Tuesday, March 10, 2020

Snort rule update for March 10, 2020 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 22 new rules, four modified rules and one new shared object rule.

Thursday, March 5, 2020

Snort rule update for March 5, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains eight new rules, 10 new shared object rules and 292 modified rules.

This rule set primarily covers a series of vulnerabilities Cisco disclosed earlier this week in Webex Player and Webex Network Recording Player. While Cisco has already released updates for these bugs, Snort rules 53384 - 53392 provide an additional layer of protection by preventing adversaries from corrupting memory on affected devices.

Tuesday, March 3, 2020

Snort rule update for March 3, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains nine new rules and two modified rules.

This latest update primarily supplies new rules to protect against the newly discovered Mozart malware. The backdoor uses DNS to communicate with its creators and evade detection. Rules 53364 - 53373 prevent Mozart from connecting to a command and control server and downloading malicious PDFs.

Thursday, February 27, 2020

Snort rule update for Feb. 27, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains nine new rules and two modified rules.

This release primarily focuses on a new variant of Emotet. The longstanding malware has evolved to spread over WiFi connections. These new rules prevent that variant from being downloaded on your machine.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Wednesday, February 26, 2020

Snort rule update for Feb. 26, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 82 new rules and eight modified rules.

This release primarily provides new coverage for two malware families: Zeroll and NetWire — the latter of which was recently associated with tax-theme spam campaigns and malicious IMG files.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Tuesday, February 25, 2020

Snort rule update for Feb. 25, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 57 new rules, 12 modified rules, and 10 new shared object rules.

This rule update provides several new rules for variants in the longstanding Netwire and AZORult malware families.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Monday, February 24, 2020

Learn Snort: Back to basics videos and labs


Snort is happy to launch a new (free!) video training series created by Cisco Talos covering the basic operation of Snort 2 and Snort 3. Currently available topics include installation and configuration, packet capture and logging and rule writing. Users of both Snort 2.9x and Snort 3 can use the included labs to acquire the basic skills and information for quick and easy setup of Snort and start inspecting traffic immediately.

The series is available on the newly revamped Snort Resources page, where you will also find Snort documentation, white papers, and additional tutorials and guides. Currently, the following topics covered in the “Snort 101” videos are:

  • Snort Overview - Snort 101
  • Snort 2 - Install and Config (with labs)
  • Snort 2 - Introduction to Rule Writing
  • Snort 3 - Install and Config (with labs)
  • Snort 3 - Writing Rules (with labs)
  • Snort 3 - Logging (with labs)

The training videos and labs can also be found in a playlist on the Talos YouTube channel, and on the new Resources page here.

Thursday, February 20, 2020

Snort rule update for Feb. 20, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 46 new rules and nine new shared object rules.

This rule update provides several new protections against malware we're calling "ObliqueRAT." We will be publishing details about this RAT on the Talos blog later today.

Tuesday, February 18, 2020

Snort rule update for Feb. 18, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 33 new rules, six new shared object rules and eight modified rules.

This rule update provides protection against a major new wave of malware that reportedly targeted a U.S. federal agency. Attackers are using the Syscon backdoor along with a variant of the Carrotbat malware to install malicious downloaders on victim's machines. New rules 53129 - 53144 perform various actions to prevent this malware from infecting victims and downloading any additional payloads.

Tuesday, February 11, 2020

Snort rule update for Feb. 11, 2020: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 34 new rules, 10 modified rules, three modified shared object rules and 11 new shared object rules.

Tuesday, February 4, 2020

Snort rule update for Feb. 4, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 14 new rules, 12 modified rules, 15 new shared object rules and two modified shared object rules.

This rule update provides protection against two major malware families recently discovered. Rules 53026 - 53030 provide coverage for the NetWire RAT, which disguises itself as a fake email from a legitimate business. 53023 - 53025 also covers a variant of the Ako ransomware.

Thursday, January 30, 2020

Snort rule update for Jan. 30, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 13 new rules, 19 modified rules and eight new shared object rules.

This rule update provides coverage for several vulnerabilities disclosed this week in some Cisco Small Business Switches, along with protection against a new variant of the HyperBro backdoor.

Wednesday, January 22, 2020

Snort rule update for Jan. 22, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains seven new rules, six modified rules and 16 new shared object rules.

This rule update primarily covers a series of vulnerabilities Cisco disclosed in several of its products, including Firepower Management Center, Smart Software Manager and the IOS XR software.

Area Under Construction: Snort documentation is getting a facelift


By Kri Dontje.

Changes will be popping up all over Snort.org to bring better support to every aspect of the Snort user experience. What sort of new things are coming?

  • Added context information and a new look for Snort rule documentation.
  • Reorganized and updated documentation.
  • Elasticsearch.
  • A surprise of the multi-media variety!

As these changes go into effect, Snort.org may experience growing pains. In particular, the search function will be limited for a few days during the change-over. Pardon the inconvenience over the next week or so while we change the Elasticsearch indexes.

After our updates are complete, we’ll keep you posted about the new features and go over where to find them.

Thursday, January 16, 2020

Snort rule update for Jan. 16, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 12 new rules, two modified shared object rules and 103 modified rules.

The latest rule update provides new coverage for several different malware families, including Whiteshadow, the Remcos botnet and a variant of the AgentTesla malware.

Tuesday, January 14, 2020

Snort rule update for Jan. 14, 2020: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 22 new rules and five modified rules.

Thursday, January 9, 2020

Snort rule update for Jan. 9, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 26 new rules, six modified rules and five new shared object rules.

The latest rule update provides several new protections against the ZeroCleare malware, a data-wiping attack recently deployed on an oil refinery in the Middle East. There is also new coverage for a variant of the Mirai botnet.

Tuesday, January 7, 2020

Snort rule update for Jan. 7, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains two new rules, both of which provide protection against the Xpert remote access tool.

Monday, January 6, 2020

Snort 2.9.15.1 has been released

We just released Snort minor bug update, version 2.9.15.1.  Take a look at the release notes below for more information:

2019-12-15 - Snort 2.9.15.1

New Additions
  • Added support for glibc version 2.30.
Improvements/Fix
  • Fixed Snort core seen during SSL re-configuration.
  • Fixed file access issues on files from SMB share.
Special thanks for this release go out to David Binderman for the reporting of an issue.

As always, feedback on this release and any other release may be sent to the Snort mailing lists.

You may download this latest version of Snort from our downloads site.