Tuesday, October 18, 2011

The VRT is looking for more good test environments.

Over the years we have developed a large rule test environment, both internally at Sourcefire and externally with test sensors and customer networks. We are looking to expand this trusted group of Snort rule contributors. When we have a rule we'd like to deploy "in the wild" we will send these rules into these environments. We're looking to expand this group another 20 or so.

This group needs to have a large variety of things on the network.  Servers, clients, Windows, Macs, Linux, malware, the works. .EDU, .MIL, .GOV, .COM. These need to be large environments with lots of diversity. The rules we send to you will be governed under the VRT license, and may or may not make it into the official VRT ruleset.

You will be required to sign a NDA with us in order to be a part of this group, because in addition, as an added benefit to being a member of this group, we’ll be giving you access to our blacklist IP ruleset. This ruleset used by the IP reputation preprocessor currently contains about 3 Million IPs, and will change by approximately 20,000 to 100,000 per day.

Information we'd need back from you:

  • Performance of the rule.
  • Detection of the rule (Is it false positive prone? Is it useful to you?)
  • The ability to grab full session packet captures of traffic, if needed.
  • The ability to provide the packet captures to us, of course, under the NDA.


As a reward, we will receive a free VRT subscription, Tshirts, calendars, and of course, access to the blacklist IP feed.

If you are interested, please respond back to me, personally, at jesler@sourcefire.com. Please do not respond to the list, to preserve your anonymity.