Monday, August 26, 2024

Upcoming changes to the Snort.org Sample IP Blocklist

We will be making some changes to the Snort Sample IP Block List on Sept. 26, 2024. 

The Snort Sample IP Blocklist has been a steady component of our open-source Snort community since its launch. It was originally provided so the community could test the functionality of their Snort installation, and it was never intended to be users’ sole source of IP blocking. 

The Snort Sample IP Block List is a list of suggested IPs to block based on other open-source IP block lists. Over the last several years, we have seen an increasing number of users relying on the Snort Sample IP Blocklist as their primary source of IP Blocking, which may be leading to a false sense of protection from threats.    

To ensure the intention and legal usage of this blocklist is clear to all our users, we will be enabling a “click-to-accept” terms and conditions box for users to access the Snort Sample IP Blocklist hosted on Snort.org.  

This change will outline the legal terms and conditions for use of the blocklist, which clearly documents the intended use of the data. 

We will continue to update the Snort Sample IP Blocklist on Snort.org regularly and provide it free to all users, to ensure that Snort is functioning as intended.  After Sept. 26, 2024, access to the list will require users to click to accept the terms and conditions. 

 
If you have any questions, feel free to reach out to us via:snort-users@lists.snort.org 
 
Or join our Discord https://discord.gg/Pj3usE9CZ7

Monday, August 5, 2024

Watch: SnortML Training video

We recently launched SnortML – our new machine learning exploit detection engine designed to detect novel attacks fitting known vulnerability types.  

Now, we have released a SnortML training video featuring Cisco Talos security researcher (and SnortML developer) Brandon Stultz. This video covers how SnortML addresses the zero-day problem, the vulnerability classes it is currently trained on, and a dive into neural networks.  

The training concludes a model development lab where you will see Brandon create a new model to detect a SQL injection attack. 


We hope you enjoy this training and are able to develop a good understanding of SnortML’s capabilities. We look forward to hearing your use cases for the models you create based on SnortML. 

You can find the SnortML and LibML code on GitHub. You can also join the conversation on our Discord or on the Snort users mailing list if you have any questions or feedback.