Snort mailing list archives
Re: New snort rule lookup
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Mar 2005 15:44:45 -0600
On Mon, 2005-03-28 at 16:06 -0500, John Hally wrote:
I noticed that the new rule lookup doesn't have the actual rule syntax included as it did before. Was this planned? I found that helped a LOT when trying to determine if the alert was malicious or not.
Heya John! My guess would be that the web site is not able to distinguish between the GPL rules and the VRT rules. Thus the web site does not display the actual rules anymore. As you recall, you have to sign up for the VRT rules. That said, "grep 'sid:1234567' *.rules" works just as well. Just take a look at the Snort rule themselves. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- New snort rule lookup John Hally (Mar 28)
- Re: New snort rule lookup Frank Knobbe (Mar 28)
- Re: New snort rule lookup Brian (Mar 28)
- <Possible follow-ups>
- RE: New snort rule lookup John Hally (Mar 28)
- Re: New snort rule lookup Frank Knobbe (Mar 28)