Snort mailing list archives

Re: CVE vs VRT Rules

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 25 Jun 2013 12:11:49 -0400

On 6/24/2013 23:33, Bandekar, Ravi wrote:

Hi

So If I give you something like the below to add to the VRT rules, are you able
to create the custom rules, so we can add it to our environment?

CVE ID CVE-2013-1178
CVE ID CVE-2013-1179
CVE ID CVE-2013-1180


someone /might/ be able to but if you have actual traffic concerning those 
rules, you should also be able to grab packet captures (pcaps) of that traffic 
and create the necessary rules yourself...

that's one of the nice features of snort and its rules... if you don't have a 
rule for what you want to detect, you can create it yourself... you may also 
share your self-created rules with others if you desire...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

CVE vs VRT Rules Bandekar, Ravi (Jun 24)
- Re: CVE vs VRT Rules JJ Cummings (Jun 24)
  - Re: CVE vs VRT Rules Bandekar, Ravi (Jun 24)
    - Re: CVE vs VRT Rules JJ Cummings (Jun 24)
    - Re: CVE vs VRT Rules Bandekar, Ravi (Jun 24)
    - Re: CVE vs VRT Rules waldo kitty (Jun 25)
- Re: CVE vs VRT Rules Joel Esler (Jun 25)