Snort mailing list archives
Re: CVE vs VRT Rules
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 25 Jun 2013 12:11:49 -0400
On 6/24/2013 23:33, Bandekar, Ravi wrote:
Hi So If I give you something like the below to add to the VRT rules, are you able to create the custom rules, so we can add it to our environment? CVE ID CVE-2013-1178 CVE ID CVE-2013-1179 CVE ID CVE-2013-1180
someone /might/ be able to but if you have actual traffic concerning those rules, you should also be able to grab packet captures (pcaps) of that traffic and create the necessary rules yourself... that's one of the nice features of snort and its rules... if you don't have a rule for what you want to detect, you can create it yourself... you may also share your self-created rules with others if you desire... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- CVE vs VRT Rules Bandekar, Ravi (Jun 24)
- Re: CVE vs VRT Rules JJ Cummings (Jun 24)
- Re: CVE vs VRT Rules Bandekar, Ravi (Jun 24)
- Re: CVE vs VRT Rules JJ Cummings (Jun 24)
- Re: CVE vs VRT Rules Bandekar, Ravi (Jun 24)
- Re: CVE vs VRT Rules waldo kitty (Jun 25)
- Re: CVE vs VRT Rules Bandekar, Ravi (Jun 24)
- Re: CVE vs VRT Rules JJ Cummings (Jun 24)