Tuesday, June 30, 2020

Snort rule update for June 30, 2020

This morning, Cisco Talos released the latest rule update for SNORTⓇ.

The latest release includes 18 new rules, four modified rules and six new shared object rules.

Today's release provides new coverage for the Zeus malware, which recently expanded with a new loader. There are also several new rules providing protection against the well-known Valak malware.

Tuesday, June 23, 2020

Snort rule update for June 23, 2020

This morning, Cisco Talos released the latest rule update for SNORTⓇ.

The latest release includes 15 new rules and one modified rule.

Today's release provides new coverage for the IndigoDrop malware, which Talos recently discovered and reported on. For more information on this threat, which is spreading Cobalt Strike beacons, read the full Talos blog here.

Tuesday, June 16, 2020

Snort rule update for June 16, 2020

This morning, Cisco Talos released the latest rule update for SNORTⓇ.

The latest release includes 10 new rules, 16 modified rules and eight new shared object rules.

Today's release provides new coverage for several different malware families, including the Agent adware, Nanocore RAT and Tinba dropper.

Updates to Snort guides for CentOS, rule writing in 3

Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3.

Thanks to community member Yaser for providing the updates.

The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization section.

The Rules Writing guide has new syntax comparisons for various file_type detection for various Snort versions, as well as a comparison of app ID.

As always, you can view all of our guides on the Snort Documentation page.