Snort mailing list archives
Re: Query regarding rule Sid 1-31705
From: "Raghunath Kulkarni (raghukul)" <raghukul () cisco com>
Date: Tue, 24 Nov 2015 12:24:58 +0000
Hi Joel, Yeah, a small description for such signatures which are self-explanatory but when the customer use these signatures as part of Sourcefire product and attempt to look at the signature description, it does not come across as intuitive from customer stand point. Raghu Kulkarni Technical Services Engineer - Security From: Joel Esler (jesler) Sent: Tuesday, November 24, 2015 5:48 PM To: Raghunath Kulkarni (raghukul) <raghukul () cisco com> Cc: Snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Query regarding rule Sid 1-31705 You mean you'd like to submit documentation back to us? -- Joel Esler Manager, Talos Group Sent from my iPhone On Nov 24, 2015, at 3:00 AM, Raghunath Kulkarni (raghukul) <raghukul () cisco com<mailto:raghukul () cisco com>> wrote: Hi Joel, Thanks for the update. I did check the page and what I was specifically looking for is if we have to add details into the fields such as IMPACT/Detailed Information what is the ideal way to do the same. Raghu Kulkarni Technical Services Engineer - Security Phone : +44 203 180 6867 Work Hours: Mon to Fri (8:00-16:00 CET/GMT+2) EU Technical Assistance Center hotline: +32 2 704 5555 From: Joel Esler (jesler) Sent: Monday, November 23, 2015 10:53 PM To: Raghunath Kulkarni (raghukul) <raghukul () cisco com<mailto:raghukul () cisco com>> Cc: Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> Subject: Re: [Snort-sigs] Query regarding rule Sid 1-31705 All the docs for almost all rules are listed on Snort.org<http://snort.org> if you search for the sid: https://snort.org/rule_docs/1-31705 However, that rule is pretty simple, it looks for a DNS lookup to mytransitguide.com<http://mytransitguide.com>, which is the domain used by the adware. -- Joel Esler Manager, Talos Group On Nov 23, 2015, at 8:18 AM, Raghunath Kulkarni (raghukul) <raghukul () cisco com<mailto:raghukul () cisco com>> wrote: Hi Team, This is in regards to the rule : Sid 1-31705, I was reading through the list of domains that are present under the rule as mentioned in additional references. However I would like to know if there is a possibility to update the detailed information section because when we download the rule in snort, we do not have the option to view the documentation associated with it. Let me know your thoughts on the same. Raghu Kulkarni Technical Services Engineer - Security ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 23)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 23)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 23)