Snort mailing list archives
Re: [Snort-sigs] Introduction to Shared Object Rules blog post
From: Matt Olney <molney () sourcefire com>
Date: Thu, 4 Feb 2010 18:30:30 -0500
One of the reasons Patrick and I have been so quiet here and on the blog is we've been busting our asses on the SO stuff. We have some things coming up to get folks to the point where they can use the SO rules and hopefully we'll have some SO tools that you guys might think are useful. Get your head wrapped around this, and we'll have more goodies coming up. We're both really excited about detailing out this under-utilized feature in Snort. matt On Thu, Feb 4, 2010 at 5:48 PM, Patrick Mullen <pmullen () sourcefire com> wrote:
All, I would like to direct your attention to a blog post that just went up that gives an introduction to shared object rules development and the snort text rule to shared object rule converter that is available on the VRT Labs site (http://labs.snort.org) -- http://vrt-sourcefire.blogspot.com/2010/02/introduction-to-shared-object-rules.html Please give it a read and let me know what you think. It's the first in a series that is intended to finally provide some documentation around SO rules, but as the post states this is an introduction that simply goes ahead and puts the idea out there and leaves a lot of interpretation to the reader. My hope is that it spurs discussion, so please feel free to comment on the blog, on the list, or to me personally. Questions about why something was done a particular way or why something was done (or not done) are welcomed and appreciated. Thanks! ~Patrick ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Introduction to Shared Object Rules blog post Patrick Mullen (Feb 04)
- Re: [Snort-sigs] Introduction to Shared Object Rules blog post Matt Olney (Feb 04)
- Re: Introduction to Shared Object Rules blog post Guise McAllaster (Feb 05)
- Re: [Snort-sigs] Introduction to Shared Object Rules blog post Patrick Mullen (Feb 08)
- Re: Introduction to Shared Object Rules blog post Guise McAllaster (Feb 05)
- Re: [Snort-sigs] Introduction to Shared Object Rules blog post Matt Olney (Feb 04)