Thursday, December 22, 2016

Snort Subscriber Rule Set Update for 12/22/2016

Just released:
Snort Subscriber Rule Set Update for 12/22/2016

We welcome the introduction of the newest rule release from Talos. In this release we introduced 11 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, exploit-kit, file-flash, malware-cnc, os-windows, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at Make sure and stay up to date to catch the most emerging threats!

1 comment:

  1. I've some problem while updating Snort rules using pulledpork.My OS is CentOS7 and using snort with pulledpork 0.7.3.When i tried to update with this command
    ([root@localhost snort]# -vv -c pulledpork.conf -T -l), the output show below,
    _____ ____
    `----,\ )
    `--==\\ / PulledPork v0.7.3 - Making signature updates great again!
    .-~~~~-.Y|\\_ Copyright (C) 2009-2016 JJ Cummings
    @_/ / 66\_
    | \ \ _(")
    \ /-| ||'--' Rules give me wings!
    \_\ \_\\

    Config File Variable Debug pulledpork.conf
    snort_path = /usr/local/bin/snort
    enablesid = /etc/snort/enablesid.conf
    black_list = /etc/snort/rules/blacklist.rules
    modifysid = /etc/snort/modifysid.conf
    IPRVersion = /usr/local/etc/snort/rules/iplists
    rule_path = /etc/snort/rules/snort.rules
    ignore = deleted.rules,experimental.rules,local.rules
    snort_control = /usr/local/bin/snort_control
    rule_url = ARRAY(0x14b8198)
    snort_version =
    sid_msg_version = 1
    sid_changelog = /var/log/sid_changes.log
    sid_msg = /etc/snort/
    ips_policy = security
    config_path = /etc/snort/snort.conf
    sostub_path = /etc/snort/rules/so_rules
    temp_path = /tmp
    distro = Centos-7-6
    version = 0.7.3
    sorule_path = /usr/local/lib/snort_dynamicrules/
    disablesid = /etc/snort/disablesid.conf
    dropsid = /etc/snort/dropsid.conf
    out_path = /etc/snort/rules/
    local_rules = /etc/snort/rules/local.rules
    MISC (CLI and Autovar) Variable Debug:
    arch Def is: x86-64
    Operating System is: linux
    CA Certificate File is: OS Default
    Config Path is: pulledpork.conf
    Distro Def is: Centos-7-6
    security policy specified
    local.rules path is: /etc/snort/rules/local.rules
    Rules file is: /etc/snort/rules/snort.rules
    Path to disablesid file: /etc/snort/disablesid.conf
    Path to dropsid file: /etc/snort/dropsid.conf
    Path to enablesid file: /etc/snort/enablesid.conf
    Path to modifysid file: /etc/snort/modifysid.conf
    sid changes will be logged to: /var/log/sid_changes.log Output Path is: /etc/snort/
    Snort Version is:
    Snort Config File: /etc/snort/snort.conf
    Snort Path is: /usr/local/bin/snort
    Logging Flag is Set
    Text Rules only Flag is Set
    Extra Verbose Flag is Set
    Verbose Flag is Set
    File(s) to ignore = deleted.rules,experimental.rules,local.rules
    Base URL is:|snortrules-snapshot-2990.tar.gz|81689cd17e13e5850a5a7a0304b11d0644619f2d|community-rules.tar.gz|Community|IPBLACKLIST|open|opensource.tar.gz|Opensource
    Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
    Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5
    ** GET ==> 403 Forbidden
    A 403 error occurred, please wait for the 15 minute timeout
    to expire before trying again or specify the -n runtime switch
    You may also wish to verify your oinkcode, tarball name, and other configuration options
    Error 403 when fetching at /usr/local/bin/ line 534.
    main::md5file('81689cd17e13e5850a5a7a0304b11d0644619f2d', 'snortrules-snapshot-2990.tar.gz', '/tmp/', '') called at /usr/local/bin/ line 2006
    Gave me some Suggestion Please. Have a great time to u all .