snort-sigs December 2010 archive
Main Archive Page > Month Archives  > snort-sigs archives
snort-sigs: Re: [Snort-sigs] Rule Migration Cheat Sheet?

Re: [Snort-sigs] Rule Migration Cheat Sheet?

From: Crook, Parker <Parker_Crook_at_nospam>
Date: Wed Dec 22 2010 - 17:12:11 GMT
To: 'Joel Esler' <jesler@sourcefire.com>, "Hayes, Bert (ISO)" <bhayes@infosec.utexas.edu>

> There are several new keywords (file_data, byte_extract, http_*) We don't
> have a specific conversion cheat sheet, as the old rule options still work
> fine, the new rule options just allow for clarification of functionality and
> a more specific and efficient rule writing process.
>
> That being said, I know a lot of you want to get your rules updated to Snort
> 2.9 format, I am just swamped, and I know I won't get to it until late
> January. If anyone from the community wants to write a cheat sheet document,
> we'll review it, I'll put it on the blog, snort.org, and I'll give you a free
> VRT rule subscription for a year.
>
> Takers?

I've had 2.9 setup in the lab for a while and haven't made the push in production yet for this very reason. I suppose I can take the plunge and start working on it and I will document my findings. I'll get started on this but I'm not sure how long it will take.

-Parker

------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months. Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs