migration to Snort 3. You can register for this webinar here.

Alex is the author of the book "Essential Firepower: Your best practice guide to configuring Cisco's Next Generation Firewall" and is an expert on all things Snort.

Thursday, April 1, 2021

Snort rule update for April 1, 2021

The latest SNORTⓇ rule update is available this morning, courtesy of Cisco Talos.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
01632

Applications open now for Snort scholarship








Applications are now open for the $10,000 Snort scholarship. We encourage everyone who is eligible to apply here. We will be accepting applications through the end of the month.

After that, our hand-picked panel will look at the submissions and select two students to receive a $10,000 award each.

For more detailed instructions on how to apply, check out the video below.

Monday, March 29, 2021

Official EOL Notice for 2.9.15.0 and 2.9.16.0

Attention Snort User and Integrators:

This blog post serves as your official 90-day notice that we will be EOL'ing rule support for versions 2.9.15.0 and 2.9.16.0 as of 2021-06-21 or June 21, 2021.

As we release new versions of Snort, occasionally we have to decommission older versions, lowering our amount of maintenance to build the ruleset for these different versions.  We continually review the usage of versions, and try to strive to only keep the most actively used versions around.  There are several older Snort rule integrators that are using very old versions (2.9.8.3 for example), which is the reason those versions are still around.  However, we are actively working with these partners to move them to more current versions of Snort.

If you are using an older version of Snort, we encourage you to please start your upgrades to 2.9.17.1 or Snort 3.

Our next versions to EOL will be 2.9.16.1, 2.9.11.1, and 2.9.14.1, so we encourage users of those versions to start your upgrade planning now.

2.9.17.1 has been released!

 Join us as we are pleased to release a minor bug fix version of Snort 2.9.17.1!  Since all new development focus in on Snort 3, we encourage you to take a look.  

First, some release notes:

Snort 2.9.17.1

Improvements / Fix
  • Fixed wrong reference to configuration during
  • Fixed possible memleak in appid.
  • Fixed a race-condition in http preproc and IPS.
  • Fixed a race-condition in stream preproc.

As always this maintenance release of Snort 2.9.17.1 is available on our Snort downloads page.  For any questions, please feel free to visit our Snort-Users mailing list.

Thursday, March 25, 2021

Snort rule update for March 25, 2021

Cisco Talos released the newest rule update for SNORTⓇ this morning.

Thursday's release includes another new rule to protect against attacks from the Hafnium threat group that's been recently spotted exploiting zero-day vulnerabilities in Microsoft Exchange Server. 

There are also multiple rules to protect against the exploitation of several vulnerabilities Cisco recently disclosed in its IOS XE software. Cisco disclosed 15 vulnerabilities earlier this week, all of which are considered to be high-severity.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
16342

Video: Snort 3 roundtable discussion

To celebrate the release of Snort 3, we gathered up some of SNORTⓇ's most influential team members to talk about everything you could ever hope to know about this iteration of Snort.

We were lucky enough to pull in Marty Roesch, the creator of Snort, along with Patrick Mullen of Cisco Talos, Russ Combs of the Snort product development teams, and Joel Esler, the open-source and community manager. The four of them talked about all things Snort 3, going all the way to its initial inception almost 10 years ago.

They also discuss the benefits of upgrading to Snort 3, new tools and features you may have never heard of and other changes that could be coming in the future. Watch the full discussion below or over on the Talos YouTube page.

With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems. We encourage everyone to shift over to Snort 3 from any versions of Snort 2.  You can download the source from snort.org or pull it from GitHub

Thursday, March 18, 2021

Snort scholarship returning this year — here’s what you need to know

The SNORT® scholarship is back this year with a new application process and new benefits that will set this year’s winners up for a future career in cybersecurity (hopefully with Cisco Talos). 

We will start accepting applications starting April 1, through the end of the month. After that, our hand-picked panel will select two winners to award a $10,000 scholarship. 

To be eligible for the scholarship, you must have or be eligible to receive your high school diploma or an equivalent in 2021 as of the date Cisco receives your application. Each applicant must provide reasonable evidence to Cisco that you are seeking a degree in computer science, information technology, computer networking, cybersecurity or a similarly related field of study from a school located in the U.S. or a U.S. territory.  

Snort rule update for March 18, 2021 — Additional rules to protect against Hafnium attacks

The latest rule update for SNORTⓇ released early this morning via Cisco Talos.

This latest release provides several new rules to protect against attacks from the Hafnium state-sponsored actor. Microsoft first discovered this group a few weeks ago when it disclosed several zero-day vulnerabilities in the Exchange Server software. Hafnium reportedly exploited these vulnerabilities to steal emails, among other malicious actions.

These new rules prevent a web shell upload attempt commonly seen with Hafnium.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
111122