For many years, we have distributed a file called “opensource.gz," which contained the plaintext rule documents for each of our SNORTⓇ rules. Since the release of this document, our documentation has improved by leaps and bounds as a result of our most recent project led by our own Kri Dontje, you can read more about those improvements in our prior blog post.
Since our documentation is now more “living” and is released with every rule update, we’ve made the decision to no longer chew up the bandwidth to distribute opensource.gz, and instead point your browsers and tools to the official authority for Snort rule docs: Snort.org.
The format for rule documentation links is as follows. For example, https://snort.org/rule_docs/1-56720. Replacing the SID at the end of URL with the SID you are looking for will take you to the most updated document.
Tools available on the internet and integrators of our ruleset onto their boxes are encouraged to create these links to Snort.org directly from their interfaces as well.
We DO NOT encourage scraping the data, so please don’t set your “for loop’ed” cURL commands to iterate through the docs and download them — our system may block you. The docs are updated at least twice a week, so we want you to link to them to ensure you are getting the most updated version.
The latest version of PulledPork will no longer request the opensource.gz file, and future requests for opensource.gz will be met with a 422, 404 or 403 error.