Snort mailing list archives
Re: Some notes about today's VRT Rule release for 02/09/2012
From: Miso Patel <miso.patel () gmail com>
Date: Thu, 9 Feb 2012 16:40:48 -0600
Thank you Joel. Actually I was hoping to have the information in the email itself. Sorry to not be clear on that. I figure if I already get an email then I don't need to go to a web page. Although but apparently I do. What ends up happening is I have to go digging thru multiple web pages since after the first web page, I has to access more URIs since the details on what was updated is not there either on the first page. SO you have email -> web page -> (repeat the web page step as long as you can take it and maybe get lucky) -> real info. If you want to do email alerts, put the info there. Non one wants to slug thru many web pages or blogs or twitters or whatever you kids do these days ... it will make you blind. THANKS. Miso, CISO VmlqYXksIGlmIEpvZWwncyByZXNwb25zZSBpcyBsZXNzIHRoYW4gMyBzZW50YW5jZXMsIHlvdSBvd24gbWUgbHVuY2ggYW5kIGEgZGF0YSB3aXRoIHlvdXIgc2lzdGVyIEJpbnN3YWxhLg== On Thu, Feb 9, 2012 at 4:20 PM, Joel Esler <jesler () sourcefire com> wrote:
The changes for each release are posted here: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-02-09.html All you have to do, technically, is change the date, this the page that I link from the blog entires. All the changelogs are found here: http://www.snort.org/vrt I don't think we need to publish a further detail of the update within the rule package itself. J On Thu, Feb 9, 2012 at 4:23 PM, Miso Patel <miso.patel () gmail com> wrote:It it possible to have the "VRT" rule updates actually contain a synopsis of what was updated so people don't have to wade thru multiple web pages just to see them? Thanks!1 Miso, CISO On Thu, Feb 9, 2012 at 2:58 PM, Joel Esler <jesler () sourcefire com> wrote:*VRT Rule release for 02/09/2012* Join us as we welcome the introduction of the newest rule release for today<http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-02-09.html>from the VRT. In this release we introduced 10 new rules and made modifications to *4172* additional rules. There were no changes made to the snort.conf in this release. Today, we leveled the playing field between the various ways to get Snort rules. It has long been the case where Sourcefire products, by default, enabled rules in the balanced-ips policy. When you use PulledPork (http://code.google.com/p/pulledpork/), this is also the default behavior. But when you simply downloaded the rules from Snort.org, the rules were a hodge podge of rules that were enabled or disabled, denoted by whether or not the rule was commented out in the rules file. In an effort to make the barrier to entry that much easier, the Open Source rule package downloaded on snort.org now exactly mirrors what you would get if you used PulledPork. All rules in balanced-ips are enabled and all rules not in balanced-ips are disabled. The exception to this is that rules that set flowbits that are used by rules that are in balanced-ips are also enabled. This means that the default Open Source ruleset will now provide a good balance between speed, performance, and detection and all rules should work as expected. Those using Oinkmaster, or simply downloading the ruleset directly, will now be running the "balanced-ips" policy. A rule's "on/off" state is now dictated by policy. This change is in no way an indication that PulledPork is not the recommended way to manage your Open Source ruleset. PulledPork also tracks your own custom policy tailored to your environment and provides other benefits. If you want to use the security-ips policy, you may go through and enable these rules by default, or choose the easy way and use PulledPork to manage this for you. So, use PulledPork if you aren't already! In VRT's rule release: Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the attack-responses, backdoor, bad-traffic, blacklist, botnet-cnc, chat, dns, dos, exploit, file-identify, finger, icmp, icmp-info, imap, misc, multimedia, netbios, nntp, oracle, p2p, password, policy, pop3, rpc, rservices, scada, scan, shellcode, smtp, specific-threats, spyware-put, sql, username, voip, web-activex, web-cgi, web-client, web-iis, web-misc and x11 rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now <http://www.snort.org/vrt/buy-a-subscription/>to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats! -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)